Banks and financial institution services haven't really changed much at all in the last century. They still help you save your money, give car loans or mortgages, help you send your kids to college, and help you prepare for retirement. How they accomplish this has changed dramatically, and continues to change as technology advances.
Modern technology has opened the door to many conveniences such as on-line banking, web bill pay, and many others. However, as technology increases our convenience, it also increases the security risks.
Although risk has been around since the first bank opened its doors, The Basel Committee on Banking Supervision only recently defined what operational risk is. In 2006, the committee defined operational risk as, "the loss resulting from inadequate or failed internal processes, people and systems or from external events." Alan Greenspan, unarguably one of the most successful financial experts in the world, stated, "It would be a mistake to conclude that the only way to succeed in banking is through ever-greater size and diversity. Indeed, better risk management may be the only truly necessary element of success in banking."
Banking and financial industry are experiencing change like never before. Because of increased customer expectations, stricter regulatory requirements, ever changing technology, and increased competition, financiers have realized that if they don't focus on managing security risk through a risk management framework, they may fail.
This comes not a minute too soon. In the last few years, there have been over 100 reported losses exceeding $100 million dollars. Billions of dollars' of transactions take place daily making financial institutions and their networks and systems, the target of cyber-criminals.
Technology has made it possible for these criminals to be sitting in a cabana in Vanuatu while pilfering hundreds of thousands, even millions of dollars. Temptation of insiders to access customers financial information has caused some, normally honest people, to slip over to the dark side. Therefore the internal security controls need to be as strong as external security controls.
Employing security risk management is more than just meeting requirements to get a check in the box. It's not a simple pass-fail results, or generating paperwork to pass inspections or audits, it's a principle tool used to ensure the organization is meeting their security goals and objectives.
The art of risk management is a cyclical way of categorizing the information system, determining the security controls to use, implementing those controls, assessing their effectiveness, authorizing the use of the secure system, and monitoring the system. It takes years to acquire the required skills to effectively analyze risk. It's also a challenging task to apply the art of risk management to an organization as diverse and complicated as those in the banking and financial industry. Does your bank manage its information technology risk? Only an organization employing a risk management framework, can hope to get to the level of security where you can sleep at night, knowing your information is protected by the bank you trust.
Submitted by Taranet Inc.