List of Infra audit & security guidelines for banking environment
Urgently need a list of audit & security guidelines that are specific /
unique to banking:
a) IT staff needs to take continuous block leave of 7 working days?
b) a reason has to be keyed in for system admin whenever he/she
login to Prod system?
To detect fraud & prevent data alteration,
c) using ACL, IDEA to detect fraud or unauthorized data alteration
d) screen log / key log system admin's access to systems (guess this
is only feasible in command line based systems like Unix & OpenVMS
but for Windows is there a tool that reports what are the files being
changed / modified and system activities ? )
e) what are the more common COBIT & SOX practices applicable to banking ?
f) data encryption to encrypt sensitive files from prying eyes of system admin
g) Is Continuous Data Protection (CDP) to enable Point-In-Time recovery
essential in banking environment?
h) regular test restoration of tapes & how long is the tapes retention like
that's required by regulatory authority?