Email Address
Password
Forgot Password?
............................................................................................................................DescriptionIncreasing use of technology in banks has made dealings easier for customers andspeededup the operations. Meanwhile there is a corresponding increase of risksin operations. Every bank should conduct Information Systems Audit(ISA) to minimise such risks. Following RBI's guidelines, a number of banks have put in place or arein the process of developing security policies, which among otherthings will determine the scope and periodicity of ISA. A number ofbanks prefer doing "ISA" internally. Even where banks engage thirdparty IS Auditors, it may be preferable to have additional internalaudit to tackle the issue of objective auditing. In order to conductsuch internal auditing, it should be ensured that internal IS auditorsare not part of IT team and have appropriate professional expertise byway of qualification and training. This will call for technicallyqualified personnel in the banking set-up and periodical skillbuilding. Not only the auditors - both internal and external - butbankers in general should also be aware of the concerns of audit andinitiate appropriate preventive measures. Middle and senior levelofficers working in banks should necessarily have a good appreciationof issues involved. With these objectives and requirements, theInstitute thought to publish a book which will be useful for: (i) thestudents enrolled for CelSB examination of the Institute and (ii)persons desiring to acquire upgrade the knowledge on informationtechnology of banks.The book is divided into five modulesconsisting of (i) Technology in Banks (ii) Technology - System,Development, Process, implementation (iii) Security and Controls,Standards in Banking (iv) Continuity of Business (v) Overview of legalframework. It is hoped that the current volume of the book would helpthe reader: • To develop functional expertise in the areas of system identification, development, implementation and designing, • To develop expertise in computer security, implementation of threat prevention and detection systems, designing and testing risk mitigationstrategies; • To develop skills for objective assessment of information system control, information privacy and integrity. • To study the tools that provide assurance in the system by measuringagainst four essential principles: availability, security, integrityand maintainability • To aid the bank management in developingsound information system audit, control and security functions byproviding criteria for personnel selection and development.Primaryemphasis of the book is still conceptual. Within the conceptualframework, there is a rigorous coverage of analytical techniques. Moreimportantly, the book gives substantial information about theoperational risks that the banks are-facing, and how those risks aremanaged by appropriate measures.Suggestions to improve contents and coverage of the book are welcome............................................................................................................................ContentsCurriculam for the CeISB-Part I ExaminationThe curriculum for the Part I examination is as followsa. Technology in Banks - The Banking Environment and Technology - Overview of Processing Infrastructure - Accounting Information System - Information Organisation and Management - Risk associated with Technology Banking - Audit function and technologyb. Technology - System, Development, Process, Implementation - Hardware Architecture - Software platforms - System design, development and maintenance - SDLC (software development lifecycle) - NetworkingC. Security and Controls, Standards in Banking - Security - Overview of security, Architecture, policy, Procedure, Implementation, Monitoring - Controls - Physical Controls, IT Controls, Application Controls, Resources and Tools - Standards - ISO, CMM, CoBIT, RBI guidelinesd. Continuity of Business - Difference between CoB, BCP and DRP - CoB Plan, policy and procedures - Risk Management and Impact Analysis - Testing and implementation of CoB, BCP and DRPe. Overview of Legal Framework - IT Act, Intellectual property Right, Copy right Curriculum for CelSB - Part II ExaminationThe Curriculum for the Part II examination is as follows :(a) Security Policies, Procedures and Controls - II - Management Control Framework - Development and review of security policies and controls standards - Compliance and incident handling - Network security - Security implemented by operating system and databases - Hardware and software - Network components(b) Is Review - Methodology and Approach - IS Audit as review of IS management Function - Review of Human Resources Management Function, Technology Management Function, Data Management Function, Application Management Function, Facilities Management Function - Audit Standards - Audit organisation and Management - Audit in computerised environment - Risk based audit - Substantive and compliance review - Use of CAAT's - use of general audit software............................................................................................................................
