CAIIB

- General Bank Management

-Technology Management
MODULE C
Madhav Prabhu
M. Tech, MIM, PMP, CISA, CAIIB, CeISB, MCTS, DCL
prabhu.madhav@gmail.com

Agenda

Information Systems and Technology

IT Applications and Banking
Networking Systems
Information System Security and Audit

Information Systems and

Technology
System terminology
MIS and its characteristics
Data warehouse

System Terminology
Systems Development Life Cycle
Planning and analysis defines needed
information etc
Design - data structures, software
architecture, interface
Implementation - Source code, database,
documentation, testing and validation etc.
Operations and maintenance - ongoing

SDLC
A framework to describe the activities
performed at each stage of a software
development project.

Various SDLC Models

Waterfall Model when
Requirements are very well known
Product definition is stable
Technology is understood
New version of an existing product
Porting an existing product to a new platform.

Various SDLC Models

V-Shaped SDLC Model when
A variant of the Waterfall that emphasizes the
verification and validation of the product.
Testing of the product is planned in parallel with a
corresponding phase of development

Excellent choice for systems requiring high

reliability tight data control applications patient
information etc.
All requirements are known up-front
When it can be modified to handle changing
requirements beyond analysis phase
Solution and technology are known

Various SDLC Models

Prototyping Model when
Developers build a prototype during the requirements
phase
Prototype is evaluated by end users and users give
corrective feedback
Requirements are unstable or have to be clarified
Short-lived demonstrations
New, original development
With the analysis and design portions of objectoriented development.

Type of Information Systems

Transaction Processing Systems
Management Information Systems
Decision Support Systems

MIS Structure
Strategic Top management
Tactical Middle Management
Operational Lower Management

Strategic
External information Competitive forces,
customer actions, resource availability,
regulatory approvals
Predictive information long term trends
What if information

Strategic Management
The People

Decisions

Board of Directors
Develop Overall Goals
Chief Executive Officer Long-term Planning
President
Determine Direction
Political
Economic
Competitive

Tactical

Historical information- descriptive

Current performance information
Short term future information
Short term what if information

Tactical Management
People
Business Unit
Managers
Vice-President to
Middle-Manager

Decisions
short-medium range
planning
schedules
budgets
policies
procedures
resource allocation

Operational
Descriptive historical information
Current performance information
Exception reporting

Operational Management
People

Decisions

Middle-Managers to
Supervisors
Self-directed teams

short-range planning
production schedules
day-to-day decisions
use of resources
enforce polices
follow procedures

MIS System
MIS provides information about the
performance of an organization
Think of entire company (the firm) as
a system.
An MIS provides management with
feedback

MIS: The Schematic

The Firm
Processing
Input: Raw Materials,
Supplies, Data, etc.

MIS
Managers,
VPs, CEO

Output: Products,
Services, Information etc.

MIS - Questions
Q: How are we doing?
A: Look at the report from the MIS
Generic reports: Sales, Orders,
Schedules, etc.
Periodic: Daily, Weekly, Quarterly, etc.
Pre-specified reports
Obviously, such reports are useful for
making good decisions.

How is a DSS different?

MIS
Periodic reports

DSS
Special reports that may
only be generated once

Pre-specified,
generic reports

May not know what kind of

report to generate until the
problem surfaces;
specialized reports.

MIS vs. DSS: Some Differences

In a DSS, a manager generates the report
through an interactive interface
More flexible & adaptable reports

DSS Reporting is produced through

analytical modeling, not just computing an
average, or plotting a graph.
Business Models are programmed into a DSS

Decision Support System

Broad based approach
Human in control
Decision making for solving
structured/unstructured problems
Appropriate mathematical models
Query capabilities
Output oriented

Types of Decisions
Operational
Unstructured

Tactical

Cash
Re-engineering a
Management process

Strategic
New e-business initiatives
Company re-organization

Semistructured

Production
Scheduling

Structured Payroll

Employee Performance Mergers

Evaluation
Site Location
Capital Budgeting

Project Management
Planning Tools
Gantt chart
PERT
Interdependencies
Precedence relationships

Project Management software

Information Technology
Some IT systems simply process transactions
Some help managers make decisions
Some support the interorganizational flow of
information
Some support team work

When Considering Information,

The concept of shared information through
decentralized computing
The directional flow of information
What information specifically describes
The information-processing tasks your
organization undertakes

INFORMATION FLOWS
Upward Flow of Information - describes the current
state of the organization based on its daily
transactions.
Downward Flow of Information - consists of the
strategies, goals, and directives that originate at one
level and are passed to lower levels.
Horizontal Flow of Information - between functional
business units and work teams.

INFORMATION PROCESSING
1. Information Sourcing- at its point of origin.
2. Information - in its most useful
form.
3.Creating information - to obtain new
information.
4.Storing information - for use at a later time.
5.Communication of information - to other
people or another location.

Data Centers
Centralised data environment
Data integration
Management awareness
Change impact

Decentralised data environment

Functional specialisation
Local differences
User proximity
User confidence
Lack of central control
Corporate level reporting
Data redundancy
Loss of synergy

IT Applications and Banking

Banking Systems and software

Multi currency
Multi lingual
Multi entity
Multi branch
Bulk transaction entry
High availability
Performance management

Selection criteria

Industry knowledge
Banking IT knowledge
Application familiarity
Project Management
Pricing options
Track record
Incumbency
Technical skills
Accessibility
Total Cost

Other systems
Electronic clearing and settlement systems

MICR/OCR
Debit Clearing system
Credit Clearing system
RTGS
Cheque truncation

Electronic Bill presentment and payment

Decrease billing costs
Provide better service
New channels- new revenue

Networking Systems

Data communications

Electronic mail
Internet Connectivity
Local Area Networking
Remote Access Services

Information System Security

and Audit

Computer Security

Physical security
Logical Security
Network security
Biometric security

Physical Security
Intrusion prevention- locking, guarding,
lighting
Intrusion detection mechanisms
Disturbance sensors, buried line sensors,
Surveillance
Document security
Power supply

Logical security
Software access controls
Multiple type of access control
Internal access control based on date, time
etc
Max tries
Audit trails
Priviliged access
Encryption

Network Security
Physical intrusion
System intrusion

Attacks

Impersonation - forging identity

Eavesdropping Unauthorised read
Data alteration Unauthorised edits
Denial of Service attacks - Overloading

Intrusion Detection Systems

Categories
NIDS Network Intrusion Detection
monitors packets on network
SIV System Integrity Verifier files sum
check
Log file Monitor Log entry patterns

Methods
Signature recognition Pattern recognition
Anomaly detection Statistical anomalies

Firewalls
First line or last line of defence?

Others
VPN
Encryption
Honey pots

Biometric Security

Signature recognition
Fingerprint recognition
Palmprint recognition
Hand recognition
Voiceprint
Eye retina pattern

Communication Security

Cryptography
Digital Signatures
PKI
CA

Cryptography
Art and science of keeping files and
messages secure.
Encryption
Key to encode
DES and Triple DES, IDEA
Safe key length

Cipher
Decryption

Digital Signatures
Usage
Verification
Why use?
Authenticity
Integrity
Confidentiality
Non repudiation

Prerequisites Public private key pair, CA

PKI- Public Key Infrastructure

A framework for secure and trustworthy
distribution of public keys and information
about certificate owners called clients
Client
Key Management
High quality secret keys
Generation

Key distribution

CA- Certification Authority

Central Authority
Hierarchical
Web of Trust

Disaster Management
Natural
Accidents
Malicious

Disaster Management
Disaster avoidance
Inventory
Risk Management

Disaster Recovery
Data off site
Data off line
Data out of reach
Test

Business Continuity Planning

Employee awareness
Fire detection and prevention
Hardcopy records
Human factors
LAN
Media handling and storage

DRP Disaster Recovery Planning

Preplanning
Vulnerability assessment
BIA Business Impact Assessment
Detailed definition RTO and RPO
Plan development
Testing
Maintenance program

IS Audit
Objectives
Safeguarding assets
Data Integrity
Process Integrity
Effectiveness auditing
Efficiency auditing
Importance

IS Audit Procedures
Audit objectives
Planning
Who, how and reporting structures

Audit Software execution

Reporting

System Audit - Security

Environmental Controls
Access controls
Input controls
Communication controls
Processing controls
Database controls
Output controls
Control of last resort (DRP, Insurance)

Cyber Law
IT Act 2000

Legal recognition of electronic records

Acknowledgement of receipt of electronic records
Legal recognition of digital signatures
Submission of forms in electronic means
Receipt or payment by fee or charge
Retention of electronic records
Publication of rules, regulation in electronic form
CA to issue digital certificate

Some legal issues

Data theft
Email abuse
Data alteration
Unauthorised access
Virus and malicious code
Denial of Service

Thank You