ALL >> Computers >> View Article
Rbi Issues Guidelines To Improve Information Security And Prevent Cyber Frauds
The growing use of online banking and increased use of electronic channels for conducting transactions makes banking institutions favorite target of cybercriminals. Security breach at banks may lead to compromise of sensitive personal and financial information related to customers. Attackers may exploit vulnerabilities to gain unauthorized access, and view, extract, alter or delete privileged databases. Therefore, information security assumes high significance. Recently, Reserve Bank of India (RBI) issued guidelines on information security and preventing cyber fraud. The guidelines are part of RBI Working Group's recommendations on Information Security, Electronic Banking, Technology, Risk Management and Cyber Frauds. According to the RBI, the scope of information security not only includes information in spoken, written, printed, electronic and any other form, but also handling creation, viewing, transportation, storage and destruction of information. The guidelines require banks to have a board approved information security policy in place. The policy must be aligned to business objectives, define scope, information security ...
... organizational structure, roles and responsibilities. The policy must be annually reviewed and updated. Availability, confidentiality, integrity, authenticity and non-repudiation are considered the basic principles of information security. In the context of banks, RBI has emphasized on few more principles such as identification, authorization, accountability and auditability.
Banks must monitor the adherence of information security policy by employees and impose penalties for violation. The guidelines urge banks to define and address information security requirements during various stages of an IT assets lifecycle. The policy must provide for identification and classification of incidents, reporting procedures, evidence preservation and investigation. There must be specific policies for logical access control, e-mail security, password management, network security, Internet security, operating system security, encryption, patch management and other specific areas.
The guidelines emphasize on risk assessment, which must comprise of threat assessment, vulnerability assessment, qualitative and quantitative impact of each threat, identification and implementation of appropriate controls. The risk assessment process must identify the threats and vulnerabilities, which may affect the confidentiality, availability or integrity of IT assets.
As part of the fraud risk management, banks in India are required to establish a special committee for monitoring and follow-up of large value frauds involving INR 1 crore and above. Apart from special committee, the audit committee of the board monitors all the cases of fraud. The guidelines emphasize on creation of separate independent department to prevent, monitor, investigate, report and create awareness on frauds. RBI also recommends setting up of fraud review councils in each of the business groups of banks, which should assess preventive measures taken by respective groups on a quarterly basis.
The guidelines require banks to have proper fraud risk management mechanism in place. Fraud risk management must essentially comprise of fraud prevention practices, detection, investigation, reporting, customer awareness, employee awareness and training. The guidelines seek banks to create awareness among the customers on cyber fraud through newspapers, do's and don'ts lists on bank website, SMS alerts, messages on phone banking, messages on bank statements, advertisements in television and posters at branches and ATM centers. Online degree programs, security blogs and e-tutorials may also help customers in understanding and implementing cyber security guidelines.
Cyber security awareness among people is crucial to detect and prevent fraud and improve information security. Class-room training programs, e-learning, newsletters, online games, e-tests, detailed do's and don'ts list, discussions and e-mails may be used to create awareness among employees. IT professionals may regularly update their skills through online university degree programs. RBI has also recommended rewarding employees, who go beyond their job assignments to prevent frauds. RBI also suggests publication of details regarding such employees in bank newsletters.
Hiring professionals qualified in computer science degree and information security may help banks in identifying and mitigating threat vectors, proper implementation of information security policy and creating IT security conscious culture.
Add Comment
Computers Articles
1. 00al556 Ibm 550-watts Platinum Power Supply For X3650 M4: Reliable And Energy-efficient Power For Enterprise ServersAuthor: Server Tech Central
2. Iot Identity And Access Management (iam) Market : Driving Secure Innovation In Connected Ecosystems
Author: Umangp
3. Why Should You Plan Blinkit Onboarding Before Market Expansion And How Can Zane Marketing Help You Grow Faster
Author: Zane Marketing
4. Customer Identity And Access Management (ciam) Market : Strengthening Security And Customer Trust
Author: Umangp
5. How To Start Your Website Redesign Project?
Author: brainbell10
6. Sap Compliance In Manufacturing: Closing The Gaps Grc Leaves Behind
Author: Mansoor Alam
7. Speech Analytics Market : Unlocking Actionable Insights From Customer Conversations
Author: Umangp
8. Data Preparation Tools Market: How Ai And Cloud-based Solutions Are Transforming Modern Data Workflows
Author: Umangp
9. How To Setup And Create Instagram Ads?
Author: brainbell10
10. Why Digital Business Cards Are The Future Of Professional Networking
Author: WhyTap
11. End To End Sataware Product Development Is The Process Of Identifying Market Opportunities To Hire Flutter Developer, Connecting User Needs And Requir
Author: brainbell10
12. Dynamics Nav To Business Central Upgrade Guide
Author: brainbell10
13. Data Governance Framework: Building Trust In The Digital Age
Author: Umangp
14. A Complete Guide To Dynamics 365 Warehouse Management
Author: brainbell10
15. Conversational Ai In Intelligent Contact Centers: Market Outlook And Future Growth To 2028
Author: Umangp






