Information Governance and Cyber Security

Added on - 17 Oct 2019

  • 14

    Pages

  • 4626

    Words

  • 117

    Views

  • 1

    Downloads

Trusted by +2 million users,
1000+ happy students everyday
Showing pages 1 to 4 of 14 pages
Table of ContentsInformation Governance and Cyber Security.................................................................................................2Introduction................................................................................................................................................2Information Governance & Cyber Security Policy....................................................................................2Information Governance Policy..............................................................................................................2Cyber Security Policy.............................................................................................................................3Importance of Information Governance & Cyber Security in PFJ Bank...................................................5Justification for Implementing Information Governance...........................................................................8Personal Responsibility & Initiatives.......................................................................................................10Conclusion................................................................................................................................................11References................................................................................................................................................121|P a g e
Information Governance and Cyber SecurityIntroductionInformation is crucial in terms of banking in managing the customer information and the effectivemanagement of services. This Paper discusses about the implementation of Information Governancepolicy in PFJ bank which is one of the European retails and investment bank operating across Europe. PFJbank holds the trust with the all its established client bases and all relevant stakeholders with its stabilityand security towards their data. The board of directors of PFJ bank trust that strong informationgovernance is essential in safeguarding their most sensitive and private information. This paper justifiesthat the information governance policy meets the PFJ organization’s business needs and also ensures thatall the information is dealt legally, securely and effectively with minimized risks. Governance refers tocontrol, accountability, and responsibility of any issues inside the Organization. With this policyimplemented the organization can establish a strong logical framework to handle their securedinformation.Information Governance & Cyber Security PolicyInformation Governance PolicyInformation is considered as a most vital asset in terms of all types of organization and Institutions. Henceit is therefore necessary in providing appropriate policies and procedures in managing and securing them.Information governance is the management of information within an organization securely. It alsoprovides legal compliance, transparency in its operation and reducing costs. To protect the bank’sinformation from either internal or external threats, information governance policy can be implementedwhich provides quality and provides strategic decision making. Collectively information managementrefers to efficient coordination and control of information from external and internal sources.Information Governance Framework (IGF):The Information Governance Framework is a frameworkwhich provides a format of capturing the data and information of the bank customers in all formats thatcan be used from archives. It provides a logical framework in which the employees can handle their dataand information through information governance policies. It outlines the approach of how to handle theElectronically Stored Information(ESI)by the Employees with Compliance, risk management,2|P a g e
accountability and security. This framework also constitutes some factors which are related directly orindirectly to information in bank.There are some factors that should be considered by banks in an information governance framework. Theyare:a.Information serves great value to banks nowadays and it is essential for why they need and what aninformation that must handle with it.b.Banks may implement information governance through IGF after verified by the selected group of bankexecutives.c.To deal with the dynamic banking industry, information governance framework should considermultiple aspects of the information and governance that are able to deal the issues inside the bank.d.Information governance framework in banks includes several factors and some of them areaccessibility, Compliance, Consummation, ethics, monitoring, privacy, security, mobility, transparencyand value.e.Some IGF deals consist ofDimensionsandFactors. Dimensions are the first level of framework andthey are the grouping of interconnected information. Factors are second level and they identify theissues that the bank must address to implement the IGF.[CITATION Tam \l 1033 ]Cyber Security PolicyThe Internet banking orE-bankinghas become one of the fastest and convenient ways of bankingnowadays andcyberthreats are also at an increasing rate in banking and e-commerce industries. Bankshave migrated their operations widely to Internet banking because of its high rate of customer experienceat reduced cost. It also led to huge number of security threats to the customers. So, it is responsibility of abank to deploy more security policies and safeguard internet banking experience. An attack via cyberspace to disrupt, disable or destroy a computer infrastructure maliciously and collapse the data or stealingthe secured information is calledcyber Attack.Cyber Securityis the ability to protect the system fromthese cyber attackers. Example could be, when a user signs in a webpage with someone’s credentials fromanother device, an automated notification must be sent to the customer’s registered mobile number.[ CITATION Jaa \l 1033 ]Some of the practices the PFJ bank can implement to have a safe e-banking areOperating Systemmust to be up to date to protect from the malware and when software is downloadedfrom a 3rdparty site, it also downloads some malicious codes which can be hidden inside the software.Installing an Antivirus detects any suspicious virus that is residing on the system and deletes them.3|P a g e
Browsersare the most probable medium for the cyber attackers. If the browsers are not frequentlyupdated, then there is a chance of sharing that customer’s data with someone.Managing passwordsis essential criteria. Passwords must be more unique to recognize which preventsthe unauthorized access. Changing the passwords once in every 6 months is a good practice and limitingthe number of attempts to try also providing good security.Understanding Banking agreement:A recent survey had a report that the users do not read andunderstood the complete online banking agreement which highlights some of the security policies and theareas which the bank want to educate their customers on sensitive nature of internet banking. The bankbelieves that the customers has clearly understood the terms and conditions for online banking whenhe/she signs the contract.Taxonomy of Cyber-attacks:Cyber-attacks cause potential impact to the information in a bank and they are classified mainly intoSyntactic and Semantic Attacks. Syntactic attacks deal with viruses and Trojans and Semantic attacks arethose which interfere with the bank server and network and distract them. To facilitate deeperunderstanding in the cyber-attacks, we should describe the different types of cyber-attacks. These attacksmay be from the inside organization or external. This classification will provide an outline of the range ofharms and the impacts that creates within the bank’s security structure.Data Breaches: Data breaches are one of the common types of cyber event in which the personalinformation such as usernames & passwords, credit card numbers and other personal information either inprinted or digital information. Most commonly this occurs from the theft laptop or computers containingpersonal information to steal the financial information of a person.Security Incidents: These are the attacks that are directed at the bank’s security where the computer orbank network is disrupted, and bank’s information of customer’s data might be hacked. Commonlyattacked software is operating systems, internet browsers, adobe and Microsoft applications. This type ofattacks affects the SQL database managements and distracting the system to unsecure sites.Phishing: This occurs when the individual who works in the company attempts to hack the usernames &passwords, credit card details. Hackers try to login via another person’s information and try to install ahardware or software to acquire the data. A typical phishing attack occurs by the spoofed email that wasaddressed to the bank’s email.[ CITATION Jam14 \l 1033 ]4|P a g e
desklib-logo
You’re reading a preview
Preview Documents

To View Complete Document

Click the button to download
Subscribe to our plans

Download This Document