CAIIB - General Bank Management -Technology Management

1
CAIIB- General Bank Management -Technology
Management MODULE C

• Madhav Prabhu
• M. Tech, MIM, PMP, CISA, CAIIB, CeISB, MCTS, DCL
• prabhu.madhav_at_gmail.com

2
Agenda

• Information Systems and Technology
• IT Applications and Banking
• Networking Systems
• Information System Security and Audit

3
Information Systems and Technology

• System terminology
• MIS and its characteristics
• Data warehouse

4
System Terminology

• Systems Development Life Cycle
• Planning and analysis defines needed
  information etc
• Design - data structures, software architecture,
  interface
• Implementation - Source code, database,
  documentation, testing and validation etc.
• Operations and maintenance - ongoing

5
SDLC

• A framework to describe the activities performed
  at each stage of a software development project.

6
Various SDLC Models

• Waterfall Model when
• Requirements are very well known
• Product definition is stable
• Technology is understood
• New version of an existing product
• Porting an existing product to a new platform.

7
Various SDLC Models

• V-Shaped SDLC Model when
• A variant of the Waterfall that emphasizes the
  verification and validation of the product.
• Testing of the product is planned in parallel
  with a corresponding phase of development
• Excellent choice for systems requiring high
  reliability tight data control applications
  patient information etc.
• All requirements are known up-front
• When it can be modified to handle changing
  requirements beyond analysis phase
• Solution and technology are known

8
Various SDLC Models

• Prototyping Model when
• Developers build a prototype during the
  requirements phase
• Prototype is evaluated by end users and users
  give corrective feedback
• Requirements are unstable or have to be clarified
  
• Short-lived demonstrations
• New, original development
• With the analysis and design portions of
  object-oriented development.

9
Type of Information Systems

• Transaction Processing Systems
• Management Information Systems
• Decision Support Systems

10
MIS Structure

• Strategic Top management
• Tactical Middle Management
• Operational Lower Management

11
Strategic

• External information Competitive forces,
  customer actions, resource availability,
  regulatory approvals
• Predictive information long term trends
• What if information

12
Strategic Management

• The People
• Board of Directors
• Chief Executive Officer
• President

• Decisions
• Develop Overall Goals
• Long-term Planning
• Determine Direction
• Political
• Economic
• Competitive

13
Tactical

• Historical information- descriptive
• Current performance information
• Short term future information
• Short term what if information

14
Tactical Management

• Decisions
• short-medium range planning
• schedules
• budgets
• policies
• procedures
• resource allocation

• People
• Business Unit Managers
• Vice-President to Middle-Manager

15
Operational

• Descriptive historical information
• Current performance information
• Exception reporting

16
Operational Management

• Decisions
• short-range planning
• production schedules
• day-to-day decisions
• use of resources
• enforce polices
• follow procedures

• People
• Middle-Managers to
• Supervisors
• Self-directed teams

17
MIS System

• MIS provides information about the performance of
  an organization
• Think of entire company (the firm) as a system.
• An MIS provides management with feedback

18
MIS The Schematic
The FirmProcessing
Input Raw Materials, Supplies, Data, etc.
Output Products, Services, Information etc.
MIS
Managers, VPs, CEO
19
MIS - Questions
Q How are we doing? A Look at the report from
the MIS Generic reports Sales, Orders,
Schedules, etc. Periodic Daily, Weekly,
Quarterly, etc. Pre-specified reports Obviously,
such reports are useful for making good decisions.
20
How is a DSS different?

• MIS
• Periodic reports
• Pre-specified, generic reports

• DSS
• Special reports that may only be generated once
• May not know what kind of report to generate
  until the problem surfaces specialized reports.

21
MIS vs. DSS Some Differences

• In a DSS, a manager generates the report through
  an interactive interface
• More flexible adaptable reports
• DSS Reporting is produced through analytical
  modeling, not just computing an average, or
  plotting a graph.
• Business Models are programmed into a DSS

22
Decision Support System

• Broad based approach
• Human in control
• Decision making for solving structured/unstructure
  d problems
• Appropriate mathematical models
• Query capabilities
• Output oriented

23
Types of Decisions
Operational Tactical Strategic
Un-structured Cash Management Re-engineering a process New e-business initiatives Company re-organization
Semi-structured Production Scheduling Employee Performance Evaluation Capital Budgeting Mergers Site Location
Structured Payroll
24
Project Management

• Planning Tools
• Gantt chart
• PERT
• Interdependencies
• Precedence relationships
• Project Management software

25
Information Technology

• Some IT systems simply process transactions
• Some help managers make decisions
• Some support the interorganizational flow of
  information
• Some support team work

26
When Considering Information,

• The concept of shared information through
  decentralized computing
• The directional flow of information
• What information specifically describes
• The information-processing tasks your
  organization undertakes

27
INFORMATION FLOWS

• Upward Flow of Information - describes the
  current state of the organization based on its
  daily transactions.
• Downward Flow of Information - consists of the
  strategies, goals, and directives that originate
  at one level and are passed to lower levels.
• Horizontal Flow of Information - between
  functional business units and work teams.

28
INFORMATION PROCESSING

• 1. Information Sourcing- at its point of origin.
• 2. Information - in its most useful
• form.
• 3.Creating information - to obtain new
• information.
• 4.Storing information - for use at a later time.
• 5.Communication of information - to other
• people or another location.

29
Data Centers

• Centralised data environment
• Data integration
• Management awareness
• Change impact
• Decentralised data environment
• Functional specialisation
• Local differences
• User proximity
• User confidence
• Lack of central control
• Corporate level reporting
• Data redundancy
• Loss of synergy

30
IT Applications and Banking
31
Banking Systems and software

• Multi currency
• Multi lingual
• Multi entity
• Multi branch
• Bulk transaction entry
• High availability
• Performance management

32
Selection criteria

• Industry knowledge
• Banking IT knowledge
• Application familiarity
• Project Management
• Pricing options
• Track record
• Incumbency
• Technical skills
• Accessibility
• Total Cost

33
Other systems

• Electronic clearing and settlement systems
• MICR/OCR
• Debit Clearing system
• Credit Clearing system
• RTGS
• Cheque truncation
• Electronic Bill presentment and payment
• Decrease billing costs
• Provide better service
• New channels- new revenue

34
Networking Systems
35
Data communications

• Electronic mail
• Internet Connectivity
• Local Area Networking
• Remote Access Services

36
Information System Security and Audit
37
Computer Security

• Physical security
• Logical Security
• Network security
• Biometric security

38
Physical Security

• Intrusion prevention- locking, guarding, lighting
• Intrusion detection mechanisms Disturbance
  sensors, buried line sensors, Surveillance
• Document security
• Power supply

39
Logical security

• Software access controls
• Multiple type of access control
• Internal access control based on date, time etc
• Max tries
• Audit trails
• Priviliged access
• Encryption

40
Network Security

• Physical intrusion
• System intrusion

41
Attacks

• Impersonation - forging identity
• Eavesdropping Unauthorised read
• Data alteration Unauthorised edits
• Denial of Service attacks - Overloading

42
Intrusion Detection Systems

• Categories
• NIDS Network Intrusion Detection monitors
  packets on network
• SIV System Integrity Verifier files sum check
• Log file Monitor Log entry patterns
• Methods
• Signature recognition Pattern recognition
• Anomaly detection Statistical anomalies

43
Firewalls

• First line or last line of defence?

44
Others

• VPN
• Encryption
• Honey pots

45
Biometric Security

• Signature recognition
• Fingerprint recognition
• Palmprint recognition
• Hand recognition
• Voiceprint
• Eye retina pattern

46
Communication Security

• Cryptography
• Digital Signatures
• PKI
• CA

47
Cryptography

• Art and science of keeping files and messages
  secure.
• Encryption
• Key to encode
• DES and Triple DES, IDEA
• Safe key length
• Cipher
• Decryption

48
Digital Signatures

• Usage
• Verification
• Why use?
• Authenticity
• Integrity
• Confidentiality
• Non repudiation
• Prerequisites Public private key pair, CA

49
PKI- Public Key Infrastructure

• A framework for secure and trustworthy
  distribution of public keys and information about
  certificate owners called clients
• Client
• Key Management
• High quality secret keys
• Generation
• Key distribution

50
CA- Certification Authority

• Central Authority
• Hierarchical
• Web of Trust

51
Disaster Management

• Natural
• Accidents
• Malicious

52
Disaster Management

• Disaster avoidance
• Inventory
• Risk Management
• Disaster Recovery
• Data off site
• Data off line
• Data out of reach
• Test

53
Business Continuity Planning

• Employee awareness
• Fire detection and prevention
• Hardcopy records
• Human factors
• LAN
• Media handling and storage

54
DRP Disaster Recovery Planning

• Preplanning
• Vulnerability assessment
• BIA Business Impact Assessment
• Detailed definition RTO and RPO
• Plan development
• Testing
• Maintenance program

55
IS Audit

• Objectives
• Safeguarding assets
• Data Integrity
• Process Integrity
• Effectiveness auditing
• Efficiency auditing
• Importance

56
IS Audit Procedures

• Audit objectives
• Planning
• Who, how and reporting structures
• Audit Software execution
• Reporting

57
System Audit - Security

• Environmental Controls
• Access controls
• Input controls
• Communication controls
• Processing controls
• Database controls
• Output controls
• Control of last resort (DRP, Insurance)

58
Cyber Law

• IT Act 2000
• Legal recognition of electronic records
• Acknowledgement of receipt of electronic records
• Legal recognition of digital signatures
• Submission of forms in electronic means
• Receipt or payment by fee or charge
• Retention of electronic records
• Publication of rules, regulation in electronic
  form
• CA to issue digital certificate

59
Some legal issues

• Data theft
• Email abuse
• Data alteration
• Unauthorised access
• Virus and malicious code
• Denial of Service

60
Thank You