Md Abul Kalam Azad

VP & Head of ICT Division

Achievement Summery of 2017

 Formation of steering, security, risk management committee.

 Active Directory Implementation.
 Inventory Software for ICT equipment.
Achievement Summery of 2017

 Website Upgradation.
 Segregation of duties at database level.
 Oracle 12c hardware and licensing implementation.
 Completion VAPT & ASP.NET training.
Achievement Summery of 2017

 Participation in BIBM & BB training program for skill development.

 Successful completion of half yearly & yearly closing process.
 Appointing branch level ICT in-charge in all branches.
 Online/Offline
Located at 30 KM distance
Data Repl
Remote Data
Call
Backup
Production Site/DC Center
Backup / DR
at Bashundhara Site at Savar

Customers get banking services online

ICT Div.
Physical and Logical Security/Controls to mitigate
online frauds and IT/Business risk in Banks

PC banking/ Online
Home banking Mobile Internet Branch
Tele-banking banking ATM banking
Information Security
• Protecting information and information systems from
unauthorized access, use, disclosure, disruption, modification or
destruction.

• Concerned with the confidentiality, integrity and availability of

data regardless of the form the data may take: electronic, print,
or other forms.
Information Security

• Protecting confidential information is a business requirement,

and in many cases also an ethical and legal requirement.

• A financial institution’s earnings and capital can be adversely

affected if information becomes known to unauthorized parties,
is altered, or is not available when it is needed.
Information Security
Information Security

Physical Security

Physical security prevents and discourages attackers from

entering a building by installing fences, alarms, cameras,
security guards and dogs, electronic access control, intrusion
detection and administration access controls.
Information Security

Logical Security

Logical security protects computer software by discouraging

user excess by implementing user identifications, passwords,
authentication, biometrics and smart cards.
Active Directory Domain Control

• Will restrict all unauthorized software in the computer system.

• Prevent the system from unauthorized access.
• Prevent the system from unwanted modification.
Active Directory Domain Control

• User can access any computer with his individual user ID.
• Will be ease to monitor & control the system centrally.
 FRAUD Source
 Individuals against Consumers.
 Employee fraud against Employers.
..  Fraud using lost and stolen debit/credit cards.
 Fraud by professional criminals.
 e-crime by using computers and technology.
Types of FRAUD
 Financial Statement Fraud
 Identity Fraud
 Inflated Invoices
 Computer Hacking
 Credit Card Fraud
 Theft of Cash
 Cheque Fraud
 Sundry Frauds
FRAUD Prevention
• ‘Fraud’ commonly includes activities such as theft, corruption,
conspiracy, money laundering, bribery and extortion.

• Fraud essentially involves using deception to dishonestly make

a personal gain for oneself and/or create a loss for another.
Fraud Prevention – Culture
 Minor unethical practices shouldn’t be overlooked (e.g.
petty theft, expenses frauds)
 Clear policy statements on business ethics and anti-fraud,
with explanations about acceptable behavior in risk prone
circumstances.
Fraud Prevention – Training
 When a major fraud occurs people who were close to it are
shocked that they were unaware of what was happening.
 Important to raise awareness through a formal education
and training program as part of the overall risk management
strategy.
 Particular attention should be paid to those managers and
staff operating in high risk areas.
Pay Order Balancing
 Generate the Pay Order Outstanding Report from 9333 Fast Path.
 Generate the GL Statement of Pay Order GL Head
90211010009.
 If the GL Head Balance and Pay Order Outstanding amount are
same then we assume it ok.
Pay Order Balancing
But If the GL Balance and Outstanding amount are not same then we have to do
the following:
 The branch tally the “outstanding register report” (9333) with manual
register.
 Then check between “GL Statement” and “outstanding register report” in
accordance with PO issue and collection basis.
 In our past observation we viewed that maximum problem found in PO
register and GL balance. In this context PO already paid but shown in
outstand register.
 Besides user sometimes issues PO in GL head directly so there is no
information in PO register and same could be happen in time of collection.
In this scenario the only way to find out the difference by cross check
between PO GL statement and PO register.
DD Balancing
 The time of issuing DD an advice has been generated in favorable branch
with registered updated.
 The favorable branch will responded the DD advice and credit the amount in
DD payable head.
 Check 7134 outstanding queue every day, if any DD has been found then
respond it from 1635.
 Also check the DD which are issued by own branch with IBTA advice or
IBTA report and observe those DD as if it will be responded in timely.
 In this scenario the user generate the report from 9334 and cross check with
its DD payable balance.
 DD outstanding report 9333 [own branch]
 DD outstanding report 9334 [favorable branch]
Gift Check Balancing
 Generate the Gift Cheque Outstanding Report from 9333 Fast Path.
 Generate the GL Statement of Gift Cheque GL Head 90209142000.
 If the GL Head Balance and Gift Cheque Outstanding amount are same
then we assume it ok.
 But If the GL Balance and Outstanding amount are not same then we have
to do the following as below.
Gift Check Balancing
 The branch tally the “outstanding register report” (9333) with manual register
(if exist)
 Then check between “GL Statement” and “outstanding register report” in
accordance with Gift Cheque issue and collection basis.
 So In our past observation we viewed that problem maximum found in Gift
Cheque register and GL balance supposed to be OK. In this context The
Gift Cheque already collected but it is still show in outstanding register.
 Besides user sometimes user issue Gift Cheque in GL head directly so there
is no information in Gift Cheque register and same could be happen in time
of collection. In this scenario the only way to find out the difference by cross
check between Gift Cheque GL statement and Gift Cheque register.
To Secure Banking Operation
1. Implementation of Bank wide Domain Controller.
2. Separation of E-mail service from CBS operation.
3. Preparing E-mail & Internet Usage Policy.
4. Enhancing Awareness generation on Security through
Training Program.
Procurement of Security Devices
1st Phase
 Vulnerability Assessment & Penetration Testing (VAPT)
software
 Firewall
 Content Filter
 Network Behavior Analyzer (NBA)
 Spam Filter
 Database Security Products

2nd Phase
 File Integrity Monitor (FIM)
 Network Access Control (NAC)
Targets for 2018

 Each branch under Active Directory Domain Controller.

 Inventory software
 HRD software
 Each employee of FSIBL under i-Banking facility.
 Website upgradation
Targets for 2018

 Each employee of FSIBL under i-Banking facility.

 Website upgradation
 12c AIX upgradation
 IP Phone
Targets for 2018

 Establish & Operate Security Operations Centre (SOC)

 Implementation of PCI-DSS
 Implementation of ISO 27K
 Software security upgradation