This action might not be possible to undo. Are you sure you want to continue?
INFORMATION RISK MANAGEMENT
Submitted by : Sukhjinder Singh Div-B 11030241081
facility. in a language he understands).Case: CIO of a public sector scheduled commercial bank (having discrete IT setup) wants to perform a risk assessment of his bank's overall IT infrastructure. Physical security can be as simple as a locked door or as elaborate as multiple layers of barriers. The attack can occur in any form either it could be a data theft or a bomb attack or any seriousness caused to the employees of the bank. Identify the Risk: The first step deals with identifying the various types of risk involved at various level in the banks: Physical Security Risk: Physical security describes measures that are designed to deny access to unauthorized personnel (including attackers or even accidental intruders) from physically accessing a building. The bank uses many critical applications which are hosted from a data centre in Mumbai. Basic Steps for a Risk Assessment There are five basic steps in risk assessment . armed security guards This is the first step or the basic risk that can occur in any bank . resource. 1. I can give the basic steps of Risk assessment to the CIO and under these steps various risk will be covered at various levels. . he wants you to give him an approach to perform the assessment (of course. and guidance on how to design structures to resist potentially hostile acts. where an attacker or the unauthorized person can enter in the bank and make serious effects . Bank is head quartered in the same city and has branches pan India. Being the trusted lieutenant of the CIO. or stored information. In order to give the approach to perform the risk assessment . which are explained below along with different types of risk involved.
Now there are different ways in which the data of any bank can be theft.Ensuring that users are the persons they claim to be. which will contains the data about all the departments along with all the functional and technical data . customer etc. including its summary of employees . if the data is taken by the unauthorized person they can misuse the data in any form. which can be conveniently summarized by the acronym "CIA": y y y Confidentiality -. Market data: It will involve all the data about the market with which the bank is doing its operations and business and this data is as important as the other data mentioned above. ledger etc. like the balance sheet.Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users Authentication -. Computer (System security) Risk: Computer security is frequently associated with three core areas. Risk Involved: The data irrespective of to which department does it belong is the most important asset any bank can have. They can do the unwanted transactions and can do any harm with the data.Ensuring that information is not accessed by unauthorized persons Integrity -. Here the data can be classified in the various forms like the: Bank data: Which involves all data about the employees and the various customer associated with the bank.Data Theft Risk: The second risk that can occur in the bank is the Data theft risk. It could either be by gaining access to the various systems employed in the bank or by directly attacking at the server. The main sources of data are the bank balance sheet and supervisory data. . which involved all the information about the bank. Now. Credit Exposure data: Credit exposure data is the data that involves all the data about the credit summary of the bank.
combating eavesdropping. controlling access from entrusted networks. It basically involves Protecting network and telecommunications equipment. Business Partners: Business partners. Customers: Customers are the most important for any bank and maintaining their data is the utmost responsibility of the bank and if the data is lost then will harm the customers as well as the reputation of the bank will also is lost. Decide who could be harmed and in what way: Establish groups that are affected by the risks we identified in our search. So it is utmost important for the bank to identify that all will be harmed if the risk mentioned above comes into the picture. . firewalls. Network Security Risk: Network security risk is associated with the networks and transmission and the operation that are being performed on those networks. it will affect the tie ups of banks. The various persons can be affected in the risks involved: Employees: When the data is theft then it can contain the data about the employees and will harm them in some ways if the corrective action is not taken. and detecting intrusions. To see the bigger picture. integrity and Authentication can be misused in the various aspects . Now. We record the ways that they could be harmed if the risk is not corrected and review the list with our employees to see if there is anything else they have to add.Now if the system is not properly secured then the confidentiality. again have almost all their details with the bank with whom they are operating and if the data for the BP are lost. at the network security risk the denial of service attack can takes place and the attacker can gain access to the network and stops the genuine users from accessing the bank¶s site and performing their operations. protecting network servers and transmissions.The confidentiality can be assessed by an unauthorized person and if the same person changes the data then it would be the risk with the integrity of the system and whosoever is associated with the bank and is not a genuine customer. we understand that there are groups outside of our workplace that might be harmed if corrective action is not taken. 2. can lead to the authentication risk.
.3. Provide user id and password to access each and every data. The access to the most important data can be given only to the few persons only with high level of security. 3. By encapsulating the entire system service with the strong anti-virus so that the attacker is unable to send the virus in the system in order to destroy the whole data. Data Theft Risk: The data theft risk can be solved in one of the following way : 1. By applying access card to the authorized persons. 3. 2. Establish Control Measures: Identify how we can manage the risks at present and what further steps might be required to reduce the risks further as noted by law. Computer ( System Security ) Risk : The computer security risk can be solved in one of the following way: 1. By using the biometric measures in which all the authentic persons will be identifies and this could be the best way to do this. 2. The data should be encrypted in some way and then should be decrypted. 3. CCTV cameras: By posting CCTV cameras at many points in the bank it will be possible to control the risk to much extent and if happened then the attacker can be found by checking the whole recording. 2. Regular checkups should be done to make sure that the systems we are implementing is of full proof security. Tools such as benchmarking and looking for advice from best practice leaders in similar industries are a great source for gathering solutions Different measures can be taken for various risk involved: Physical security Risk: This one can be measured in the following ways: 1. The system used in the bank has to be provided with the higher level of security measures by imposing the usage of user id and password to each and every application.
Record the findings of our assessment and inform those at risk of the controls: Report our findings and proposed solutions to all employees. Make your risk assessment an annual event. 3. It suggests including a timeline in your course of action. The restriction Should be imposed to authorize persons only.this allows you to remember to check up on this area during your formal risk assessment. updates to our safety policy and to provide a ³refresher´ session to employees to remind them that they have their responsibilities in ensuring a safe workplace. whereas some require more time to correct. To do the regular checkups to make sure that the attackers is not trying to make any Updates on the network. 2. It might also be a good time to provide some additional training regarding any changes to procedures. it¶s easier to place the assessment as a priority and demonstrates your commitment to workplace safety. A timeline is also useful to help establish temporary solutions for dealing with the risks that will take longer to correct in full. If we conduct our assessment around the same time each year. Identify. . it is important asses these areas when implemented into your workplace to reduce risk. Handle incidents immediately and record the actions taken to reduce the risk from occurring again.Review the Risk Assessment on a regular basis: Changes are always occurring in the workplace in order to remain current with policies and procedures. The access of the shared network should not be given to all the users. 4. assign and put a date on the responsibilities of those involved carrying out any of the changes 5. as some risk can be easily fixed immediately. As these changes take place. Remain up to date on incidents that take place at work.Network Security Risk : The Network security risk can be solved in one of the following way: 1. by providing strong network security measures to control access on the shared network.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.