Risk Management in Electronic Banking: Concepts and Best Practices

Similar documents
Certified Information Security Manager (CISM) Course Overview

Securing an IT. Governance, Risk. Management, and Audit

Checklist: Credit Union Information Security and Privacy Policies

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

ISO & ISO & ISO Cloud Documentation Toolkit

Contents CHAPTER 1 CHAPTER 2. Recommended Reading. Chapter-heads. Electronic Funds Transfer) Contents PAGE

FRAMEWORK MAPPING HITRUST CSF V9 TO ISO 27001/27002:2013. Visit us online at Flank.org to learn more.

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Advent IM Ltd ISO/IEC 27001:2013 vs

Data Classification, Security, and Privacy

Information Security Risk Strategies. By

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Altius IT Policy Collection Compliance and Standards Matrix

Global Statement of Business Continuity

COSO Enterprise Risk Management

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Code of practice for information security management

Altius IT Policy Collection Compliance and Standards Matrix

BOT Notification No (1 September 2017)-check

ISO/IEC Information technology Security techniques Code of practice for information security management

Red Flags/Identity Theft Prevention Policy: Purpose

COBIT 5 With COSO 2013

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

NYDFS Cybersecurity Regulations

ISO/IEC INTERNATIONAL STANDARD. Information technology Code of practice for information security management

<< Practice Test Demo - 2PassEasy >> Exam Questions CISM. Certified Information Security Manager.

Altius IT Policy Collection

Information Technology General Control Review

A New Cyber Defense Management Regulation. Ophir Zilbiger, CRISC, CISSP SECOZ CEO

Introduction To IS Auditing

CISM Certified Information Security Manager

01.0 Policy Responsibilities and Oversight

Frameworks and Standards

GUIDANCE NOTE ON CYBERSECURITY

Certified Information Systems Auditor (CISA)

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

BUSINESS CONTINUITY MANAGEMENT

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Information Technology Branch Organization of Cyber Security Technical Standard

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

How Secure is Blockchain? June 6 th, 2017

Protecting your data. EY s approach to data privacy and information security

Cyber Risks in the Boardroom Conference

Business Continuity Management Standards A Side-by-Side Comparison

Putting It All Together:

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Technology Competence Initiative

Summary of Contents LIST OF FIGURES LIST OF TABLES

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

FRAUD-RELATED INTERNAL CONTROLS

The Common Controls Framework BY ADOBE

Prevention of Identity Theft in Student Financial Transactions AP 5800

Business Continuity Policy

354 & Index Board of Directors Responsibilities Audit Committee and Risk Committee Coordination, 244 Audit Committee Functions and Responsibilities, 2

716 West Ave Austin, TX USA

No IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP

CISA ITEM DEVELOPMENT GUIDE

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

Implementing a security metrics dashboard in Telefónica España

ISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services

3/13/2015. COSO Revised: Implications for Compliance and Ethics Programs. Session Agenda. The COSO Framework

CIS 444: Computer. Networking. Courses X X X X X X X X X

PECB Change Log Form

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

FDIC InTREx What Documentation Are You Expected to Have?

Objectives of the Security Policy Project for the University of Cyprus

At a Glance. Introducing Security Metrics

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Security Policies and Procedures Principles and Practices

COSO Enterprise Risk Management

An Introduction to the ISO Security Standards

Mobile Device Security

ISO/IEC INTERNATIONAL STANDARD. Information technology Code of practice for information security management

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Security Standards for Information Systems

WELCOME ISO/IEC 27001:2017 Information Briefing

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

INFORMATION ASSET MANAGEMENT POLICY

AT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant

Risk Advisory Academy Training Brochure

Virginia Commonwealth University School of Medicine Information Security Standard

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

Annexure I: Contact Details:

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

Session 5: Business Continuity, with Business Impact Analysis

Information technology Security techniques Information security controls for the energy utility industry

HENRY EE, FBCI, CBCP

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

Open Enterprise Security. Architecture (O-ESA) A Framework and Template for. Policy-Driven Security. OrTHE GROUP. Pyan Haren ^PUBLISHING

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

FISMAand the Risk Management Framework

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Transcription:

Risk Management in Electronic Banking: Concepts and Best Practices Jayaram Kondabagil BICENTENNIAL B1CBNTENNIAL John Wiley & Sons (Asia) Pte Ltd.

Contents List of Figures xiii List of Tables xv Preface xvii Acknowledgments xxiii Foreword ~" xxv PART I: INTRODUCTION TO E-BANKING Chapter 1 E-Banking Basics 3 Evolution of e-banking 3 Impact on traditional banking ^ 4 E-banking components 7 Regulatory approval 8 Chapter 2 E-Banking Risks 10 Strategic risk 11 Operational risk 12 Compliance risk 13 Reputational risk 13

VIII Contents Other risks 14 Risk management challenges 15 The five-pillar approach 17 Chapter 3 Product and Service-specific Risks 19 Internet banking 19 Aggregation services 21 Bill presentment and payment 23 Mobile banking 24 Weblinking 25 Electronic money 27 Cross-border transactions 27 New products and services 29 PART II: RISK MANAGEMENT Chapter 4 Risk Management Framework 33 Chapter 5 Chapter 6 Policies and procedures Risk management process Operational risk management Governance and internal controls Risk Management Organization Organization structure Board and senior management Executive risk committee IT management Internal and external audit International Standards Basel Committee on banking supervision COBIT 4.0 ISO 17799 OCTAVE COSO - enterprise risk management PCI data security standard Financial Action Task Force 34 35 39 40 43 43 44 49 51 53 56 56 57 58 59 60 61 62

Contents IX Corporate governance codes 63 Regulatory guidelines 64 Part III: INFORMATION SECURITY Chapter 7 Information Security Management 69 Security objectives 70 Security controls 73 Security risk assessment 76 Classification of controls 78 Monitoring and testing 79 Incident response plan 80 Chapter 8 Operational Controls 82 Personnel issues - 82 Segregation of duties 84 Technical issues 86 Database management 88 Change management 89 Backups and off-site storage 90 Insurance 92 Fraud management 93 Chapter 9 Technical Controls 97 Logical access controls """' 98 Identification and authentication 99 Authentication methods 101 Audit trails 104 Network security 105 Firewalls 108 Malicious code 110 Information security incidents 111 PART IV: OUTSOURCING Chapter 10 Outsourcing in E-Banking 117 Types of outsourcing 118 Material outsourcing 119

X Contents Supervisory approach 120 Key risks of outsourcing 121 Board and senior management responsibility 123 Outsourcing policy 124 Chapter 11 Managing Outsourced Services 126 Outsourcing decisions 126 Risk assessment and control 127 Service provider due diligence 130 Offshoring 131 Contingency plans 132 Customer service 132 Monitoring and audit 134 Chapter 12 Outsourcing Contracts 137 Contractual provisions 138 Right of access clauses 140 Termination clause 141 Offshoring contracts 141 Confidentiality and security clauses 142 Business continuity clauses 144 PART V: BUSINESS CONTINUITY Chapter 13 Business Continuity Management 147 The main drivers 147 Board and senior management responsibility 149 Components of BCM 151 Business impact analysis 152 BIA methodologies 153 Recovery strategy 156 Chapter 14 Business Continuity Plan 158 Major components of BCP 158 Continuity management team 160 Recovery procedures 162 Resource requirements 163 External communications 165

Contents XI Plan maintenance 167 Awareness and training 169 Testing of BCP 171 Testing methods 172 Chapter 15 Data Centers and Alternate Sites 175 Evolution of data centers 175 Location of the sites 176 Mitigating concentration risk 177 Data center design 178 Logistics management 180 Maintenance procedures 182 Alternate site models 183 External support 185 Business continuity in real life 186 PART VI: LEGAL AND REGULATORY COMPLIANCE Chapter 16 Compliance Function 193 Organization of the compliance function 194 Board and senior management responsibility 195 Role of regulators 196 Chapter 17 Major Compliance Issues 198 Anti-money laundering 198 Know your customer (KYC) V 199 Suspicious activities 201 Privacy of customer information 202 Information disclosures 204 Customer education 206 High-level review checklist 209 Acronyms 225 Glossary 227 References 245 Index 251

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback