BAKU/27.12.13/Turan : According to the regulations of the Central Bank of Azerbaijan , local financial institutions should work exclusively with licensed software in compliance with information security (IS ) .
By the end of the year offer sample thought Emin Mammadov, a leading consultant on these issues. According to him, the banking sector leaders understand the importance of information security in the IT infrastructure , but only a few financial institutions provide enough money for the creation of departments of information security - for the efficient and effective information security solutions necessary to create an independent unit with the corresponding budget.
Attempts to solve the problem through IT service can achieve partial success , for a distraction from her duties for safety tasks will lead to the solution of business problems postpone the task of ensuring security on the back burner . Where to get information security professionals , when the market are very few , especially with practical experience . If we talk about outsourcing of information security, today classified information to prevent unauthorized people , even related agreement of confidentiality and nondisclosure , not all ready . Consequently , banks will bear the costs of training IT staff divisions , but it is quite acceptable costs in comparison with the risks of outsourcing IS , when fears that the information relating to safety , will be available outside the bank. Especially because a professional outsourcing of IS is also not cheap discharge .
So what are the tools of information security are the most popular and promising in the banking sector ? In addition to traditional IT tools to protect the network perimeter , anti-virus solutions , systems, protection of mail traffic from spam, blocking USB- drives and external devices. major interest is in data encryption system of mobile devices, centralized monitoring and controls user activity on corporate networks , as well as systems of information security event . It is indicative that large IT vendors are buying traditional players in the information security market and inserted their solutions into their products and technology. From their side today offers infrastructure solutions for information security , such as firewalls, intrusion detection , anti-virus tools , Identity Management, DLP system.
In the banks , which already have separate divisions IB will be gradually integrated implementation of systems to prevent leaks DLP (Data Loss Prevention), with which you can prevent the leakage of critical business information. After all, despite the fact that most of the employees sign non-disclosure agreement , many violate it and transmit corporate data outside of the internal network. Most often this is done using email and the stick. A leak of confidential data is fraught with serious reputational risks .
Besides the immediate introduction of banking systems ( RBS ) , the actual problem would be the vulnerability of these systems on both the bank and the client side. In this case, will be in demand and antifrodovye system , information encryption , the ability to multi-factor authentication , etc.
With the development of channels RBS mobile banking services will become more popular. However, ways to reduce risk for mobile devices similar to recommendations for Internet banking - do not download games and software from dubious sources , transfer the phone to unauthorized persons without removing banking application .
The creation of new banking products and the introduction of innovative services is growing as the number of information resources, and employees of the organization , making it difficult to conduct monitoring of user access rights system administrators .
Introduction of electronic document management systems ( EDMS) , allows the reduction of labor costs and time for processing and preparation of documents , management decisions , simplifies the mechanism of its control. At the same time , EDS creates new risks , and if you do not provide a comprehensive system security, privacy risks , integrity and availability of information will be very high. But to the widely publicized cloud computing (Cloud Computing), whatever the experts' forecasts , the banks will not show particular interest due to the nature of confidentiality of information. We can only talk about impersonal test environments. Suggest bankers to keep their assets in another , and even " cloud" bank? To resolve this problem will require new technological platforms and safety standards.
Mammadov said that expenditure on information security should be treated just as an investment from which the business is waiting to ensure the effectiveness of the flow of business processes. - 17D-