Information security within the financial sector
Information security within the financial sector has become a matter of global concern in the wake of sophisticated cyber-attacks. This concern has informed financial institutions’ willingness and enthusiasm for added security measures.
- However, it should be noted that some banks may not implement measures such as an online transfer delay policy due to customer complaints. Such a policy may delay business transactions, leading to losses for the concerned account holders. The negative reputation occasioned by such an outcome could cost a bank its customer numbers in the long term.
- It is also worth mentioning that the main lines of defense against cyber-attacks are people and technology (Baltzan & Phillips, 2009). Banks must invest in up-to-date security technology while training employees and customers to make the best use of them if security is to be maximized.
- There are numerous security measures a bank can utilize to secure transactions and customer personal information. Some of them are covered in the case study. An extended validation certificate is a mechanism for establishing the authenticity of the organization whose website is being visited by a customer (GMO Internet Group, 2017). The Password Lock feature, on the other hand, helps customers to protect their passwords in unsecure environments such as cybercafés. It is implemented because passwords can be easy to compromise (Bradley, 2008). The Digital Security ID device used by e-Trade Financial Corporation generates random codes within predetermined time intervals to minimize the potential for access codes to be compromised. This measure is important because ensuring only trusted identities access the banking network can minimize vulnerabilities (Entrust Datacard, 2017). Finally, the online transfer delay policy used by Barclays entails delaying a transaction between two accounts to ensure proper authentication. It is done to minimize phishing scams (Bank Systems and Technology, 2005). Based on this information, I would open an account with e-Trade Financial Corporation since it offers the most advanced form of information security.
- One measure not covered in the case study is the transfer threshold policy. It involves a customer setting an upper limit as to how much can be transferred from their account (Cyber Security Awareness Alliance, 2017). Additional measures are also taken to improve mobile banking security, given its prevalence in today’s financial sector. For instance, customers’ mobile session information can be protected by dedicated security libraries for both Apple and Android devices (Regev, 2015). These libraries monitor banking network sessions and block suspicious activities.
- While security measures are important, they should be implemented within a policy framework if they are to be sustainable. The main objective of information security policy is to arm the institution with a dynamic toolkit for protection valuable information (Miller, 2007). Additionally, the tri-factor of data confidentiality, integrity and availability needs to be considered during policy design (Kostadinov, 2014). Thus, a bank requires three major security policies; information classification policy to determine security level, access policy to determine who views what information and a system assurance policy to ensure the security system is periodically reviewed and relevant action taken.
- To safeguard banking network systems, monitoring policies are essential. These are policies designed to provide for surveillance of the system and its use to identify misuse or any other risk factor. Information security within the financial sector
Baltzan, P., & Phillips, A. (2009). Business driven information systems. New York: McGraw-Hill/Irwin.
Bank Systems and Technology. (2005, May 20). Banks delay transfers to stop phisher thievery. banktech.com. Retrieved from http://www.banktech.com/banks-delay-transfers-to-stop-phisher-thievery/d/d-id/1290348?
Bradley, T. (2008, June). Password management best practices for financial services firms. TechTarget Network. Retrieved from: http://searchfinancialsecurity.techtarget.com/tip/Password-management-best-practices-for-financial-services-firms
Cyber Security Awareness Alliance. (2017, April 5). Online banking – How to stay secure. csa.gov. Retrieved https://www.csa.gov.sg/gosafeonline/go-safe-for-me/homeinternetusers/online-banking-how-to-stay-secure
Entrust Datacard. (2017, August 25). Trusted Identities: An Imperative for Digital Transformation. Retrieved October 12, 2017, from Information Security Media Group: https://www.bankinfosecurity.com/whitepapers/trusted-identities-imperative-for-digital-transformation-w-3603
GMO Internet Group. (2017). What is an extended validation certificate? SSL Information Center. Retrieved from: https://www.globalsign.com/en/ssl-information-center/what-is-an-extended-validation-certificate/
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69-79.
Kostadinov, D. (2014, June 6). Key elements of an information security policy. Infosec Institute. Retrieved from http://resources.infosecinstitute.com/key-elements-information-security-policy/#gref
Miller, A. (2007, January 5). Writing effective Information Security Policies. Retrieved from: https://www.bankinfosecurity.com/writing-effective-information-security-policies-a-176
Regev, A. (2015, December 11). Five security measures for mobile banking transactions. Security Intelligence.Retrieved from: https://securityintelligence.com/five-security-measures-for-mobile-banking-transactions/