Other Details Essay Sample

Information Assurance in the Banking Sector

Information Assurance in the Banking Sector

Introduction

In the techno-heavy 21st century, new methods of money transfer that are faster than any traditional method are emerging. While earlier the customer had to walk down to the bank for the smallest transaction, he an now perform almost all banking activities with nothing but a mobile phone in his hand. This comfort however, comes with its own dark cloud of data security. How secure are the transactions performed over the internet? How much can a customer rely on the new systems? These are some of the questions that this paper attempts to answer. The focus is on the banking industry, particularly with reference to mobile banking.

Research Question

What are the measures of Information Assurance used in mobile banking and how reliable are these measures?
What is Information Assurance
Information Assurance refers to the management of risks involved in storage, retrieval and processing of information. Hibbard (2009) defines Information Assurance (IA) as using standards, practices, and mechanisms to maintain availability, integrity, and confidentiality of information. IA entails assuring that information is provided to those who need it at the time they need it. It also involves ensuring that this information is withheld from those unauthorized to use it (Hibbard, 2009).

The Process of Information Assurance

There are a number of policies, regulations, and laws governing the procedures adopted for security of information. In a white paper entitled “The Information Assurance Process: Charting a Path towards Compliance”, CyberCore Technologies outlines the mandate for information assurance. According to this mandate, the IA initiative in organization must ensure the integrity, availability, confidentiality, and authenticity of information. This can be achieved by ensuring that information is processed through a secure network. Ensuring a secure network involves implementation of policies and processes, that ensure that any information entering or leaving the system is secure and cannot be accessed by unauthorized persons. This requires that the network should be designed in a way that ensures security. The system should ensure authorization, authenticity, and accountability on the part of the users. The network should be impenetrable and the system should be certified and accredited as per regulations. The staff within the organization must be trained in IA practices (CyberCore, n.d.).

IA in Banking

Information in the banking sector is without question the most sensitive and hence the need for security is the maximum in this sector. With the evolution of technology, banking operations have moved from the counter to hand held devices. Introduction of web and mobile banking has made the lives of both the consumer and the banker easier. The risk involved in this evolution is however of great magnitude. The banks while providing facilities to the consumer must also ensure that the information and more importantly the money of the consumer is safe. IA practices in banks therefore assume greater importance in the banking sector.

Mobile Banking

The advantages of mobile banking include speed and convenience for the customer, cost effectiveness, eliminating the need to carry cash or plastic cards, reduced risks of losing cash or misuse of cards, ease of business, and reduction of skimming activities. These benefits come with some inherent risks. The main concern is naturally fraud. Fraud may occur in a number of ways. Interpretation of traffic over the internet, lack of security on the part of the bank or the user such as revealing authentication data, infringement of digital rights of the service provider, lack of security on the part of the service provider, theft by human agents, and violation of privacy are some of the ways in which fraud is likely to occur (ISACA, 2011).

Measures for Information Assurance

Some of the measures adopted by banks, service providers and users to ensure data integrity, accuracy, and authenticity include secure protocols for transferring data over the air, encryption of data when being transferred, better authentication using PIN numbers and other secured information, message authentication, and installing digital rights management software (ISACA, 2011).

Conclusion

With the upsurge of technology in the last decade, the banking sector has seen a dynamic change. Convenience of the customer has become the prime focus in banking activities. This convenience is provided through the use of technology. The contemporary customer does not need to visit the bank as frequently as the traditional customer did. In this scenario, data security and more importantly, security of finances, assumes great importance. In this paper, we discussed some of the risks involved in mobile banking and measures to counter these risks. Mobile banking is still experiencing change. How these changes will affect the security issues and what measures must be adopted to resolve these issues will depend on how technology evolves and how it is adopted to facilitate banking. Some of the risks as envisioned by ISACA (2011) are competition among providers resulting slack security, risks involved in cross platform operations – that is users with operating systems other than that where the data is stored, Issues with portability of data as well as applications, Compromised security in favor of convenience, and third party involvement. Banking institutions will have to evolve procedures to ensure that there is no security lapse at their end. Service providers will need to enhance their network security and address portability issues. Users must be trained and guided by the banking institutions in the use of these facilities. They must be made aware of the risks involved and ways in which these risks can be mitigated. One of the major risks to information security is human interaction. This risk can never be completely eliminated. However, with proper protocols, regulations and streamlined process, the risk can be reduced to a great extent.
Mobile banking is by no means the end of the road. The future holds further technological advances and newer ways must be evolved to meet newer demands in a secure and efficient manner.

References

CyberCore (n.d.) Technologies LLC PROPRIETARY The Information Assurance Process: Charting a Path Towards Compliance Retrieved From http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CBwQFjAA&url=http%3A%2F%2Fcybercoretech.com%2Fwordpcct%2Fwp-content%2Fuploads%2FThe-Information-Assurance-Process.pdf&ei=VbaoVOPZLsSTuASQ_YKABw&usg=AFQjCNEVqbUXM4nNVRcSqcMUY4i9SOQKSA&sig2=5EUaeiueylLxy0YLhY0Z1w&bvm=bv.82001339,d.c2E
Hibbard Eric A. (2009), Hitachi Data Systems, Introduction to Information Assurance, Storage Network Industry Association (SINA) Retrieved From http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CBwQFjAA&url=http%3A%2F%2Fwww.snia.org%2Fsites%2Fdefault%2Feducation%2Ftutorials%2F2009%2Fspring%2Fsecurity%2FEricHibbard-Introduction-Information-Assurance.pdf&ei=cqOoVM-gD4q9uATC9oLICQ&usg=AFQjCNEPL8H0c_YVIcV_PXw9Bg0MRdKTng&sig2=S2SM72JcNaQVOsU3uFtO-g&bvm=bv.82001339,d.c2E&cad=rja
ISACA (2011), Mobile Payments: Risk, Security and Assurance Issues An ISACA Emerging Technology White Paper November 2011 Retrieved From http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CBwQFjAA&url=http%3A%2F%2Fwww.isaca.org%2FGroups%2FProfessional-English%2Fpci-compliance%2FGroupDocuments%2FMobilePaymentsWP.pdf&ei=qp6oVOaSFpG3uQS_iYHADQ&usg=AFQjCNEzsRKtkcrwPewATI-zS1udvmp85g&sig2=Uyzcy5XEgs_m8_YBjxihyA&bvm=bv.82001339,d.c2E