Banking information security

The Centre for Security and Justice Studies (CSJS), in collaboration of National Banking Training Institute (NBTI), organized a seminar on 'Banking Information Security: Challenges and Solutions' on Friday May 9, 2014. DIG Mr. Mahesh Singh Kathayat presented his paper on this theme. He stressed on the need to develop security policy and procedures by banking and financial institutions in order to protect the business. He said that information security has two important dimensions, namely:

• Protection of investment in information systems and the actual information (data) thereon, and,
• Availability of information systems for use whenever and wherever required.

It is necessary to address basic concerns relating to safety and security of information and communication technology (ICT) assets, to data and to information pertaining to the bank as a whole and the customer in particular. Against this background, it would be appropriate to define a set of best practices which would enhance the value of ICT security in finical sectors.

He listed down the key recommendations for banking and financial institutions to protect the information.

1.      Take adequate care of the human factor in ICT implementation

2.      Ensure access of ICT security throughout the organization

3.      Develop well defined ICT security policies and procedures for the organization

4.      Take action about ICT security incidents at the appropriate time

5.      Ensure that adequate resource capability is provided for the ICT security.

6.      Provide for optimal business process re-engineering at fixed interval of time.

7.      Take care of obsolescence issues for ICT security at the fixed time frame

8.      Provide a framework for incident management of ICT security incidents.

9.      Take care of data quality, integrity and security as part of business processing system

The participants were from banks and financial institution, including from Nepal Rastra Bank. Most of them were working in the information sector in their respective banks. This must have been very useful seminar for them. Some participants raised that the CEO/CIO must be made aware on such security issues.