Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

US banks should bolster security skills to prevent intrusions.

ISACA : 29 February, 2008  (Technical Article)
Good governance and adequate security resources are needed to reduce the levels of successful banking system intrusions according to ISACA.
ISACA says that the number of suspicious and unauthorised intrusion accesses to bank computer systems can be reduced if the banks boost security staff levels and improve governance over outsourcing.

'According to the Washington Post, the number of US financial institutions that have experienced a sizeable increase in unauthorised intrusions and bank account losses has increased, and the cost to the banks per incident has soared,' said Lynn Lawton, CISA, FCA, FIIA, PIIA, FBCS CITP, international president of ISACA and the IT Governance Institute (ITGI).

Lawton says that, although the Washington Post news story is based on a closed Federal Deposit Insurance Corporation report, the general trend of online bank account attacks and successful intrusions is clearly on an upward trend, judging from news reports over the last year in the US and in Europe.

'An additional concern, according to the IT Governance Institute's IT Governance Global Status Report for 2008, which has also just been released, suggests that IT staffing levels are an increasing worry for institution managers, as is their reliance on external outsourcing,' Lawton said.

'Based on this data, if banks are to reduce the number of intrusions on their systems, and so regain the customer trust lost in recent years, they need to implement improved IT governance based on frameworks such as COBIT, which includes consideration of resourcing, training, control automation and monitoring internal and external performance and controls,' Lawton added.

According to Lawton, even though the Financial Sector is ahead of the rest in implementation of IT Governance, the survey demonstrates that there are still over 25% of Financial Sector respondents not yet doing anything about it.

'Good governance has been shown to have a positive effect on share value, and the positive effect on customer confidence that will accrue in the process should help to attract and retain business, too,' Lawton said.

Securing information is a key component of compliance with Sarbanes-Oxley in the USA and Basel II in Europe. The IT Governance Institute (ITGI) is well known for its excellent work in aiding the financial service sector with independent guidance on compliance and has recently released new guidance titled IT Control Objectives for Basel II: The Importance of Governance and Risk Management for Compliance.

Developed by individuals from a range of financial services organizations and other banking advisors, IT Control Objectives for Basel II follows the format and intent of ITGI's popular IT Control Objectives for Sarbanes-Oxley publication. The book provides unambiguous guidance to operational and information stakeholders—including risk managers, IT practitioners, banking regulators, financial services experts and internal/external auditors—regarding operational and information Risk Management and its application to the Basel II Capital Accord framework.

Additionally, IT Control Objectives for Basel II:.

* Maps Basel II principles for operational risk against IT risk.
* Highlights the need for operational and information Risk Management and IT controls from the perspective of bankers and financial experts.
* Offers cross-references with COBIT 4.1 processes.
* Provides a framework for managing information risk in the context of the Basel II Capital Accord. By applying this framework, financial service organizations are able to apply recognized practices and controls to their IT environment.
* Outlines steps toward convergence.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo