610 likes | 945 Views
CAIIB - General Bank Management -Technology Management – MODULE C. Madhav Prabhu M. Tech, MIM, PMP, CISA, CAIIB, CeISB, MCTS, DCL prabhu.madhav@gmail.com. Agenda. Information Systems and Technology IT Applications and Banking Networking Systems Information System Security and Audit.
E N D
CAIIB- General Bank Management -Technology Management – MODULE C Madhav Prabhu M. Tech, MIM, PMP, CISA, CAIIB, CeISB, MCTS, DCL prabhu.madhav@gmail.com
Agenda • Information Systems and Technology • IT Applications and Banking • Networking Systems • Information System Security and Audit
Information Systems and Technology • System terminology • MIS and its characteristics • Data warehouse
System Terminology • Systems Development Life Cycle • Planning and analysis – defines needed information etc • Design - data structures, software architecture, interface • Implementation - Source code, database, documentation, testing and validation etc. • Operations and maintenance - ongoing
SDLC • A framework to describe the activities performed at each stage of a software development project.
Various SDLC Models • Waterfall Model when • Requirements are very well known • Product definition is stable • Technology is understood • New version of an existing product • Porting an existing product to a new platform.
Various SDLC Models • V-Shaped SDLC Model when • A variant of the Waterfall that emphasizes the verification and validation of the product. • Testing of the product is planned in parallel with a corresponding phase of development • Excellent choice for systems requiring high reliability – tight data control applications – patient information etc. • All requirements are known up-front • When it can be modified to handle changing requirements beyond analysis phase • Solution and technology are known
Various SDLC Models • Prototyping Model when • Developers build a prototype during the requirements phase • Prototype is evaluated by end users and users give corrective feedback • Requirements are unstable or have to be clarified • Short-lived demonstrations • New, original development • With the analysis and design portions of object-oriented development.
Type of Information Systems • Transaction Processing Systems • Management Information Systems • Decision Support Systems
MIS Structure • Strategic – Top management • Tactical – Middle Management • Operational – Lower Management
Strategic • External information – Competitive forces, customer actions, resource availability, regulatory approvals • Predictive information – long term trends • What if information
The People Board of Directors Chief Executive Officer President Decisions Develop Overall Goals Long-term Planning Determine Direction Political Economic Competitive Strategic Management
Tactical • Historical information- descriptive • Current performance information • Short term future information • Short term what if information
People Business Unit Managers Vice-President to Middle-Manager Decisions short-medium range planning schedules budgets policies procedures resource allocation Tactical Management
Operational • Descriptive historical information • Current performance information • Exception reporting
People Middle-Managers to Supervisors Self-directed teams Decisions short-range planning production schedules day-to-day decisions use of resources enforce polices follow procedures Operational Management
MIS System • MIS provides information about the performance of an organization • Think of entire company (the firm) as a system. • An MIS provides management with feedback
MIS: The Schematic The FirmProcessing Input: Raw Materials, Supplies, Data, etc. Output: Products, Services, Information etc. MIS Managers, VPs, CEO
MIS - Questions • Q: How are we doing? • A: Look at the report from the MIS • Generic reports: Sales, Orders, Schedules, etc. • Periodic: Daily, Weekly, Quarterly, etc. • Pre-specified reports • Obviously, such reports are useful for making good decisions.
MIS Periodic reports Pre-specified, generic reports DSS Special reports that may only be generated once May not know what kind of report to generate until the problem surfaces; specialized reports. How is a DSS different?
MIS vs. DSS: Some Differences • In a DSS, a manager generates the report through an interactive interface • More flexible & adaptable reports • DSS Reporting is produced through analytical modeling, not just computing an average, or plotting a graph. • Business Models are programmed into a DSS
Decision Support System • Broad based approach • Human in control • Decision making for solving structured/unstructured problems • Appropriate mathematical models • Query capabilities • Output oriented
Project Management • Planning Tools • Gantt chart • PERT • Interdependencies • Precedence relationships • Project Management software
Information Technology • Some IT systems simply process transactions • Some help managers make decisions • Some support the interorganizational flow of information • Some support team work
When Considering Information, • The concept of shared information through decentralized computing • The directional flow of information • What information specifically describes • The information-processing tasks your organization undertakes
INFORMATION FLOWS • Upward Flow of Information - describes the current state of the organization based on its daily transactions. • Downward Flow of Information - consists of the strategies, goals, and directives that originate at one level and are passed to lower levels. • Horizontal Flow of Information - between functional business units and work teams.
INFORMATION PROCESSING 1. Information Sourcing- at its point of origin. 2. Information - in its most useful form. 3.Creating information - to obtain new information. 4.Storing information - for use at a later time. 5.Communication of information - to other people or another location.
Data Centers • Centralised data environment • Data integration • Management awareness • Change impact • Decentralised data environment • Functional specialisation • Local differences • User proximity • User confidence • Lack of central control • Corporate level reporting • Data redundancy • Loss of synergy
Banking Systems and software • Multi currency • Multi lingual • Multi entity • Multi branch • Bulk transaction entry • High availability • Performance management
Selection criteria • Industry knowledge • Banking IT knowledge • Application familiarity • Project Management • Pricing options • Track record • Incumbency • Technical skills • Accessibility • Total Cost
Other systems • Electronic clearing and settlement systems • MICR/OCR • Debit Clearing system • Credit Clearing system • RTGS • Cheque truncation • Electronic Bill presentment and payment • Decrease billing costs • Provide better service • New channels- new revenue
Data communications • Electronic mail • Internet Connectivity • Local Area Networking • Remote Access Services
Computer Security • Physical security • Logical Security • Network security • Biometric security
Physical Security • Intrusion prevention- locking, guarding, lighting • Intrusion detection mechanisms – Disturbance sensors, buried line sensors, Surveillance • Document security • Power supply
Logical security • Software access controls • Multiple type of access control • Internal access control – based on date, time etc • Max tries • Audit trails • Priviliged access • Encryption
Network Security • Physical intrusion • System intrusion
Attacks • Impersonation - forging identity • Eavesdropping – Unauthorised read • Data alteration – Unauthorised edits • Denial of Service attacks - Overloading
Intrusion Detection Systems • Categories • NIDS – Network Intrusion Detection – monitors packets on network • SIV – System Integrity Verifier – files sum check • Log file Monitor – Log entry patterns • Methods • Signature recognition – Pattern recognition • Anomaly detection – Statistical anomalies
Firewalls • First line or last line of defence?
Others • VPN • Encryption • Honey pots
Biometric Security • Signature recognition • Fingerprint recognition • Palmprint recognition • Hand recognition • Voiceprint • Eye retina pattern
Communication Security • Cryptography • Digital Signatures • PKI • CA
Cryptography • Art and science of keeping files and messages secure. • Encryption • Key – to encode • DES and Triple DES, IDEA • Safe key length • Cipher • Decryption
Digital Signatures • Usage • Verification • Why use? • Authenticity • Integrity • Confidentiality • Non repudiation • Prerequisites – Public private key pair, CA
PKI- Public Key Infrastructure • A framework for secure and trustworthy distribution of public keys and information about certificate owners called clients • Client • Key Management • High quality secret keys • Generation • Key distribution
CA- Certification Authority • Central Authority • Hierarchical • Web of Trust