The Bank of Zambia Experience

Size: px

Start display at page:

Download "The Bank of Zambia Experience"

Shana Green
6 years ago
Views:

1 BANK of ZAMBIA Protea Safari Lodge 24 th 28 th August, 2008 The Bank of Zambia Experience Shamambo W Saasa Manager ICT Security & Quality Assurance Bank of Zambia

3 Policies Procedures Standards

4 FOCUS AREAS Align activities to Strategy Deliver Value Management Resource prudently Judiciously managing RISKS faced Measure Performance

5 Understand Associated Risks and Exploit IT IT benefits and find ways to to deal with: Alignment of of IT IT with Business Strategy Standard of of due Care IT IT enabling the Business Obtaining value from IT IT investments Providing organizational structures that facilitate the implementation of of strategy and goals Creating constructive relationships and effective communication between the business and IT, and with external partners Measuring IT s performance

6 Linkage to to Business Requirements Make performance against requirements transparent Organize activities into a generally accepted process model Identify major resources to to be be leveraged Defining the management control objectives for consideration Governance and Control Frameworks are becoming a part of of IT IT Management Good Practice and are an an Enabler for establishing IT IT Governance and Complying with Regulatory Requirements.

7 Structured Innovation & Change Competitiveness Survival Growth Cost Containment Changing technology User accessibility Business reliance on IT Adapting to changing business needs Business / IT alignment and fusion A commonly accepted, formal body of Knowledge Formal recognition by fellow Professionals Subscription to a code of ethics

8 Control Manage Measure

9 COBIT FRAMEWORK 4 Domains 34 IT Processes Activities Activities

10 COMPONENTS

11 Capacity Management Availability Management Service Level Management IT Financial Management IT Service Continuity BANK of ZAMBIA

12 PMBOK PROJECT MANAGEMENT ISO27002 aligned ICT SECURITY POLICY COBIT - GOVERNANCE ITIL SERVICE MANAGEMENT BANK of ZAMBIA

13 Temenos Banking operations Delivery Systems Business Intelligence Systems Administration RTGS Common Single Database EDMS BSA Human Resources Financials Vault Management Economic Analysis Procurement & Logistics CURRENT & PROJECTED SYSTEMS

Policies, Standards & Procedures ICT Security Policy COBIT

Services & Products Usability Vs Security Balance

Easy to Use Low Security Compromise Zone Security Difficult to

Software, Content & URL Filtering, OS Platform Management People

Physical Security - Babylon System Availability Response &

Patch Management Inform & Train Users Continuous Monitoring &

14 Policies, Standards & Procedures ICT Security Policy COBIT ISO/IEC Security Dilemma Need for Security Vs Need to provide Services & Products Usability Vs Security Balance Confidentiality Ease Of Use Low Security & Usability Compromise Easy to Use Low Security Compromise Zone Security Difficult to Use High Security High Prevention Firewalls, VPNs, Antivirus Software, Content & URL Filtering, OS Platform Management People Information Applications Infrastructure [..Data..] [..Business Objectives..] Access Control Directory Services - [MS Active Directory] Physical Security - Babylon System Availability Response & Remediation Antivirus (Threats) Management Network Management Patch Management Inform & Train Users Continuous Monitoring & Evaluation Reliability Effectiveness Efficiency Integrity Process Enhancement SDLC Project Management - PMBOK Service Delivery- ITIL Service Support - ITIL

ICT Security Implementation Some Areas Of Implementation Tools Implemented Underway - Implementation Anti-virus, Anti- Spam, Anti- Spyware Administration Logical Security

Kaspesky Email, AntiSpam Microsoft Active Directory Services Access Control Windows Server Update Services (WSUS) Patch Management WASP Asset Tracking & Management Babylon

15 ICT Security Implementation Some Areas Of Implementation Tools Implemented Underway - Implementation Anti-virus, Anti- Spam, Anti- Spyware Administration Logical Security Operating Systems, Applications Physical & Environmental Security Management Symantec Antivirus Enterprise Edition Servers, PCs, WebSense Internet Content & URL Filtering Kaspesky , AntiSpam Microsoft Active Directory Services Access Control Windows Server Update Services (WSUS) Patch Management WASP Asset Tracking & Management Babylon Access System Physical Security Symantec End Point Compliance Network Admission Control Data Encryption Data Centric Based Security Implementation Redundancy Business Continuity Management

16 PolicY driven approach to addresiing Regional Cybersecurity threats Guided by Standards Internal Quality Assurance Capacity with corporative External Assurance Template designs to assist COMESA member states Change in business approach on Cybersecurity matters COMESA REPSS System Re-alignment to ICT Security and ensure compliance by member states

18 Thank You Q&A

Changing face of endpoint security

Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L