Technology Management
Upcoming SlideShare
Loading in...5
×
 

Technology Management

on

  • 430 views

 

Statistics

Views

Total Views
430
Views on SlideShare
429
Embed Views
1

Actions

Likes
0
Downloads
10
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Technology Management Technology Management Presentation Transcript

  • CAIIB - General Bank Management -Technology Management – MODULE C Madhav Prabhu M. Tech, MIM, PMP, CISA, CAIIB, CeISB, MCTS, DCL [email_address]
  • Agenda
    • Information Systems and Technology
    • IT Applications and Banking
    • Networking Systems
    • Information System Security and Audit
  • Information Systems and Technology
    • System terminology
    • MIS and its characteristics
    • Data warehouse
    View slide
  • System Terminology
    • Systems Development Life Cycle
      • Planning and analysis – defines needed information etc
      • Design - data structures, software architecture, interface
      • Implementation - Source code, database, documentation, testing and validation etc.
      • Operations and maintenance - ongoing
    View slide
  • SDLC
    • A framework to describe the activities performed at each stage of a software development project.
  • Various SDLC Models
    • Waterfall Model when
      • Requirements are very well known
      • Product definition is stable
      • Technology is understood
      • New version of an existing product
      • Porting an existing product to a new platform.
  • Various SDLC Models
    • V-Shaped SDLC Model when
      • A variant of the Waterfall that emphasizes the verification and validation of the product.
      • Testing of the product is planned in parallel with a corresponding phase of development
    • Excellent choice for systems requiring high reliability – tight data control applications – patient information etc.
    • All requirements are known up-front
    • When it can be modified to handle changing requirements beyond analysis phase
    • Solution and technology are known
  • Various SDLC Models
    • Prototyping Model when
      • Developers build a prototype during the requirements phase
      • Prototype is evaluated by end users and users give corrective feedback
      • Requirements are unstable or have to be clarified
      • Short-lived demonstrations
      • New, original development
      • With the analysis and design portions of object-oriented development.
  • Type of Information Systems
    • Transaction Processing Systems
    • Management Information Systems
    • Decision Support Systems
  • MIS Structure
    • Strategic – Top management
    • Tactical – Middle Management
    • Operational – Lower Management
  • Strategic
    • External information – Competitive forces, customer actions, resource availability, regulatory approvals
    • Predictive information – long term trends
    • What if information
  • Strategic Management
    • The People
      • Board of Directors
      • Chief Executive Officer
      • President
    • Decisions
      • Develop Overall Goals
      • Long-term Planning
      • Determine Direction
        • Political
        • Economic
        • Competitive
  • Tactical
    • Historical information- descriptive
    • Current performance information
    • Short term future information
    • Short term what if information
  • Tactical Management
    • People
      • Business Unit Managers
      • Vice-President to Middle-Manager
    • Decisions
      • short-medium range planning
      • schedules
      • budgets
      • policies
      • procedures
      • resource allocation
  • Operational
    • Descriptive historical information
    • Current performance information
    • Exception reporting
  • Operational Management
    • People
      • Middle-Managers to
      • Supervisors
      • Self-directed teams
    • Decisions
      • short-range planning
      • production schedules
      • day-to-day decisions
      • use of resources
      • enforce polices
      • follow procedures
  • MIS System
    • MIS provides information about the performance of an organization
    • Think of entire company (the firm) as a system.
    • An MIS provides management with feedback
  • MIS: The Schematic The Firm Processing Input: Raw Materials, Supplies, Data, etc. Output: Products, Services, Information etc. MIS Managers, VPs, CEO
  • MIS - Questions
    • Q: How are we doing?
    • A: Look at the report from the MIS
      • Generic reports: Sales, Orders, Schedules, etc.
      • Periodic: Daily, Weekly, Quarterly, etc.
      • Pre-specified reports
    • Obviously, such reports are useful for making good decisions.
  • How is a DSS different?
    • MIS
    • Periodic reports
    • Pre-specified, generic reports
    • DSS
    • Special reports that may only be generated once
    • May not know what kind of report to generate until the problem surfaces; specialized reports.
  • MIS vs. DSS: Some Differences
    • In a DSS, a manager generates the report through an interactive interface
      • More flexible & adaptable reports
    • DSS Reporting is produced through analytical modeling, not just computing an average, or plotting a graph.
      • Business Models are programmed into a DSS
  • Decision Support System
    • Broad based approach
    • Human in control
    • Decision making for solving structured/unstructured problems
    • Appropriate mathematical models
    • Query capabilities
    • Output oriented
  • Types of Decisions Payroll Structured Mergers Site Location Employee Performance Evaluation Capital Budgeting Production Scheduling Semi-structured New e-business initiatives Company re-organization Re-engineering a process Cash Management Un-structured Strategic Tactical Operational
  • Project Management
    • Planning Tools
      • Gantt chart
      • PERT
        • Interdependencies
        • Precedence relationships
    • Project Management software
  • Information Technology
    • Some IT systems simply process transactions
    • Some help managers make decisions
    • Some support the interorganizational flow of information
    • Some support team work
  • When Considering Information,
    • The concept of shared information through decentralized computing
    • The directional flow of information
    • What information specifically describes
    • The information-processing tasks your organization undertakes
  • INFORMATION FLOWS
    • Upward Flow of Information - describes the current state of the organization based on its daily transactions.
    • Downward Flow of Information - consists of the strategies, goals, and directives that originate at one level and are passed to lower levels.
    • Horizontal Flow of Information - between functional business units and work teams.
  • INFORMATION PROCESSING
    • 1. I nformation Sourcing - at its point of origin.
    • 2. I nformation - in its most useful
    • form.
    • 3. Creating information - to obtain new
    • information.
    • 4. Storing information - for use at a later time.
    • 5. Communication of information - to other
    • people or another location.
  • Data Centers
    • Centralised data environment
      • Data integration
      • Management awareness
      • Change impact
    • Decentralised data environment
      • Functional specialisation
      • Local differences
      • User proximity
      • User confidence
      • Lack of central control
      • Corporate level reporting
      • Data redundancy
      • Loss of synergy
  • IT Applications and Banking
  • Banking Systems and software
      • Multi currency
      • Multi lingual
      • Multi entity
      • Multi branch
      • Bulk transaction entry
      • High availability
      • Performance management
  • Selection criteria
    • Industry knowledge
    • Banking IT knowledge
    • Application familiarity
    • Project Management
    • Pricing options
    • Track record
    • Incumbency
    • Technical skills
    • Accessibility
    • Total Cost
  • Other systems
    • Electronic clearing and settlement systems
      • MICR/OCR
      • Debit Clearing system
      • Credit Clearing system
      • RTGS
      • Cheque truncation
    • Electronic Bill presentment and payment
      • Decrease billing costs
      • Provide better service
      • New channels- new revenue
  • Networking Systems
  • Data communications
    • Electronic mail
    • Internet Connectivity
    • Local Area Networking
    • Remote Access Services
  • Information System Security and Audit
  • Computer Security
    • Physical security
    • Logical Security
    • Network security
    • Biometric security
  • Physical Security
    • Intrusion prevention- locking, guarding, lighting
    • Intrusion detection mechanisms – Disturbance sensors, buried line sensors, Surveillance
    • Document security
    • Power supply
  • Logical security
    • Software access controls
      • Multiple type of access control
      • Internal access control – based on date, time etc
      • Max tries
      • Audit trails
      • Priviliged access
      • Encryption
  • Network Security
    • Physical intrusion
    • System intrusion
  • Attacks
    • Impersonation - forging identity
    • Eavesdropping – Unauthorised read
    • Data alteration – Unauthorised edits
    • Denial of Service attacks - Overloading
  • Intrusion Detection Systems
    • Categories
      • NIDS – Network Intrusion Detection – monitors packets on network
      • SIV – System Integrity Verifier – files sum check
      • Log file Monitor – Log entry patterns
    • Methods
      • Signature recognition – Pattern recognition
      • Anomaly detection – Statistical anomalies
  • Firewalls
    • First line or last line of defence?
  • Others
    • VPN
    • Encryption
    • Honey pots
  • Biometric Security
    • Signature recognition
    • Fingerprint recognition
    • Palmprint recognition
    • Hand recognition
    • Voiceprint
    • Eye retina pattern
  • Communication Security
    • Cryptography
    • Digital Signatures
    • PKI
    • CA
  • Cryptography
    • Art and science of keeping files and messages secure.
    • Encryption
    • Key – to encode
      • DES and Triple DES, IDEA
      • Safe key length
    • Cipher
    • Decryption
  • Digital Signatures
    • Usage
    • Verification
    • Why use?
      • Authenticity
      • Integrity
      • Confidentiality
      • Non repudiation
    • Prerequisites – Public private key pair, CA
  • PKI- Public Key Infrastructure
    • A framework for secure and trustworthy distribution of public keys and information about certificate owners called clients
    • Client
    • Key Management
      • High quality secret keys
      • Generation
    • Key distribution
  • CA- Certification Authority
    • Central Authority
    • Hierarchical
    • Web of Trust
  • Disaster Management
    • Natural
    • Accidents
    • Malicious
  • Disaster Management
    • Disaster avoidance
      • Inventory
      • Risk Management
    • Disaster Recovery
      • Data off site
      • Data off line
      • Data out of reach
      • Test
  • Business Continuity Planning
    • Employee awareness
    • Fire detection and prevention
    • Hardcopy records
    • Human factors
    • LAN
    • Media handling and storage
  • DRP – Disaster Recovery Planning
    • Preplanning
    • Vulnerability assessment
    • BIA – Business Impact Assessment
    • Detailed definition – RTO and RPO
    • Plan development
    • Testing
    • Maintenance program
  • IS Audit
    • Objectives
      • Safeguarding assets
      • Data Integrity
      • Process Integrity
      • Effectiveness auditing
      • Efficiency auditing
      • Importance
  • IS Audit Procedures
    • Audit objectives
    • Planning
      • Who, how and reporting structures
    • Audit Software – execution
    • Reporting
  • System Audit - Security
    • Environmental Controls
    • Access controls
    • Input controls
    • Communication controls
    • Processing controls
    • Database controls
    • Output controls
    • Control of last resort (DRP, Insurance)
  • Cyber Law
    • IT Act 2000
      • Legal recognition of electronic records
      • Acknowledgement of receipt of electronic records
      • Legal recognition of digital signatures
      • Submission of forms in electronic means
      • Receipt or payment by fee or charge
      • Retention of electronic records
      • Publication of rules, regulation in electronic form
      • CA to issue digital certificate
  • Some legal issues
    • Data theft
    • Email abuse
    • Data alteration
    • Unauthorised access
    • Virus and malicious code
    • Denial of Service
  • Thank You