CONTENTS Foreword I-3 PART I MODULE I (TECHNOLOGY IN BANKS) 1 BANKING ENVIRONMENT AND TECHNOLOGY q Introduction 3 q Evolution of Banking Technology over the years 3 q DC : Data Centre, DR : Disaster Recovery (site) 4 q Core Banking 5 q Steps in the implementation of CBS 7 q Delivery Channels 9 q Core banking vis-à-vis standalone systems 10 q How to make effective use of a Core Banking Solutions (CBS) 11 q Conclusion 12 2 OVERVIEW OF PROCESSING INFRASTRUCTURE q Introduction 13 q IT Operation Processes 14 q Process Infrastructure 17 q RBI s Payment System Vision 18 q Various Payment and Settlement Systems 19 q Process changes with technology 22 q Conclusion 32 3 ACCOUNTING INFORMATION SYSTEM (AIS) q Introduction 33 q Software architecture of a modern AIS 34 I-11
I-12 CONTENTS q Advantages and implications of AIS 35 q How to effectively implement AIS 36 q Conclusion 38 4 INFORMATION ORGANISATION AND MANAGEMENT q Introduction 40 q The importance of management information system 41 q The information systems concept 43 q Management Information Systems (MIS) 44 q Difference between Data Warehouse & MIS 46 q Automated Data Flow (ADF) to the Regulator 49 5 RISKS ASSOCIATED WITH TECHNOLOGY IN BANKING q Introduction 51 q Risks Associated with Technology 52 q Board and Management Oversight 53 q Security Controls 53 q Legal and Reputational Risk Management 54 q The RBI guidelines 54 q Conclusion 58 6 AUDIT FUNCTION AND TECHNOLOGY q Introduction 59 q An audit Charter/Audit Policy 60 q The IS Audit Universe 61 MODULE II TECHNOLOGY - SYSTEM; DEVELOPMENT, PROCESS, IMPLEMENTATION 7 HARDWARE ARCHITECTURE q Types of Computer 67
CONTENTS I-13 8 SOFTWARE PLATFORMS q Operating systems 82 9 SYSTEM DEVELOPMENT LIFE CYCLE q Chapter synopsis 112 10 COMPUTER NETWORKS q Types of Networks Wide Area Networks (WAN), Local Area Networks (LAN), Metropolitan Area Network (MAN) 122 MODULE III (CONTINUITY OF BUSINESS) 11 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING 149 MODULE IV (OVERVIEW OF LEGAL FRAMEWORK) 12 ONLINE TRANSACTIONS - CONCEPTS, EMERGING TRENDS AND LEGAL IMPLICATIONS q Chapter Synopsis 239 q Chapter learning Goals 239 q Nature of Online Transactions 239 q Limitations of Traditional Money 240 q Electronic Money - What it means and its benefits 240 q Generic Features of E Money Models 243 q Regulatory Framework in Indian Scenario 243 q - Issuance of E-Money 244 - Minimum Prudential Requirements for Operations of E-money Scheme 246 Electronic Payments Infrastructure in our Country and Emerging Trends 247
I-14 CONTENTS q Institutional Electronic Funds Transfers & Settlements 251 q Paperless Credit & SITPRO Model of paperless Credit 255 PART II MODULE V (SECURITY AND CONTROLS, STANDARDS IN BANKING) 13 SECURITY q Information Technology Revolution 259 14 CONTROLS q Introduction 321 q IT Risks & Threats 321 q Countering IT related Risks & Threats 324 q Classification of Controls 325 q Application control frame work 326 q Objective of application system controls 326 q Areas of application controls 326 q Boundry controls 326 q Communication controls 327 q Processing Controls 327 q Database Controls 327 q Output controls 328 MODULE VI (SECURITY POLICIES, PROCEDURES AND CONTROLS) 15 DEVELOPMENT AND REVIEW OF SECURITY POLICIES AND CONTROL STANDARDS q Introduction 359 q Need for Information Security 359 q Computer Security Policy 361 q Policy, Standards, Guidelines and Procedures 361
CONTENTS I-15 q Key components of a Security Policy 362 q Monitoring Security 364 q Roles for Information Security in design, implementation and monitoring 364 16 COMPLIANCE AND INCIDENT HANDLING q Introduction 366 q Application Control and Security 367 q Application control and risk mitigation measures 368 q Compliance 369 17 NETWORK SECURITY q Introduction 374 q Firewalls 375 q Firewall Policy 376 q Intrusion Detection Systems (IDS) 377 q Network Intrusion Prevention Systems 379 q Quarantine 379 q DNS Placement 379 q Factors for improvement of the security of networks 380 MODULE VII (INFORMATION SECURITY AND IS AUDIT) 18 INFORMATION SECURITY q Introduction 385 19 IS AUDIT 452 CONTENTS OF CD* STANDARDS FOR INFORMATION SYSTEMS MANAGEMENT** THE INFORMATION TECHNOLOGY ACT, 2000** *Supplied free with this book. **See CD.
I-16 CONTENTS AMENDMENTS MADE IN OTHER STATUTES** OVERVIEW OF INTELLECTUAL PROPERTY RIGHTS** ISSUES IN TAXATION OF ELECTRONIC TRANSACTIONS** MANAGEMENT CONTROL FRAMEWORK** NETWORK COMPONENTS** **See CD.