Systems Management and Security - Case Study Example

 Contents Company Profile 2 IT, Security and the Banking system 2 The IT Security Measures 3 2. Efficient Access System 4 3. Safe Infrastructure 4 4. Management and Review 4 5. Fraud Recognition Method 5 Reasons for IT Security Measures 5 Role of IT Measures 7 Recommendations & Conclusion 8 Bibliography 10 Standard Chartered Bank Company Profile Standard Chartered is one of the leading international organizations in the banking sector. It has a reputation of being listed on the London, Hong Kong and Mumbai stock exchanges. Standard Chartered ranks among the top 20 companies in the FTSE-100 by market capitalization (Great Britain 2008, p. 57). It was formed in 1969 when two banks merged i.e. The Standard Bank of British South Africa which was founded in 1863, and the Chartered Bank of India, Australia and China, founded in 1853. Standard Chartered Bank always strives to Lead by example and be the right partner for its stakeholders (Pohl et al. 1994, p. 1257). One of the objectives of the Standard Chartered Group is its commitment to building a sustainable business over the long term that is trusted worldwide for upholding high standards of corporate governance, social responsibility, environmental protection and employee diversity. IT, Security and the Banking system The increasing demand of account holders and the business industry has led to a change in the banking sector. Like many other industries, the banking sector is also affected by the impacts of information technological and technological advancements. Standard chartered uses a number of technologically advanced equipments to quicken the procedures involved in the banking work. It makes use of computers, internet, modern software for accounting and transactional processing and so on. In the recent year, online banking has also been established and promoted by the banking sectors. Standard Chartered Plc also proposed a trade platform for the users of its services called B2Bex. This platform is used by both sellers and buyers to perform the basic transactions online without any delays or necessary paper work. This platform helps in maintaining the whole trade procedures by giving the opportunity to the buyers to locate a supplier and choose products, negotiate insurance and transfer finances (United nations 2005, p. 101). The software to combat hackers and misuse of customer information have also been incorporated in the IT infrastructure of most the banks. This helps in maintaining substantial level of security of information of the users. Standard Chartered was the first bank to introduce ATM during 1979 in Hong Kong (Liao et. Al., 1999). The IT Security Measures Here are some of the security features that standard Chartered has implemented: 1. Strong Cryptography is extremely essential as it is the process through which data is converted into scrambled code and sent across a public or private network and deciphered or unscrambled at the other end. There are two types of cryptography: Symmetric cryptography. Asymmetrical cryptography.(Riley and Flannagan 2003, p. 771) Under Symmetric cryptography the same key is used for encryption and decryption. This method is vulnerable to plain text attacks and linear cryptanalysis meaning that they are hackable and at times simple to decode. Asymmetrical cryptography utilizes two different keys for the encryption and decryption if data. It is considered to be more reliable and secure. Hence keeping in line with the latest updates in cryptography, Standard Chartered Bank Online Banking is currently employing SSL 3.0, RC4 with 128-bit encryption (High); RSA with 1024-bit and Triple-DES encryption to ensure data (password) protection and data integrity protection. This form of cryptography used is among the strongest that is available in the industry (www.standardchrtered.com). 2. Efficient Access System In order to gain access to Standard Chartered Bank Online Banking a unique combination of User ID and PIN is required. This ensures only legitimate parties can gain access to the system. Under normal circumstances number of attempts are unlimited but Standard Chartered has limited the number of failed attempts allowed, if after a specific number attempts log in is unsuccessful then the party concerned has to contact the helpline to gain access. Apart from that any person logged in will be automatically logged out if there is no activity for a specific period of time and will need to log in again in order to continue with the service. Standard Chartered plc reveals that approximately 40% of their total transactions are carried out using ATM or online banking (Carstairs 1998). 3. Safe Infrastructure It is essential to have the best security infrastructure installed hence keeping in line with Standard Chartered Online vision of providing premium service to its clients. It adopted a series of security measures that are consistent with international best practice such as using top of the line packet filtering routers, firewalls and other security solutions that are aimed at safeguarding the system and protecting the interests of their customers. 4. Management and Review Standard Chartered has implemented numerous security monitoring systems (like intrusion detection system) and practices prepared to enable detection of unauthorized actions (Goodwin, 2004). Apart from that, Standard Chartered conducts regular security reviews both internally and externally by auditors to ensure that surveillance systems are secured around the clock. 5. Fraud Recognition Method This system deployed by Standard Chartered bank utilizes the latest technology to monitor Internet Banking transactions and identify suspicious activity. The Fraud Detection System analyses and searches for patterns of transactions and behavior which is considered out of the ordinary which may give an indication that a transaction is fraudulent. If fraudulent activity is detected the concerned party is contacted and his Internet Banking access is temporarily frozen until the matter is resolved along with ensuring no fraudulent transactions occur (Annessley 2005). The Bank has adopted a Secure Socket Layer (SSL) 128 bit end-to-end encryption technology that provides Triple-DES encryption to protect the privacy and confidentiality of all information transmitted between your Personal Computer browser and the Bank’s systems through the Internet, from the moment you log-in to the moment you log-out (www.standardchartered.com) Reasons for IT Security Measures The advent of Information technology has been a great boon for society as a whole however there are certain individuals in society who desire to abuse this facility by using it for illegal means or to commit illegal acts of fraud or theft hence it is necessary to implement IT security measures as criminals use various techniques to obtain the username and passwords of unsuspecting individuals. The most common way of obtaining a user name and password is by using a technique called “phishing” under which the criminal sends a fake email to a person asking them that they need to update their account details whereupon they are asked to click on a link which takes them to a fake website (Hewitt & Carlson 1998, pp. 12-99). On that fake website the unsuspecting individual is asked to fill up the details which the criminal now has and he will use it for his benefits. Do keep in mind as per the security policy of Standard Chartered Bank “NO” emails are sent to its clients asking for their log in details like username and password. IT security measures also ensures that only a genuine person can log in to their account by ensuring that if there is no activity in an account for a predetermined time it automatically logs out thus ensuring that if the customer has forgotten to log out of his / her account no other person can use it to transfer funds or conduct an illegal transaction. People as a general rule prefer to keep passwords of their children’s birthdays or their wedding anniversary or birthday etc this is not advisable as it would be easy for a person with nefarious intent to figure it out hence IT security measures implemented by Standard Chartered Bank provide a password strength indicator, if the password is not up to a required level it states that the password is weak and even gives suggestion as how to make it stronger. Usually people’s job description requires that they be on the move constantly hence as a consequence they may be forced to use a public pc which could have a key logger program installed in it to catch the user name and passwords of unsuspecting individuals, in order to combat or render a key logger program useless a virtual keyboard has been provided through which a customer can input his log in details without any worry that it will be recorded. An option of SMS / Email is provided to all customers which if opted for sends them an SMS or email should any transaction occur in a user’s account say the debit or credit of money hence if an unauthorized transaction occurs the user will be aware of it as he will receive an SMS or email and he can take prompt action by calling customer helpline and bringing it to their attention as regards the unauthorized transaction (Standard chartered 2011). Role of IT Measures In the modern working environment, people have the ease to shop, sell, communicate, transfer data and carry out transactions online. The main factor involved in the extensive use of online systems and trade is the concept of online banking. The online banking alone provides the customers with an ease to use and transfer their finances easily around the globe. The use of credit and debit cards has also given an additional benefit to the users. Standard Chartered is one of the leading banks in the industry and provides all the modern facilities to its customers. However, the security of banking systems, its data and information is a crucial issue. The data and information of the account users needs to be safe and sound in order to maintain a level of satisfaction and comfort of the safety of their resources at banks. The users require security of their personal information, bank balance and safety of their transactional information from outsiders. The safety concept is also remarkable in the physical boundaries of the bank premises (Quingley 2008). The bank carries cash, user lockers with important documents and things and other equipments which are of immense importance. The computer systems, for example, are a source of saving data and information in modern world. The loss of information due to theft, robbery and illegal use of computer systems may have a bad impact on the users' perceptions about the bank. The goodwill and reputation of the banks counts a lot as well as the interest rates and other incentives or profits they offer to the users. Knowing the importance of data, information, physical assets and cash of the bank, it is easy to believe that banking sector requires more than an ordinary security structure. Standard Chartered plc has implemented a number of measures to build a secure and trusted organization for the users. The physical premises of the bank are secured by using security cameras, walkthrough gates, handheld detecting device, and security guards and so on. These measures, firstly, help in building trust among the employees that they are safe and help in maintaining their performance reducing the chances of errors and mistakes. The use of IT security measure involves firewalls, antivirus programs, passwords, pin codes, security scanners and so on (www.standardchartered.com). Recommendations & Conclusion IT security measures used by Standard Chartered bank are state of the art however there is always room for improvement, such as using a higher level of encryption which will ensure that unauthorized persons cannot gain access as they too are constantly upgrading their tools of the trade. Standard Chartered Bank can always invest in more secure and state of the art hardware such as servers and firewalls thus ensuring that their hardware is one step ahead of the competition and enabling them to maintain and attract new clients. With the volume of transactions increasing on a daily basis it is imperative that a more efficient monitoring system be installed which will greatly reduce the likelihood of fraud or illegal transactions occurring. A more efficient and superior monitoring system will detect them and notify the relevant personal. There is a need to update the technological equipments as well as train the staff to their use. The training and educational programs may help the employees in understanding the equipments which are installed for the security and management of data, physical assets, people and information. This way, the employees and other staff, may help in maintaining a level of care where chances of errors and mistakes are minimized. There is a need to make such systems which are user-friendly and avoid any chances of fraud. The use of Iris Scanning, fingerprint scanning, BMI and other such advancements may be helpful in maintaining the records efficiently and also help in providing strict security measures for user data and finances. In the end we can safely conclude that the quest to provide premium service and a flawless IT security is an ongoing battle as constant changes need to be made by ascertaining, evaluating and monitoring the current trend of the security environment thus enabling Standard Chartered Bank to stay one step ahead of the competition and criminals who are always on the lookout for vulnerabilities in the online banking system. Bibliography Great Britain. (2008). Waking up to India: Developments in UK-India economic relations : Government response to the Committee's fifth report of session 2007-08. London: TSO. Hewitt, J. R., & Carlson, J. B. (1998). Securities practice and electronic technology. New York: Law Journal Seminars-Press. Annessley, Christian. (2005, October 11). Standard chartered rolls out integrated fraud detection and compliance software [Web log message]. Retrieved from http://www.computerweekly.com/Articles/2005/10/11/212271/Standard-Chartered-rolls-out-integrated-fraud-detection-and-compliance.htm Pohl, M., Freitag, S., & European Association for Banking History. (1994). Handbook on the history of European banks. Aldershot, Hants, England: E. Elgar. Riley, C., Flannagan, M. E., & ScienceDirect (Online service). (2003). Best damn Cisco internetworking book period. Rockland, MA: Syngress. United Nations. (2005). Trade finance infrastructure development handbook for economies in transition. New York: United Nations. Liao, S., Shao, Y. P., Wang, H., & Chen, A. (January 01, 1999). The adoption of virtual banking: an empirical study. International Journal of Information Management, 19, 1, 63. Carstairs, R. (1998). The changing retail banking market in Hong Kong. The Chartered Institute of Bankers Hong Kong Center 25th Commemorative »olume: Conntinuity and Change, 44-48. Goodwin, Bill. (2004, March 22). Growing virus threat prompts bank to outsource network security monitoring [Web log message]. Retrieved from http://www.computerweekly.com/Articles/2004/03/23/201237/Growing-virus-threat-prompts-bank-to-outsource-network-security.htm Standard Chartered. (2011). Standard chartered credit card online service terms and conditions [Web log message]. Retrieved from https://ebank.standardchartered.com.tw/HIBCS/servlet/HttpDispatcher/FrstRgstr/prompt Quigley, M. (2008). Encyclopedia of information ethics and security. Hershey [Pa.: Information Science Reference. Read More