looking beyond the obvious!! how secure is banks’ core data? prashant pande head professional...
TRANSCRIPT
Looking beyond the obvious!!
HOW SECURE IS BANKS’ CORE DATA?
Prashant PandeHead Professional Services
IDBI Intech Ltd
Looking beyond the obvious!!
NATURE of BANK’S DATA
Critical: Financial, Personal, Organisational Data
Privacy and Confidentiality
High Availability
Ease of Use & Operations
Archival & Retrieval if Data
Looking beyond the obvious!!
Ledgers and Registers ALPM and Branch Based Solutions Stand Alone Systems –Trade finance, Treasury etc. Multiple Applications in CBS Complex Networking Integrated Systems Backups of Diverse Systems Concentration of Resources
EVOLUTION of DATA IN CBS
Looking beyond the obvious!!
ATMs Internet Banking Mobile Banking Credit Cards, Currency Cards etc Insurance Companies Online Trading Ticket Vending
CHANNELS & STRATEGIC TIE UPS
Looking beyond the obvious!!
Core Banking SolutionCore Banking Solution
Consumer Banking
CASA
Term Deposit
Consumer Lending
Mortgages Bill Payment
Corporate Banking
Import Export Guarantee
Current/ Overdraft
Commercial Lending
Trade Financing
Wealth Management
Investor Services
Mutual Fund Insurance
Distribution
Equity & Bonds
Trading
Structured Products
Cash Management
Investor Services
Accounts Management Payments Collections
Allied Solutions
Regulatory Reporting
Risk Management
Payments Middleware
AML
Office A/Cs
Branch Call Center IVR Portal Internet Mobile Call Center Kiosk
Customer Delivery Channel
Looking beyond the obvious!!
SECURING DATA Infrastructure Set up
ITIL standards – Data Centre Level IIIDR SiteDR DrillsBCP
UsersNeed to know basisAccess rightsAuthentication
Looking beyond the obvious!!
Application Software Customer Relationship Management Transaction processing Product Definitions Reports – Regulatory, MIS, DSS Interfaces, Payment middleware
Database security SSL encryption IDS Barriers Firewalls Secure data with strong encryption
REORGANIZATION
Looking beyond the obvious!!
Channels Indirect Access to CBS Independent Systems Interdependent Systems Multiple Authentication
Outsourced Services Drafting and Monitoring of SLA’s Non Disclosure Clauses Meaningful Reports Review and Monitoring of Reports and Outputs
RISK MITIGATION
Looking beyond the obvious!!
Multiple servers
OS Hardening
Settings as per the Application Requirement
Physical Security
Surveillance Camera
Critical Applications in a Cluster
SECURITY MEASURES
Looking beyond the obvious!!
Network Security Intrusion Detection Systems Internal and External Firewalls Penetration Testing Monitoring Attacks Virus Protection and Constant Updates
User Profile Continuous Training Reviewing of the Access Rights Sub-dividing the Processes Use of Bio-metric Devices
Core Data Security
STRENGTHENING MEASURES
Looking beyond the obvious!!
Controls and Processes
Emerging Vulnerabilities
Perform Control Self Assessment
Integrity of Information Systems
Security Policy..
AUDITS & ASSURANCES
Looking beyond the obvious!!
Regulatory and Other Compliances
Effectiveness of Internal Controls.
Risk Management
Implementing International / Quality Standards…
ASSURANCE
Looking beyond the obvious!!
Thank You