1 / 60

CAIIB - General Bank Management -Technology Management – MODULE C

CAIIB - General Bank Management -Technology Management – MODULE C. Madhav Prabhu M. Tech, MIM, PMP, CISA, CAIIB, CeISB, MCTS, DCL prabhu.madhav@gmail.com. Agenda. Information Systems and Technology IT Applications and Banking Networking Systems Information System Security and Audit.

rgarza
Télécharger la présentation

CAIIB - General Bank Management -Technology Management – MODULE C

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CAIIB- General Bank Management -Technology Management – MODULE C Madhav Prabhu M. Tech, MIM, PMP, CISA, CAIIB, CeISB, MCTS, DCL prabhu.madhav@gmail.com

  2. Agenda • Information Systems and Technology • IT Applications and Banking • Networking Systems • Information System Security and Audit

  3. Information Systems and Technology • System terminology • MIS and its characteristics • Data warehouse

  4. System Terminology • Systems Development Life Cycle • Planning and analysis – defines needed information etc • Design - data structures, software architecture, interface • Implementation - Source code, database, documentation, testing and validation etc. • Operations and maintenance - ongoing

  5. SDLC • A framework to describe the activities performed at each stage of a software development project.

  6. Various SDLC Models • Waterfall Model when • Requirements are very well known • Product definition is stable • Technology is understood • New version of an existing product • Porting an existing product to a new platform.

  7. Various SDLC Models • V-Shaped SDLC Model when • A variant of the Waterfall that emphasizes the verification and validation of the product. • Testing of the product is planned in parallel with a corresponding phase of development • Excellent choice for systems requiring high reliability – tight data control applications – patient information etc. • All requirements are known up-front • When it can be modified to handle changing requirements beyond analysis phase • Solution and technology are known

  8. Various SDLC Models • Prototyping Model when • Developers build a prototype during the requirements phase • Prototype is evaluated by end users and users give corrective feedback • Requirements are unstable or have to be clarified • Short-lived demonstrations • New, original development • With the analysis and design portions of object-oriented development.

  9. Type of Information Systems • Transaction Processing Systems • Management Information Systems • Decision Support Systems

  10. MIS Structure • Strategic – Top management • Tactical – Middle Management • Operational – Lower Management

  11. Strategic • External information – Competitive forces, customer actions, resource availability, regulatory approvals • Predictive information – long term trends • What if information

  12. The People Board of Directors Chief Executive Officer President Decisions Develop Overall Goals Long-term Planning Determine Direction Political Economic Competitive Strategic Management

  13. Tactical • Historical information- descriptive • Current performance information • Short term future information • Short term what if information

  14. People Business Unit Managers Vice-President to Middle-Manager Decisions short-medium range planning schedules budgets policies procedures resource allocation Tactical Management

  15. Operational • Descriptive historical information • Current performance information • Exception reporting

  16. People Middle-Managers to Supervisors Self-directed teams Decisions short-range planning production schedules day-to-day decisions use of resources enforce polices follow procedures Operational Management

  17. MIS System • MIS provides information about the performance of an organization • Think of entire company (the firm) as a system. • An MIS provides management with feedback

  18. MIS: The Schematic The FirmProcessing Input: Raw Materials, Supplies, Data, etc. Output: Products, Services, Information etc. MIS Managers, VPs, CEO

  19. MIS - Questions • Q: How are we doing? • A: Look at the report from the MIS • Generic reports: Sales, Orders, Schedules, etc. • Periodic: Daily, Weekly, Quarterly, etc. • Pre-specified reports • Obviously, such reports are useful for making good decisions.

  20. MIS Periodic reports Pre-specified, generic reports DSS Special reports that may only be generated once May not know what kind of report to generate until the problem surfaces; specialized reports. How is a DSS different?

  21. MIS vs. DSS: Some Differences • In a DSS, a manager generates the report through an interactive interface • More flexible & adaptable reports • DSS Reporting is produced through analytical modeling, not just computing an average, or plotting a graph. • Business Models are programmed into a DSS

  22. Decision Support System • Broad based approach • Human in control • Decision making for solving structured/unstructured problems • Appropriate mathematical models • Query capabilities • Output oriented

  23. Types of Decisions

  24. Project Management • Planning Tools • Gantt chart • PERT • Interdependencies • Precedence relationships • Project Management software

  25. Information Technology • Some IT systems simply process transactions • Some help managers make decisions • Some support the interorganizational flow of information • Some support team work

  26. When Considering Information, • The concept of shared information through decentralized computing • The directional flow of information • What information specifically describes • The information-processing tasks your organization undertakes

  27. INFORMATION FLOWS • Upward Flow of Information - describes the current state of the organization based on its daily transactions. • Downward Flow of Information - consists of the strategies, goals, and directives that originate at one level and are passed to lower levels. • Horizontal Flow of Information - between functional business units and work teams.

  28. INFORMATION PROCESSING 1. Information Sourcing- at its point of origin. 2. Information - in its most useful form. 3.Creating information - to obtain new information. 4.Storing information - for use at a later time. 5.Communication of information - to other people or another location.

  29. Data Centers • Centralised data environment • Data integration • Management awareness • Change impact • Decentralised data environment • Functional specialisation • Local differences • User proximity • User confidence • Lack of central control • Corporate level reporting • Data redundancy • Loss of synergy

  30. IT Applications and Banking

  31. Banking Systems and software • Multi currency • Multi lingual • Multi entity • Multi branch • Bulk transaction entry • High availability • Performance management

  32. Selection criteria • Industry knowledge • Banking IT knowledge • Application familiarity • Project Management • Pricing options • Track record • Incumbency • Technical skills • Accessibility • Total Cost

  33. Other systems • Electronic clearing and settlement systems • MICR/OCR • Debit Clearing system • Credit Clearing system • RTGS • Cheque truncation • Electronic Bill presentment and payment • Decrease billing costs • Provide better service • New channels- new revenue

  34. Networking Systems

  35. Data communications • Electronic mail • Internet Connectivity • Local Area Networking • Remote Access Services

  36. Information System Security and Audit

  37. Computer Security • Physical security • Logical Security • Network security • Biometric security

  38. Physical Security • Intrusion prevention- locking, guarding, lighting • Intrusion detection mechanisms – Disturbance sensors, buried line sensors, Surveillance • Document security • Power supply

  39. Logical security • Software access controls • Multiple type of access control • Internal access control – based on date, time etc • Max tries • Audit trails • Priviliged access • Encryption

  40. Network Security • Physical intrusion • System intrusion

  41. Attacks • Impersonation - forging identity • Eavesdropping – Unauthorised read • Data alteration – Unauthorised edits • Denial of Service attacks - Overloading

  42. Intrusion Detection Systems • Categories • NIDS – Network Intrusion Detection – monitors packets on network • SIV – System Integrity Verifier – files sum check • Log file Monitor – Log entry patterns • Methods • Signature recognition – Pattern recognition • Anomaly detection – Statistical anomalies

  43. Firewalls • First line or last line of defence?

  44. Others • VPN • Encryption • Honey pots

  45. Biometric Security • Signature recognition • Fingerprint recognition • Palmprint recognition • Hand recognition • Voiceprint • Eye retina pattern

  46. Communication Security • Cryptography • Digital Signatures • PKI • CA

  47. Cryptography • Art and science of keeping files and messages secure. • Encryption • Key – to encode • DES and Triple DES, IDEA • Safe key length • Cipher • Decryption

  48. Digital Signatures • Usage • Verification • Why use? • Authenticity • Integrity • Confidentiality • Non repudiation • Prerequisites – Public private key pair, CA

  49. PKI- Public Key Infrastructure • A framework for secure and trustworthy distribution of public keys and information about certificate owners called clients • Client • Key Management • High quality secret keys • Generation • Key distribution

  50. CA- Certification Authority • Central Authority • Hierarchical • Web of Trust

More Related