Pin Me

Information Security for Banks

written by: Karishma Sundaram•edited by: Lamar Stonecypher•updated: 5/17/2010

Few organizations require information security as stringent as banks. A breach in a bank's security could lead to unthinkable losses for both the enterprise and its customers. This article looks at the importance of information security, and how it is implemented in banks.

  • slide 1 of 4

    Introduction

    Ever since the evolution of banking, there have always been a number of unscrupulous individuals who have tried to breach its defenses in order to gain access to valuables. In the course of time, the physical attacks have become slowly less necessary because banking has steadily gained an online presence.

    Formerly, it was impossible to authorize a transaction through a mobile phone using the Internet, however now that is more than possible – it is an extremely popular way of having transactions.

    As a result, security within financial institutions has shifted focus from physical to virtual measures. The most important component of a good financial IT security infrastructure is information security.

  • slide 2 of 4

    Facets of Information Security in Banks

    The best approach to adopt when implementing a security system within a bank is to create a one with multiple layers. Single layers prove to be inadequate safeguards as they are easily penetrated; and once penetrated, the system becomes vulnerable.

    The implementation of information security can vary across organizations, however in essence information security policies need to focus heavily on both people and technology. People include all the stakeholders of the bank, like shareholders, employees, and customers, as they are responsible for the safekeeping of banking information.

  • slide 3 of 4

    Risk Assessment

    The first step in the implementation of information security in a bank is to conduct a thorough and detailed risk analysis. This process will highlight the internal and external risk factors for information security and therefore present a clear picture of where measures should be put in place.

    Risk assessment is comprised of identification of various risks, analysis of these risks, and finally an assessment of existing security policies.

    Identification of risks is a complex, involved, and thorough process. It entails examining the infrastructure of the system minutely, and even going as far as viewing the system from an external standpoint to assess potential vulnerabilities.

    Once the identification is complete, the analysis of the risks quantifies the severity of the risks. This step allows the organization to dispose its data in various locations, in an effort to keep it as secure as possible.

    Lastly, a review of the existing security measures and policies is undertaken to ensure that they are up to date and adequate. Security policies need to be constantly reviewed and updated, as the potential attacks are always changing.

  • slide 4 of 4

    Security Manual

    It is vitally important to have a security policies and procedures manual for all employees- and even an information booklet for customers. As mentioned earlier, information security in banks is heavily dependent on its stakeholders. Having a manual with the policies will communicate them to the people involved. The manual will also serve to augment all information security training that employees receive during induction. In the case of unauthorized access, a manual serves to pinpoint which employee has access incongruent with their position in the company as well.