CAIIB - General Bank Management  -Technology Management – MODULE C Madhav Prabhu M. Tech, MIM, PMP, CISA, CAIIB, CeISB, MC...
Agenda <ul><li>Information Systems and Technology </li></ul><ul><li>IT Applications and Banking </li></ul><ul><li>Networki...
Information Systems and Technology <ul><li>System terminology </li></ul><ul><li>MIS and its characteristics </li></ul><ul>...
System Terminology <ul><li>Systems Development Life Cycle </li></ul><ul><ul><li>Planning and analysis – defines needed inf...
SDLC <ul><li>A framework to describe the activities performed at each stage of a software development project. </li></ul>
Various SDLC Models <ul><li>Waterfall Model when </li></ul><ul><ul><li>Requirements are very well known </li></ul></ul><ul...
Various SDLC Models <ul><li>V-Shaped SDLC Model when </li></ul><ul><ul><li>A variant of the Waterfall that emphasizes the ...
Various SDLC Models <ul><li>Prototyping Model when </li></ul><ul><ul><li>Developers build a prototype during the requireme...
Type of Information Systems <ul><li>Transaction Processing Systems </li></ul><ul><li>Management Information Systems </li><...
MIS Structure <ul><li>Strategic – Top management </li></ul><ul><li>Tactical – Middle Management </li></ul><ul><li>Operatio...
Strategic <ul><li>External information – Competitive forces, customer actions, resource availability, regulatory approvals...
Strategic Management <ul><li>The People </li></ul><ul><ul><li>Board of Directors </li></ul></ul><ul><ul><li>Chief Executiv...
Tactical  <ul><li>Historical information- descriptive </li></ul><ul><li>Current performance information </li></ul><ul><li>...
Tactical Management <ul><li>People </li></ul><ul><ul><li>Business Unit Managers </li></ul></ul><ul><ul><li>Vice-President ...
Operational <ul><li>Descriptive historical information </li></ul><ul><li>Current performance information </li></ul><ul><li...
Operational Management <ul><li>People </li></ul><ul><ul><li>Middle-Managers to </li></ul></ul><ul><ul><li>Supervisors </li...
MIS System <ul><li>MIS  provides information about the performance of an organization </li></ul><ul><li>Think of entire co...
MIS: The Schematic The Firm Processing Input:  Raw Materials, Supplies, Data, etc. Output:  Products, Services, Informatio...
MIS - Questions <ul><li>Q: How are we doing? </li></ul><ul><li>A: Look at the report from the MIS </li></ul><ul><ul><li>Ge...
How is a DSS different? <ul><li>MIS </li></ul><ul><li>Periodic reports </li></ul><ul><li>Pre-specified, generic reports </...
MIS vs. DSS: Some Differences <ul><li>In a DSS, a manager generates the report through an interactive interface </li></ul>...
Decision Support System <ul><li>Broad based approach </li></ul><ul><li>Human in control </li></ul><ul><li>Decision making ...
Types of Decisions Payroll Structured Mergers Site Location Employee Performance Evaluation Capital Budgeting Production S...
Project Management <ul><li>Planning Tools </li></ul><ul><ul><li>Gantt chart </li></ul></ul><ul><ul><li>PERT </li></ul></ul...
Information Technology  <ul><li>Some IT systems simply process transactions </li></ul><ul><li>Some help managers make deci...
When Considering Information,  <ul><li>The concept of shared information through decentralized computing </li></ul><ul><li...
INFORMATION FLOWS <ul><li>Upward Flow of Information  - describes the current state of the organization based on its daily...
INFORMATION PROCESSING <ul><li>1. I nformation Sourcing - at its point of origin. </li></ul><ul><li>2. I nformation  - in ...
Data Centers <ul><li>Centralised data environment </li></ul><ul><ul><li>Data integration </li></ul></ul><ul><ul><li>Manage...
IT Applications and Banking
Banking Systems and software <ul><ul><li>Multi currency </li></ul></ul><ul><ul><li>Multi lingual </li></ul></ul><ul><ul><l...
Selection criteria <ul><li>Industry knowledge </li></ul><ul><li>Banking IT knowledge </li></ul><ul><li>Application familia...
Other systems <ul><li>Electronic clearing and settlement systems </li></ul><ul><ul><li>MICR/OCR </li></ul></ul><ul><ul><li...
Networking Systems
Data communications <ul><li>Electronic mail </li></ul><ul><li>Internet Connectivity </li></ul><ul><li>Local Area Networkin...
Information System Security and Audit
Computer Security <ul><li>Physical security </li></ul><ul><li>Logical Security </li></ul><ul><li>Network security </li></u...
Physical Security <ul><li>Intrusion prevention- locking, guarding, lighting </li></ul><ul><li>Intrusion detection mechanis...
Logical security <ul><li>Software access controls </li></ul><ul><ul><li>Multiple type of access control </li></ul></ul><ul...
Network Security <ul><li>Physical intrusion </li></ul><ul><li>System intrusion </li></ul>
Attacks <ul><li>Impersonation  - forging identity </li></ul><ul><li>Eavesdropping – Unauthorised read </li></ul><ul><li>Da...
Intrusion Detection Systems <ul><li>Categories </li></ul><ul><ul><li>NIDS – Network Intrusion Detection – monitors packets...
Firewalls <ul><li>First line or last line of defence? </li></ul>
Others <ul><li>VPN </li></ul><ul><li>Encryption </li></ul><ul><li>Honey pots </li></ul>
Biometric Security <ul><li>Signature recognition </li></ul><ul><li>Fingerprint recognition </li></ul><ul><li>Palmprint rec...
Communication Security <ul><li>Cryptography </li></ul><ul><li>Digital Signatures </li></ul><ul><li>PKI </li></ul><ul><li>C...
Cryptography <ul><li>Art and science of keeping files and messages secure. </li></ul><ul><li>Encryption </li></ul><ul><li>...
Digital Signatures <ul><li>Usage </li></ul><ul><li>Verification </li></ul><ul><li>Why use? </li></ul><ul><ul><li>Authentic...
PKI- Public Key Infrastructure <ul><li>A framework for secure and trustworthy distribution of public keys and information ...
CA- Certification Authority <ul><li>Central Authority </li></ul><ul><li>Hierarchical </li></ul><ul><li>Web of Trust </li><...
Disaster Management <ul><li>Natural </li></ul><ul><li>Accidents </li></ul><ul><li>Malicious </li></ul>
Disaster Management <ul><li>Disaster avoidance </li></ul><ul><ul><li>Inventory </li></ul></ul><ul><ul><li>Risk Management ...
Business Continuity Planning <ul><li>Employee awareness </li></ul><ul><li>Fire detection and prevention </li></ul><ul><li>...
DRP – Disaster Recovery Planning <ul><li>Preplanning </li></ul><ul><li>Vulnerability assessment </li></ul><ul><li>BIA – Bu...
IS Audit <ul><li>Objectives </li></ul><ul><ul><li>Safeguarding assets </li></ul></ul><ul><ul><li>Data Integrity </li></ul>...
IS Audit Procedures <ul><li>Audit objectives </li></ul><ul><li>Planning </li></ul><ul><ul><li>Who, how and reporting struc...
System Audit - Security <ul><li>Environmental Controls </li></ul><ul><li>Access controls </li></ul><ul><li>Input controls ...
Cyber Law <ul><li>IT Act 2000 </li></ul><ul><ul><li>Legal recognition of electronic records </li></ul></ul><ul><ul><li>Ack...
Some legal issues <ul><li>Data theft </li></ul><ul><li>Email abuse </li></ul><ul><li>Data alteration </li></ul><ul><li>Una...
Thank You
Upcoming SlideShare
Loading in …5
×

Technology Management

518 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
518
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Technology Management

  1. 1. CAIIB - General Bank Management -Technology Management – MODULE C Madhav Prabhu M. Tech, MIM, PMP, CISA, CAIIB, CeISB, MCTS, DCL [email_address]
  2. 2. Agenda <ul><li>Information Systems and Technology </li></ul><ul><li>IT Applications and Banking </li></ul><ul><li>Networking Systems </li></ul><ul><li>Information System Security and Audit </li></ul>
  3. 3. Information Systems and Technology <ul><li>System terminology </li></ul><ul><li>MIS and its characteristics </li></ul><ul><li>Data warehouse </li></ul>
  4. 4. System Terminology <ul><li>Systems Development Life Cycle </li></ul><ul><ul><li>Planning and analysis – defines needed information etc </li></ul></ul><ul><ul><li>Design - data structures, software architecture, interface </li></ul></ul><ul><ul><li>Implementation - Source code, database, documentation, testing and validation etc. </li></ul></ul><ul><ul><li>Operations and maintenance - ongoing </li></ul></ul>
  5. 5. SDLC <ul><li>A framework to describe the activities performed at each stage of a software development project. </li></ul>
  6. 6. Various SDLC Models <ul><li>Waterfall Model when </li></ul><ul><ul><li>Requirements are very well known </li></ul></ul><ul><ul><li>Product definition is stable </li></ul></ul><ul><ul><li>Technology is understood </li></ul></ul><ul><ul><li>New version of an existing product </li></ul></ul><ul><ul><li>Porting an existing product to a new platform. </li></ul></ul>
  7. 7. Various SDLC Models <ul><li>V-Shaped SDLC Model when </li></ul><ul><ul><li>A variant of the Waterfall that emphasizes the verification and validation of the product. </li></ul></ul><ul><ul><li>Testing of the product is planned in parallel with a corresponding phase of development </li></ul></ul><ul><li>Excellent choice for systems requiring high reliability – tight data control applications – patient information etc. </li></ul><ul><li>All requirements are known up-front </li></ul><ul><li>When it can be modified to handle changing requirements beyond analysis phase </li></ul><ul><li>Solution and technology are known </li></ul>
  8. 8. Various SDLC Models <ul><li>Prototyping Model when </li></ul><ul><ul><li>Developers build a prototype during the requirements phase </li></ul></ul><ul><ul><li>Prototype is evaluated by end users and users give corrective feedback </li></ul></ul><ul><ul><li>Requirements are unstable or have to be clarified </li></ul></ul><ul><ul><li>Short-lived demonstrations </li></ul></ul><ul><ul><li>New, original development </li></ul></ul><ul><ul><li>With the analysis and design portions of object-oriented development. </li></ul></ul>
  9. 9. Type of Information Systems <ul><li>Transaction Processing Systems </li></ul><ul><li>Management Information Systems </li></ul><ul><li>Decision Support Systems </li></ul>
  10. 10. MIS Structure <ul><li>Strategic – Top management </li></ul><ul><li>Tactical – Middle Management </li></ul><ul><li>Operational – Lower Management </li></ul>
  11. 11. Strategic <ul><li>External information – Competitive forces, customer actions, resource availability, regulatory approvals </li></ul><ul><li>Predictive information – long term trends </li></ul><ul><li>What if information </li></ul>
  12. 12. Strategic Management <ul><li>The People </li></ul><ul><ul><li>Board of Directors </li></ul></ul><ul><ul><li>Chief Executive Officer </li></ul></ul><ul><ul><li>President </li></ul></ul><ul><li>Decisions </li></ul><ul><ul><li>Develop Overall Goals </li></ul></ul><ul><ul><li>Long-term Planning </li></ul></ul><ul><ul><li>Determine Direction </li></ul></ul><ul><ul><ul><li>Political </li></ul></ul></ul><ul><ul><ul><li>Economic </li></ul></ul></ul><ul><ul><ul><li>Competitive </li></ul></ul></ul>
  13. 13. Tactical <ul><li>Historical information- descriptive </li></ul><ul><li>Current performance information </li></ul><ul><li>Short term future information </li></ul><ul><li>Short term what if information </li></ul>
  14. 14. Tactical Management <ul><li>People </li></ul><ul><ul><li>Business Unit Managers </li></ul></ul><ul><ul><li>Vice-President to Middle-Manager </li></ul></ul><ul><li>Decisions </li></ul><ul><ul><li>short-medium range planning </li></ul></ul><ul><ul><li>schedules </li></ul></ul><ul><ul><li>budgets </li></ul></ul><ul><ul><li>policies </li></ul></ul><ul><ul><li>procedures </li></ul></ul><ul><ul><li>resource allocation </li></ul></ul>
  15. 15. Operational <ul><li>Descriptive historical information </li></ul><ul><li>Current performance information </li></ul><ul><li>Exception reporting </li></ul>
  16. 16. Operational Management <ul><li>People </li></ul><ul><ul><li>Middle-Managers to </li></ul></ul><ul><ul><li>Supervisors </li></ul></ul><ul><ul><li>Self-directed teams </li></ul></ul><ul><li>Decisions </li></ul><ul><ul><li>short-range planning </li></ul></ul><ul><ul><li>production schedules </li></ul></ul><ul><ul><li>day-to-day decisions </li></ul></ul><ul><ul><li>use of resources </li></ul></ul><ul><ul><li>enforce polices </li></ul></ul><ul><ul><li>follow procedures </li></ul></ul>
  17. 17. MIS System <ul><li>MIS provides information about the performance of an organization </li></ul><ul><li>Think of entire company (the firm) as a system. </li></ul><ul><li>An MIS provides management with feedback </li></ul>
  18. 18. MIS: The Schematic The Firm Processing Input: Raw Materials, Supplies, Data, etc. Output: Products, Services, Information etc. MIS Managers, VPs, CEO
  19. 19. MIS - Questions <ul><li>Q: How are we doing? </li></ul><ul><li>A: Look at the report from the MIS </li></ul><ul><ul><li>Generic reports: Sales, Orders, Schedules, etc. </li></ul></ul><ul><ul><li>Periodic: Daily, Weekly, Quarterly, etc. </li></ul></ul><ul><ul><li>Pre-specified reports </li></ul></ul><ul><li>Obviously, such reports are useful for making good decisions. </li></ul>
  20. 20. How is a DSS different? <ul><li>MIS </li></ul><ul><li>Periodic reports </li></ul><ul><li>Pre-specified, generic reports </li></ul><ul><li>DSS </li></ul><ul><li>Special reports that may only be generated once </li></ul><ul><li>May not know what kind of report to generate until the problem surfaces; specialized reports. </li></ul>
  21. 21. MIS vs. DSS: Some Differences <ul><li>In a DSS, a manager generates the report through an interactive interface </li></ul><ul><ul><li>More flexible & adaptable reports </li></ul></ul><ul><li>DSS Reporting is produced through analytical modeling, not just computing an average, or plotting a graph. </li></ul><ul><ul><li>Business Models are programmed into a DSS </li></ul></ul>
  22. 22. Decision Support System <ul><li>Broad based approach </li></ul><ul><li>Human in control </li></ul><ul><li>Decision making for solving structured/unstructured problems </li></ul><ul><li>Appropriate mathematical models </li></ul><ul><li>Query capabilities </li></ul><ul><li>Output oriented </li></ul>
  23. 23. Types of Decisions Payroll Structured Mergers Site Location Employee Performance Evaluation Capital Budgeting Production Scheduling Semi-structured New e-business initiatives Company re-organization Re-engineering a process Cash Management Un-structured Strategic Tactical Operational
  24. 24. Project Management <ul><li>Planning Tools </li></ul><ul><ul><li>Gantt chart </li></ul></ul><ul><ul><li>PERT </li></ul></ul><ul><ul><ul><li>Interdependencies </li></ul></ul></ul><ul><ul><ul><li>Precedence relationships </li></ul></ul></ul><ul><li>Project Management software </li></ul>
  25. 25. Information Technology <ul><li>Some IT systems simply process transactions </li></ul><ul><li>Some help managers make decisions </li></ul><ul><li>Some support the interorganizational flow of information </li></ul><ul><li>Some support team work </li></ul>
  26. 26. When Considering Information, <ul><li>The concept of shared information through decentralized computing </li></ul><ul><li>The directional flow of information </li></ul><ul><li>What information specifically describes </li></ul><ul><li>The information-processing tasks your organization undertakes </li></ul>
  27. 27. INFORMATION FLOWS <ul><li>Upward Flow of Information - describes the current state of the organization based on its daily transactions. </li></ul><ul><li>Downward Flow of Information - consists of the strategies, goals, and directives that originate at one level and are passed to lower levels. </li></ul><ul><li>Horizontal Flow of Information - between functional business units and work teams. </li></ul>
  28. 28. INFORMATION PROCESSING <ul><li>1. I nformation Sourcing - at its point of origin. </li></ul><ul><li>2. I nformation - in its most useful </li></ul><ul><li>form. </li></ul><ul><li>3. Creating information - to obtain new </li></ul><ul><li>information. </li></ul><ul><li>4. Storing information - for use at a later time. </li></ul><ul><li>5. Communication of information - to other </li></ul><ul><li>people or another location. </li></ul>
  29. 29. Data Centers <ul><li>Centralised data environment </li></ul><ul><ul><li>Data integration </li></ul></ul><ul><ul><li>Management awareness </li></ul></ul><ul><ul><li>Change impact </li></ul></ul><ul><li>Decentralised data environment </li></ul><ul><ul><li>Functional specialisation </li></ul></ul><ul><ul><li>Local differences </li></ul></ul><ul><ul><li>User proximity </li></ul></ul><ul><ul><li>User confidence </li></ul></ul><ul><ul><li>Lack of central control </li></ul></ul><ul><ul><li>Corporate level reporting </li></ul></ul><ul><ul><li>Data redundancy </li></ul></ul><ul><ul><li>Loss of synergy </li></ul></ul>
  30. 30. IT Applications and Banking
  31. 31. Banking Systems and software <ul><ul><li>Multi currency </li></ul></ul><ul><ul><li>Multi lingual </li></ul></ul><ul><ul><li>Multi entity </li></ul></ul><ul><ul><li>Multi branch </li></ul></ul><ul><ul><li>Bulk transaction entry </li></ul></ul><ul><ul><li>High availability </li></ul></ul><ul><ul><li>Performance management </li></ul></ul>
  32. 32. Selection criteria <ul><li>Industry knowledge </li></ul><ul><li>Banking IT knowledge </li></ul><ul><li>Application familiarity </li></ul><ul><li>Project Management </li></ul><ul><li>Pricing options </li></ul><ul><li>Track record </li></ul><ul><li>Incumbency </li></ul><ul><li>Technical skills </li></ul><ul><li>Accessibility </li></ul><ul><li>Total Cost </li></ul>
  33. 33. Other systems <ul><li>Electronic clearing and settlement systems </li></ul><ul><ul><li>MICR/OCR </li></ul></ul><ul><ul><li>Debit Clearing system </li></ul></ul><ul><ul><li>Credit Clearing system </li></ul></ul><ul><ul><li>RTGS </li></ul></ul><ul><ul><li>Cheque truncation </li></ul></ul><ul><li>Electronic Bill presentment and payment </li></ul><ul><ul><li>Decrease billing costs </li></ul></ul><ul><ul><li>Provide better service </li></ul></ul><ul><ul><li>New channels- new revenue </li></ul></ul>
  34. 34. Networking Systems
  35. 35. Data communications <ul><li>Electronic mail </li></ul><ul><li>Internet Connectivity </li></ul><ul><li>Local Area Networking </li></ul><ul><li>Remote Access Services </li></ul>
  36. 36. Information System Security and Audit
  37. 37. Computer Security <ul><li>Physical security </li></ul><ul><li>Logical Security </li></ul><ul><li>Network security </li></ul><ul><li>Biometric security </li></ul>
  38. 38. Physical Security <ul><li>Intrusion prevention- locking, guarding, lighting </li></ul><ul><li>Intrusion detection mechanisms – Disturbance sensors, buried line sensors, Surveillance </li></ul><ul><li>Document security </li></ul><ul><li>Power supply </li></ul>
  39. 39. Logical security <ul><li>Software access controls </li></ul><ul><ul><li>Multiple type of access control </li></ul></ul><ul><ul><li>Internal access control – based on date, time etc </li></ul></ul><ul><ul><li>Max tries </li></ul></ul><ul><ul><li>Audit trails </li></ul></ul><ul><ul><li>Priviliged access </li></ul></ul><ul><ul><li>Encryption </li></ul></ul>
  40. 40. Network Security <ul><li>Physical intrusion </li></ul><ul><li>System intrusion </li></ul>
  41. 41. Attacks <ul><li>Impersonation - forging identity </li></ul><ul><li>Eavesdropping – Unauthorised read </li></ul><ul><li>Data alteration – Unauthorised edits </li></ul><ul><li>Denial of Service attacks - Overloading </li></ul>
  42. 42. Intrusion Detection Systems <ul><li>Categories </li></ul><ul><ul><li>NIDS – Network Intrusion Detection – monitors packets on network </li></ul></ul><ul><ul><li>SIV – System Integrity Verifier – files sum check </li></ul></ul><ul><ul><li>Log file Monitor – Log entry patterns </li></ul></ul><ul><li>Methods </li></ul><ul><ul><li>Signature recognition – Pattern recognition </li></ul></ul><ul><ul><li>Anomaly detection – Statistical anomalies </li></ul></ul>
  43. 43. Firewalls <ul><li>First line or last line of defence? </li></ul>
  44. 44. Others <ul><li>VPN </li></ul><ul><li>Encryption </li></ul><ul><li>Honey pots </li></ul>
  45. 45. Biometric Security <ul><li>Signature recognition </li></ul><ul><li>Fingerprint recognition </li></ul><ul><li>Palmprint recognition </li></ul><ul><li>Hand recognition </li></ul><ul><li>Voiceprint </li></ul><ul><li>Eye retina pattern </li></ul>
  46. 46. Communication Security <ul><li>Cryptography </li></ul><ul><li>Digital Signatures </li></ul><ul><li>PKI </li></ul><ul><li>CA </li></ul>
  47. 47. Cryptography <ul><li>Art and science of keeping files and messages secure. </li></ul><ul><li>Encryption </li></ul><ul><li>Key – to encode </li></ul><ul><ul><li>DES and Triple DES, IDEA </li></ul></ul><ul><ul><li>Safe key length </li></ul></ul><ul><li>Cipher </li></ul><ul><li>Decryption </li></ul>
  48. 48. Digital Signatures <ul><li>Usage </li></ul><ul><li>Verification </li></ul><ul><li>Why use? </li></ul><ul><ul><li>Authenticity </li></ul></ul><ul><ul><li>Integrity </li></ul></ul><ul><ul><li>Confidentiality </li></ul></ul><ul><ul><li>Non repudiation </li></ul></ul><ul><li>Prerequisites – Public private key pair, CA </li></ul>
  49. 49. PKI- Public Key Infrastructure <ul><li>A framework for secure and trustworthy distribution of public keys and information about certificate owners called clients </li></ul><ul><li>Client </li></ul><ul><li>Key Management </li></ul><ul><ul><li>High quality secret keys </li></ul></ul><ul><ul><li>Generation </li></ul></ul><ul><li>Key distribution </li></ul>
  50. 50. CA- Certification Authority <ul><li>Central Authority </li></ul><ul><li>Hierarchical </li></ul><ul><li>Web of Trust </li></ul>
  51. 51. Disaster Management <ul><li>Natural </li></ul><ul><li>Accidents </li></ul><ul><li>Malicious </li></ul>
  52. 52. Disaster Management <ul><li>Disaster avoidance </li></ul><ul><ul><li>Inventory </li></ul></ul><ul><ul><li>Risk Management </li></ul></ul><ul><li>Disaster Recovery </li></ul><ul><ul><li>Data off site </li></ul></ul><ul><ul><li>Data off line </li></ul></ul><ul><ul><li>Data out of reach </li></ul></ul><ul><ul><li>Test </li></ul></ul>
  53. 53. Business Continuity Planning <ul><li>Employee awareness </li></ul><ul><li>Fire detection and prevention </li></ul><ul><li>Hardcopy records </li></ul><ul><li>Human factors </li></ul><ul><li>LAN </li></ul><ul><li>Media handling and storage </li></ul>
  54. 54. DRP – Disaster Recovery Planning <ul><li>Preplanning </li></ul><ul><li>Vulnerability assessment </li></ul><ul><li>BIA – Business Impact Assessment </li></ul><ul><li>Detailed definition – RTO and RPO </li></ul><ul><li>Plan development </li></ul><ul><li>Testing </li></ul><ul><li>Maintenance program </li></ul>
  55. 55. IS Audit <ul><li>Objectives </li></ul><ul><ul><li>Safeguarding assets </li></ul></ul><ul><ul><li>Data Integrity </li></ul></ul><ul><ul><li>Process Integrity </li></ul></ul><ul><ul><li>Effectiveness auditing </li></ul></ul><ul><ul><li>Efficiency auditing </li></ul></ul><ul><ul><li>Importance </li></ul></ul>
  56. 56. IS Audit Procedures <ul><li>Audit objectives </li></ul><ul><li>Planning </li></ul><ul><ul><li>Who, how and reporting structures </li></ul></ul><ul><li>Audit Software – execution </li></ul><ul><li>Reporting </li></ul>
  57. 57. System Audit - Security <ul><li>Environmental Controls </li></ul><ul><li>Access controls </li></ul><ul><li>Input controls </li></ul><ul><li>Communication controls </li></ul><ul><li>Processing controls </li></ul><ul><li>Database controls </li></ul><ul><li>Output controls </li></ul><ul><li>Control of last resort (DRP, Insurance) </li></ul>
  58. 58. Cyber Law <ul><li>IT Act 2000 </li></ul><ul><ul><li>Legal recognition of electronic records </li></ul></ul><ul><ul><li>Acknowledgement of receipt of electronic records </li></ul></ul><ul><ul><li>Legal recognition of digital signatures </li></ul></ul><ul><ul><li>Submission of forms in electronic means </li></ul></ul><ul><ul><li>Receipt or payment by fee or charge </li></ul></ul><ul><ul><li>Retention of electronic records </li></ul></ul><ul><ul><li>Publication of rules, regulation in electronic form </li></ul></ul><ul><ul><li>CA to issue digital certificate </li></ul></ul>
  59. 59. Some legal issues <ul><li>Data theft </li></ul><ul><li>Email abuse </li></ul><ul><li>Data alteration </li></ul><ul><li>Unauthorised access </li></ul><ul><li>Virus and malicious code </li></ul><ul><li>Denial of Service </li></ul>
  60. 60. Thank You

×