Browse by Year:

CIO Review >> Magazine >> October - 2016 issue

Putting the Finance Industry's Security Practices under the Microscopepe


Headquartered in Pune, India, ITSMAN CONSULTING SERVICES is a provider of consulting services to financial, insurance, healthcare, telecom, energy and manufacturing companies. The company supports initiatives such as IT Strategy & Architecture, Information Security Governance & Compliance, Regulatory Compliance and reporting improvements, Enterprise Risk Assessments and Management, Business & Technology Risk Assessments, Application Risk Assessments, Business Continuity & Disaster Recovery Managements and Training & Awareness programs.

As an extrovert; I often reach out to people around me and start the conversion with intent of knowing each other and in the pursuit of understanding the sweat spots and comfort zones that may take our short discussions in to an ever remembering intellectual interactions. The topics range from culture, nature, politics, financial markets, technology trends, businesses and of course the business challenges in general and the worries in particular.

What surprises me when I hear about the whole set of different levels of business problems that we often discuss in professional forums, seminars and gatherings especially during casual networking breaks. The interactions with CXO’s (especially CIO’s, CTO’s, CISO’s and even CFO’s) often leads to discussions around the breaking news of security failures, incidents and the Cyber Security Threats and its ever evolving trends.

If I may analyse and give the perspective to prepare ourselves and the organizations to face these Threat-full space of Cyber Threats; then my sincere advice is to invest in a professional help or follow the below key security measures to conduct a microscopic review and enhance existing Security Practice to its best. The key to achieve a good Cyber Security is to let it evolve as a best Security Practice and not get locked in to mere discussions, planning and documentations.

Key Security Measures

1. Study and understand the Regulatory Compliance requirements of your business
2.Study and understand the Cyber Threat landscape that apply to your business
3. Conduct a microscopic assessment of the existing Security Practices of organization to understand the gaps that fail to meet the Regulatory Compliance and the gaps that can be exploited to realise the Cyber Threats.
4. Identify, implement and adhere to organizations Minimum Security Controls standards that meet your business objectives, mitigate the Security Practice gaps, achieve compliance and help in detecting, protecting and preventing the Cyber Threats.

What are our Regulatory Compliance requirements?

Every business operates within a set of Regulatory, Legal and Social compliance requirements. Given below are some of the important requirements applicable to the Finance Industry. It is advisable to study and understand its applications and compliance requirements.

• Gramm-Leach-Bliley Act (GLBA Safeguards – Emphasis on “financial institutions must protect the consumer information they collect”.

• Dodd-Frank Wall Street Reform– Insists to “promote the financial stability by improving accountability and transparency in the financial system”. It provides the measure of what is “reasonable and appropriate” for protecting consumer data in financial systems.

• Sarbanes-Oxley Act (SOX)– Mandates to “protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws, and for other purposes”.

• Payment Card Industry Data Security Standard (PCI DSS)– Regulates on “maintaining payment security that is required for all entities that store, process or transmit cardholder data”.

• Nationals, states and cities mandate the social responsibilities in order to “ensure environment safety and preservation of natural resources”.

How should we do microscopic review of existing Security Practices?

Perform thorough self-assessments of following aspects of existing Security Practices or take a professional help from security practitioners to review it on your behalf. The aim should be to find all the gaps, short-comings and lapses that may exploit the vulnerabilities to realise the threats and disrupt the business.

• Security Programs and its alignment with business goals and objectives.