CONTENTS. Foreword I-3 PART I MODULE I (TECHNOLOGY IN BANKS) BANKING ENVIRONMENT AND TECHNOLOGY. q Introduction 33

Similar documents
University of Central Florida Class Specification Administrative and Professional. Information Security Officer

Supplier Security Assessment Questionnaire

Information security controls. Briefing for clients on Experian information security controls

HEALTH INSURANCE. IC 01 - PRINCIPLES OF INSURANCE (Revised Edition: 2011) Objectives

Certified Information Systems Auditor (CISA)

External Supplier Control Requirements

Guidance note on Outsourcing/Delegation of Functions and inward outsourcing

Security from a customer s perspective. Halogen s approach to security

The PNC Financial Services Group, Inc. Business Continuity Program

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

Polish Financial Supervision Authority. Guidelines

COMMUNIQUE. Information Technology (IT) Governance Guidance

Microsoft Design and Deploy Messaging Solutions with Microsoft Exchange Server 2010

Our Colorado region is offering a FREE Disaster Recovery Review promotional through June 30, 2009!

Introduction to Cyber Security / Information Security

Virginia Commonwealth University School of Medicine Information Security Standard

Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Information Security Services

Emergency Support Function (ESF) #5. Emergency Management

Coping with a major business disruption. Some practical advice

IT Service Continuity Management PinkVERIFY

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Risks in ERP implementation

An Introduction to. Business Continuity Planning

Information Governance Management Framework

NOS for Network Support (903)

What s happening in the area of E-security for the Financial Transactions in China

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business

JOB DESCRIPTION CONTRACTUAL POSITION

INFORMATION TECHNOLOGY SECURITY STANDARDS

Part 1 of Schedule 1 of IFSA

Release: 1. ICTNWK607 Design and implement wireless network security

Understanding changes to the Trust Services Principles for SOC 2 reporting

Operational Risk Publication Date: May Operational Risk... 3

(Instructor-led; 3 Days)

Operational Risk Management Policy

ICA60208 Advanced Diploma of Information Technology (Network Security)

Contents QUALIFICATIONS PACK - OCCUPATIONAL STANDARDS FOR TELECOM INDUSTRY. Introduction. Qualifications Pack- Telecom Network Security Technician

Internet Banking Internal Control Questionnaire

Security Controls What Works. Southside Virginia Community College: Security Awareness

ICAB5238B Build a highly secure firewall

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Our Commitment to Information Security

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

NERC CIP Compliance with Security Professional Services

Business Continuity Management Systems. Protecting for tomorrow by building resilience today

Network & Information Security Policy

Implementing Cisco IOS Network Security v2.0 (IINS)

SRA International Managed Information Systems Internal Audit Report

Migrating to the Cloud. Developing the right Cloud strategy and minimising migration risk with Logicalis Cloud Services

Information Security Incident Management Policy and Procedure

CISA TIMETABLE (4 DAYS)

APES 325 Risk Management for Firms

IT Security in Process Automation - Top Ten

Integrating Security into Your Corporate Infrastructure

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

Information Management Responsibilities and Accountability GUIDANCE September 2013 Version 1

Central Bank of India. Business Continuity Management Policy

11- INFORMATION TECHNOLOGY RMP SNAPSHOT WORKPROGRAM

The PNC Financial Services Group, Inc. Business Continuity Program

National Accreditation Board for Certification Bodies. Accreditation Criteria

I S O I E C I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

Information Security Policies. Version 6.1

Designing the Information System

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

24 th Year of Publication. A monthly publication from South Indian Bank. To kindle interest in economic affairs... To empower the student community...

SUPERVISORY AND REGULATORY GUIDELINES: PU BUSINESS CONTINUITY GUIDELINES

AfDB New Procurement Policy: Training Program for the Bank s Procurement Staff. Risk-based design of Procurement Arrangements - Introduction

COURSE 20410C: INSTALLING AND CONFIGURING WINDOWS SERVER 2012

Risk Management and Business Continuity Strategy.

Business Continuity Management

Technology and Cyber Resilience Benchmarking Report December 2013

De Nieuwe Code voor Informatiebeveiliging

Disaster Recovery Hosting Provider Selection Criteria

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

Requirements for Clearing & Settlement Systems

CDS and Clearing Limited Thapathali, Kathmandu 7 th Level (Technical) Syllabus

CHAPTER Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033

Business Architecture A Balance of Approaches to Implementation. Business Architecture Innovation Summit June 2013 Presenter: Andrew Sommers

CONTENTS. List of Tables List of Figures

WHITE PAPER. Mitigate BPO Security Issues

A risky business. Why you can t afford to gamble on the resilience of business-critical infrastructure

POLICY. 1) Business Continuity Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management

NHS Commissioning Board: Information governance policy

The Customer Database in a excel file which costs you several years of Business can be easily ed to any of your competitor

Communications Manager

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:

Information security due diligence

Security Requirements for Wireless Local Area Networks

Service provider strategies for mobile advertising: case studies

The Next Generation of Security Leaders

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Clearing and Settlement Procedures. New Zealand Clearing Limited. Clearing and Settlement Procedures

International Diploma in Risk Management Syllabus

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

Enterprise Security and Risk Management Office Risk Management Services. Risk Assessment Questionnaire. March 22, 2011 Revision 1.

Vendor Management. Outsourcing Technology Services

CESG Certification of Cyber Security Training Courses

ICANWK406A Install, configure and test network security

Transcription:

CONTENTS Foreword I-3 PART I MODULE I (TECHNOLOGY IN BANKS) 1 BANKING ENVIRONMENT AND TECHNOLOGY q Introduction 3 q Evolution of Banking Technology over the years 3 q DC : Data Centre, DR : Disaster Recovery (site) 4 q Core Banking 5 q Steps in the implementation of CBS 7 q Delivery Channels 9 q Core banking vis-à-vis standalone systems 10 q How to make effective use of a Core Banking Solutions (CBS) 11 q Conclusion 12 2 OVERVIEW OF PROCESSING INFRASTRUCTURE q Introduction 13 q IT Operation Processes 14 q Process Infrastructure 17 q RBI s Payment System Vision 18 q Various Payment and Settlement Systems 19 q Process changes with technology 22 q Conclusion 32 3 ACCOUNTING INFORMATION SYSTEM (AIS) q Introduction 33 q Software architecture of a modern AIS 34 I-11

I-12 CONTENTS q Advantages and implications of AIS 35 q How to effectively implement AIS 36 q Conclusion 38 4 INFORMATION ORGANISATION AND MANAGEMENT q Introduction 40 q The importance of management information system 41 q The information systems concept 43 q Management Information Systems (MIS) 44 q Difference between Data Warehouse & MIS 46 q Automated Data Flow (ADF) to the Regulator 49 5 RISKS ASSOCIATED WITH TECHNOLOGY IN BANKING q Introduction 51 q Risks Associated with Technology 52 q Board and Management Oversight 53 q Security Controls 53 q Legal and Reputational Risk Management 54 q The RBI guidelines 54 q Conclusion 58 6 AUDIT FUNCTION AND TECHNOLOGY q Introduction 59 q An audit Charter/Audit Policy 60 q The IS Audit Universe 61 MODULE II TECHNOLOGY - SYSTEM; DEVELOPMENT, PROCESS, IMPLEMENTATION 7 HARDWARE ARCHITECTURE q Types of Computer 67

CONTENTS I-13 8 SOFTWARE PLATFORMS q Operating systems 82 9 SYSTEM DEVELOPMENT LIFE CYCLE q Chapter synopsis 112 10 COMPUTER NETWORKS q Types of Networks Wide Area Networks (WAN), Local Area Networks (LAN), Metropolitan Area Network (MAN) 122 MODULE III (CONTINUITY OF BUSINESS) 11 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING 149 MODULE IV (OVERVIEW OF LEGAL FRAMEWORK) 12 ONLINE TRANSACTIONS - CONCEPTS, EMERGING TRENDS AND LEGAL IMPLICATIONS q Chapter Synopsis 239 q Chapter learning Goals 239 q Nature of Online Transactions 239 q Limitations of Traditional Money 240 q Electronic Money - What it means and its benefits 240 q Generic Features of E Money Models 243 q Regulatory Framework in Indian Scenario 243 q - Issuance of E-Money 244 - Minimum Prudential Requirements for Operations of E-money Scheme 246 Electronic Payments Infrastructure in our Country and Emerging Trends 247

I-14 CONTENTS q Institutional Electronic Funds Transfers & Settlements 251 q Paperless Credit & SITPRO Model of paperless Credit 255 PART II MODULE V (SECURITY AND CONTROLS, STANDARDS IN BANKING) 13 SECURITY q Information Technology Revolution 259 14 CONTROLS q Introduction 321 q IT Risks & Threats 321 q Countering IT related Risks & Threats 324 q Classification of Controls 325 q Application control frame work 326 q Objective of application system controls 326 q Areas of application controls 326 q Boundry controls 326 q Communication controls 327 q Processing Controls 327 q Database Controls 327 q Output controls 328 MODULE VI (SECURITY POLICIES, PROCEDURES AND CONTROLS) 15 DEVELOPMENT AND REVIEW OF SECURITY POLICIES AND CONTROL STANDARDS q Introduction 359 q Need for Information Security 359 q Computer Security Policy 361 q Policy, Standards, Guidelines and Procedures 361

CONTENTS I-15 q Key components of a Security Policy 362 q Monitoring Security 364 q Roles for Information Security in design, implementation and monitoring 364 16 COMPLIANCE AND INCIDENT HANDLING q Introduction 366 q Application Control and Security 367 q Application control and risk mitigation measures 368 q Compliance 369 17 NETWORK SECURITY q Introduction 374 q Firewalls 375 q Firewall Policy 376 q Intrusion Detection Systems (IDS) 377 q Network Intrusion Prevention Systems 379 q Quarantine 379 q DNS Placement 379 q Factors for improvement of the security of networks 380 MODULE VII (INFORMATION SECURITY AND IS AUDIT) 18 INFORMATION SECURITY q Introduction 385 19 IS AUDIT 452 CONTENTS OF CD* STANDARDS FOR INFORMATION SYSTEMS MANAGEMENT** THE INFORMATION TECHNOLOGY ACT, 2000** *Supplied free with this book. **See CD.

I-16 CONTENTS AMENDMENTS MADE IN OTHER STATUTES** OVERVIEW OF INTELLECTUAL PROPERTY RIGHTS** ISSUES IN TAXATION OF ELECTRONIC TRANSACTIONS** MANAGEMENT CONTROL FRAMEWORK** NETWORK COMPONENTS** **See CD.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information