............................................................................................................................
Description
Increasing use of technology in banks has made dealings easier for customers and
speededup the operations. Meanwhile there is a corresponding increase of risksin operations. Every bank should conduct Information Systems Audit(ISA) to minimise such risks. Following RBI's guidelines, a number of banks have put in place or arein the process of developing security policies, which among otherthings will determine the scope and periodicity of ISA. A number ofbanks prefer doing "ISA" internally. Even where banks engage thirdparty IS Auditors, it may be preferable to have additional internalaudit to tackle the issue of objective auditing. In order to conductsuch internal auditing, it should be ensured that internal IS auditorsare not part of IT team and have appropriate professional expertise byway of qualification and training. This will call for technicallyqualified personnel in the banking set-up and periodical skillbuilding. Not only the auditors - both internal and external - butbankers in general should also be aware of the concerns of audit andinitiate appropriate preventive measures. Middle and senior levelofficers working in banks should necessarily have a good appreciationof issues involved. With these objectives and requirements, theInstitute thought to publish a book which will be useful for: (i) thestudents enrolled for CelSB examination of the Institute and (ii)persons desiring to acquire upgrade the knowledge on informationtechnology of banks.
The book is divided into five modulesconsisting of (i) Technology in Banks (ii) Technology - System,Development, Process, implementation (iii) Security and Controls,Standards in Banking (iv) Continuity of Business (v) Overview of legalframework. It is hoped that the current volume of the book would helpthe reader:
• To develop functional expertise in the areas of system identification,
development, implementation and designing,
• To develop expertise in computer security, implementation of threat prevention
and detection systems, designing and testing risk mitigationstrategies;
• To develop skills for objective assessment of information system control,
information privacy and integrity.
• To study the tools that provide assurance in the system by measuringagainst
four essential principles: availability, security, integrityand maintainability
• To aid the bank management in developingsound information system
audit, control and security functions byproviding criteria for personnel
selection and development.
Primaryemphasis of the book is still conceptual. Within the conceptualframework, there is a rigorous coverage of analytical techniques. Moreimportantly, the book gives substantial information about theoperational risks that the banks are-facing, and how those risks aremanaged by appropriate measures.
Suggestions to improve contents and coverage of the book are welcome
............................................................................................................................
Contents
Part I : Module I (Technology in Banks)
1. Banking Environment and Technology
2. Overview of processing infrastructure
3. Accounting information System (AIS)
4. Information Organisation and Management
5. Risks Asociated with Technology in Banking
6. Audit Function and Technology
Module II : Technology - System Development, Process, Implementation
7. Hardware Architecture
8. Software Platforms
9. System Development Life Cycle
10. Computer Networks
Module III : (Continuity of Business)
11. Business continuity and Disaster Recovery Planning
Module IV (Overview of Legala Framework)
12. Online Transactions - Concepts, Emerging Trends and Legal Implications
Part II : Module V (Security and Controls, Standards in Bankinig)
13. Security
14. Controls
Module VI (Security Policies, Procedures and Controls)
15. Development and Review of Security Policies and Control Standards
16. Compliance and incident handling
17. Network security
Module VII : (Information Security and ES Audit)
18. Information Security
19. IS Audit
Contents of CD
Standards for Information Systems Management
The Information Technology Act, 2000
Amendments made in other statutes
Overview of intellectual property rights
Issues in Taxation of Electronic Transactions
management Control Framework
Network Components
............................................................................................................................
