IT Risk Management
In any bank risk assessment framework is crucial, so are its security systems. Every application in ICICI bank undergoes risk assessment before getting deployed at ICICI bank’s data centre, due to the internal and external risks to the bank’s assets. In ICICI the risk assessment process is strictly reviewed against the security policy framework of the bank. The bank's security policy covers Internet, password, internet messaging, database, application, operating systems, disaster recovery, logical access, intranet, network, anti-virus, wireless as well as shareware and freeware.
Although all areas are covered, the top priorities remain logical access, password, database, OS, network and application says Mr. Murli Nambiar, Head of Information security group of ICICI bank. According to Mr.Nambiar, the IT risk framework is important as it enables a focused approach in reducing the risk faced by the assets from internal and external forces. Internal devices are locked down and facilities are provided on need only basis to the employees for minimizing internal risk. The security systems have norms been followed such as prohibition of entry of external media such as CD-Rs and pen drives.
The IT administrators, system and web developers are undergone IT training for the purpose of secure coding practices. On yearly basis, code reviews are performed on existing codes to determine the efficacy of the process. Using intranet, the information about existing threats are informed to the end users and administrators, that is by sending email about latest security threats such as viruses, security patches, etc.
Backup and Disaster Recovery Plan
* The bank keeps an alternate disaster recovery site
* The equipments are identical at both the primary and the secondary site
* Daily back-ups are taken on to tapes by processing end of the day batch jobs
* Critical data is backed up the moment they are created by running online jobs whereas the...