List of Infra audit & security guidelines for banking environment

Posted on 2013-08-28
Medium Priority
Last Modified: 2013-12-07
Urgently need a list of audit & security guidelines that are specific /
unique to banking:

a) IT staff needs to take continuous block leave of 7 working days?
b) a reason has to be keyed in for system admin whenever he/she
     login to Prod system?

To detect fraud  & prevent data alteration,
c) using ACL, IDEA to detect fraud or unauthorized data alteration
d) screen log / key log system admin's access to systems (guess this
     is only feasible in command line based systems like Unix & OpenVMS
     but for Windows is there a tool that reports what are the files being
     changed / modified and system activities ? )
e) what are the more common COBIT & SOX practices applicable to banking ?
f) data encryption to encrypt sensitive files from prying eyes of system admin
g) Is Continuous Data Protection (CDP) to enable Point-In-Time recovery
    essential in banking environment?
h) regular test restoration of tapes & how long is the tapes retention like
     that's required by regulatory authority?
Question by:sunhux
1 Comment
LVL 66

Accepted Solution

btan earned 2000 total points
ID: 39449134
I suggest looking at sample public though I did not drill into it in details, they have points summarise on the audit checks to be incorporated

(audit program as a whole)

(see Chapter 8 - std and guidelines)

(banking e-application specific)

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

You do not need to be a security expert to make the RIGHT security. You just need some 3D guidance, to help lay out an action plan to secure your business operations. It does not happen overnight. You just need to start now and do the first thin…
A basic introduction to Website Security and the absolute minimal steps that anyone should take in order to protect against hostile intrusions. This is offered as a guide to getting started, not an exhaustive list of all precautions. Enjoy...
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question