Continuing technology developments and innovations are having significant impact on the way banks interact with their customers, suppliers and counterparties, and how they undertake their operations. Banks face the challenge of adapting, innovating and responding to the opportunities posed by computer systems, telecommunications, networks and other technology-related solutions to drive their businesses in an increasingly competitive domestic and global market.
The internet in particular offers major opportunities for banks to reach new markets and expand the range of products and services they provide to customers. The very accessibility and dynamism of the internet brings both benefits and risks.
As banks rely increasingly on information technology and the internet to operate their business and interact with the markets, their awareness and recognition of the magnitude and intensification of technology risks should correspondingly be more perceptive and discerning, both for individual banks and the financial industry as a whole. In this networked and market-driven environment, it is critical that banks have flexible, adaptable and responsive operating processes as well as sound and robust risk management systems.
The board of directors and management of a bank are responsible for managing its risks, including technology risks which are becoming more complex, dynamic and pervasive. The risk management process requires the board and management to review and appraise the cost-benefit issues on what and how much to invest in controls and security measures relating to computer systems, networks, data centres, operations and backup facilities.
CONTENTS
1.0 INTRODUCTION
2.0 RISK MANAGEMENT FRAMEWORK
- 2.1 RISK MANAGEMENT PROCESS
2.2 RISK IDENTIFICATION
2.3 RISK ASSESSMENT
2.4 RISK TREATMENT
3.0 TYPES OF INTERNET FINANCIAL SERVICES
- 3.1 INFORMATION SERVICE
3.2 INTERACTIVE INFORMATION EXCHANGE SERVICE
3.3 TRANSACTIONAL SERVICE
4.0 SECURITY AND CONTROL OBJECTIVES
- 4.1 DATA CONFIDENTIALITY
4.2 SYSTEM INTEGRITY
4.3 SYSTEM AVAILABILITY
4.4 CUSTOMER AND TRANSACTION AUTHENTICITY
4.5 CUSTOMER PROTECTION
5.0 SECURITY PRINCIPLES AND PRACTICES
- 5.1 HUMAN RESOURCE MANAGEMENT SECURITY PRACTICES
6.0 SYSTEM DEVELOPMENT AND TESTING
- 6.1 SYSTEM DEVELOPMENT LIFE CYCLE
6.2 SOURCE CODE REVIEW
7.0 RECOVERY AND BUSINESS CONTINUITY
8.0 OUTSOURCING MANAGEMENT,/b>
- 8.1 MANAGING OUTSOURCING RISKS
8.2 MONITORING OUTSOURCING ARRANGEMENTS
8.3 CONTINGENCY AND BUSINESS CONTINUITY PLANNING
9.0 DISTRIBUTED DENIAL OF SERVICE ATTACKS (DDOS)
- 9.1 DETECTING AND RESPONDING TO ATTACKS
9.2 SELECTION OF INTERNET SERVICE PROVIDERS
9.3 INCIDENT RESPONSE PLANNING
10.0 BANK DISCLOSURE
11.0 CUSTOMER EDUCATION
APPENDIX A: COUNTERING MAN-IN-THE-MIDDLE ATTACKS
APPENDIX B: SYSTEM SECURITY TESTING
APPLICABILITY OF THESE GUIDELINES
Download
PDF Ebook Internet Banking And Technology Risk Management Guidelines
