IT Security Assessment of Service

Co-operative Banks

Besides, the IT framework should be security compliant. The framework here includes networks, databases, servers, applications and end-user systems among others.

Security Compliant

Periodic Reviews

Authorization

IT Security Assessment of Service Co-operative Banks

contact us

IT Infrastructure should be security compliant:

Besides, the IT framework should be security compliant. The framework here includes networks, databases, servers, applications and end-user systems among others. Periodic reviews of the security of the bank’s infrastructure and assets are a must to find out vulnerabilities and security loopholes. Appropriate actions need to be taken by the SCBs to fill the security loopholes and get rid of vulnerabilities.            

Banks are obviously a high-profile target. The data they gather about their customers – both individuals and businesses – is extremely valuable to hackers looking to carry out an easy phishing attack, for example. Because their data is so valuable, they have to be aware of the risks and ready to protect it.

 

The three most common insider threats are as follows:

  1. Modifying or stealing confidential or sensitive information for personal gain.
  2. Theft of trade secrets or customer identification to be used for business advantage
  3. Sabotage of an organization’s data, systems or network.

The following are the basic IT Security assessments that are performed in the banks :

 

The following are the basic IT Security assessments that are performed in the banks :

Inventory Management of Business IT Assets:  Maintaining an updated business and IT Asset Inventory register is a must for every SCB. It should have information about the details of every IT asset, its criticality and systems which contain customer information and classify it according to the sensitivity.

Preventing Access of Unauthorised Software: Every SCB should maintain an updated and if possible a centralized inventory of the authorized soft-ware. They should also have a mechanism in place to monitor and block the installation of unauthorized software. Even the web browser settings should be up-to-date, and internet usage should be restricted.

Network Management & Security: Perform a regular configuration check on all the network devices and change their passwords peri-odically with some complexity. Wireless networks, access points, wireless client access systems should also be secured.

 

Anti- Virus & Patch Management: There should be systems in place to monitor the status of the patches of servers, OS and software which the SCB officials are using. Even anti-virus management is a must and should be centralized.

 

Secure Mail & Messaging Systems: It is important to secure email and messaging systems. SCB’s vendors’& partners email and the messaging system should also be secured. Even the email sever specific controls should be implemented and well documented.

Removable Data: The use of removable devices should be prohibited in the banking domain unless authorized specifically. Even when authorized it should be scanned for malware, viruses and ensure erasure of data post use.