(IJCSIS) International Journal of Computer Science and Information Security,Vol. 10, No. 3, March 2012
the information is not changed or modified as well to ensurethe availability of the information when needed or in an eventof a disaster . Many businesses are merely depending oninformation deposited in computers; personal information, anddetails that may all be warehoused on a database. Without thisinformation, it would often be very hard for a business tofunction. Information security systems need to be implementedto protect this asset .Nowadays, there are many types of threats available on theinternet that need to be enforced to ensure business goals.Based on Proctor, 2002 organizations and their informationsystem and network are faced with security threat from widerange of sources including computer fraud, espionage,sabotage, and vandalism . Cause of damage such as code,computer hacker and denial for services attach have becomemore common and increasingly spreading in the World WideWeb.
A policy is a document that summarizes rules that must beabided by the organization. Security policy is the backbone of the security architecture without a policy you cannot protectyour information . In addition, policies allow theorganization to reduce cost and eliminate accountability.Written policy works as the means of communicating companyguidelines to the customer . Furthermore, policy defineshow security should be implemented, this comprise properconfiguration. Thus policy provides the rules that govern howsystem should be configured and how customers of anorganization should act in normal circumstance and reactduring unusual situation. Some examples recommended forbiometric Policy; do not share your fingerprint device with anyperson, any obvious act of fraud or guessing the fingerprint theservices will be terminated report to the bank immediatelywhen the device is stolen.
The term biometrics is used to describe physicaldimensions and/or behaviour characteristics which are essentialand unique to the human being; and it can be utilized to verifythe identity of a person. These characteristics includefingerprint, hand geometry, facial characteristics, iris, retina,personal scent and DNA, while behaviour features includehandwriting, keystroke, voice and gait. Physiologicalcharacteristics can be measured and recognized . Biometricfingerprint technology is considered one of the most secure andconvenient authentication tool. It cannot be stolen, borrowed,or forgotten, and forged .III.
Getting information from the banks is very challengingbecause of the sensitivity asset; in addition, the bank policystated that it is il
legal to reveal the customers’ information and
their strategy plan. Furthermore, the bank delayed to respondour request to meet the human resource manager. Since there isa high competition among the banks, so every bank wants tokeep their strategies from the researchers and press. Assetprotection is the biggest challenge in information securitysystems of the banks. They have sensitive information such as
customers’ information and their credit card details, which
need to be secured. Therefore, protecting information againstleakage has become more complex and difficult when anopponent who is authorized to view the data or informationabout the processes of the security system .Based on Harris & Spence, 2002 banks are increasinglythreatened by the leakage of sensitive information which can beavailable to impostors or competitors. Furthermore, Bankswant to ensure that information assets such as the securitysystem, trade secrets, software code, designs, architectures, andalgorithms are not leaked and abused . Also, they wantprotection against leakage of internal confidential information,
which can damage the customers’ trust to the company
brand.According to these reasons the major bank in Malaysiarejected to give us any information about their e-bankingsecurity system; to avoid leakage of information which cancompromise their security system and affect theircompetitiveness of protecting the confidential information of their customers.IV.
BANKING SECURITY SYSTEM PROCESSES
Authentication processes to access the account
The diagram shows that the authentication process consistsof two stages. First of all, the user needs to verify his/herusername and password, if the username and the password areaccepted; the browser will direct the user to the second stage of authentication but if the username and the password are notaccepted the browser will ask the user to reinsert validusername and password.Secondly, this stage is the most significant one which is theauthentication stage by using the biometric fingerprinttechnology. The user needs to verify his/her fingerprint byusing fingerprint reader which is connected to his/her ownpersonal computer (Figure 1). The fingerprint server will match
the user fingerprint with the bank’s finge
rprints database; if it isaccepted the browser will direct the user to access his/heraccounts.These two stages of authentication protect the customerinformation from unauthorized reading that meansconfidentiality of the customer which is very important from
the customer’s perspective because it saves him/her from
failing under the threat of the malicious people.