• Tidak ada hasil yang ditemukan

final year project - DSpace Repository

N/A
N/A
Info
Unduh - Bebas
Protected

Academic year: 2023

Membagikan "final year project - DSpace Repository"

Copied!
44
0
0

Memuat.... (Lihat teks lengkap sekarang)

Unduh sekarang ( 44 Halaman )

Teks penuh

Board of examiners

Declaration

Acknowledgement

Abstract

INTRODUCTION

Since information is the most valuable thing in today's world, information security is the top priority and the most crucial issue for organizations, especially for banks and financial institutions. The bank is responsible for the protection of its information from unauthorized access, modification, disclosure and omission. The One Bank Limited will design and develop its IT Security Policy under Bangladesh Bank's ICT Security Guidelines for Banks and Non-Bank Financial Institutions.

This policy will ensure the protection and maintenance of the information and information technology assets.

PURPOSE AND SCOPE

Definitions

Data integrity means that the data is not tempered and intended users can understand the meaning of the data, what it actually meant. It can be network errors, hacking attempts and many other things that insist on non-availability of hardware or software resources in the bank. Information system is a combination of components used to collect, process, store, retrieve and distribute information about the bank.

Information technology is a combination of all forms of technology required for the electronic storage, processing, retrieval, transmission and manipulation of data. A network is a collection of interconnected computers or other devices connected for the purpose of sharing resources or exchanging files or enabling electronic communication between those computers or devices. A planned change is a change that is ready to be implemented and is waiting for a given time to act, or a change that is predetermined to happen at a certain time.

Security breach is an incident where unauthorized access to the information on a computer or network or services of an information system takes place. Unscheduled change are the changes that are not predetermined but require an emergency basis for system failure or security breach.

ROLES AND RESPONSIBILITIES………………….……………………………….…..… 3-4

  • ONE Bank Senior Management
  • Network Manager
  • System Administrator
  • Data Center Manager
  • Branch Managers, Other Divisional Heads and Employees
  • Internal IT Auditor
  • Vendors, Subcontractors and Outsourcers

All responsibility regarding the management and security of the data center and its resources and operations lies with the One Bank Data Center manager. He/she will also be responsible for ensuring the availability of the Disaster Recovery Site (DRS) in the event of a failure at the end of production. Managers and division heads will ensure that their employees have access to the information standards in a format that they understand, have read and are aware of the consequences of failure to comply with them.

Local management and employees must be aware of security and must comply with the rules and regulations mentioned in this policy. The internal IT auditor will be responsible for developing an annual information system audit plan, as well as monitoring the entire system, data mining, analysis and fraud detection. In providing Information Systems services, suppliers must comply with ONE Bank's Information Security Standards as they apply to hardware, software and related procedures and processes.

The suppliers and other suppliers must maintain One Bank's IT security policy, otherwise the bank will take action against them, even the bank reserves the right to cancel the agreement with related parties.

PHYSICAL SECURITY…..……………………………………………..……..……………..……...….…….…............4-7

Local area networks (LANs) used by One Bank branches to utilize centralized electronic banking must maintain the following standards to ensure physical access control. Water and high temperature can affect performance and can even damage information system components. It should be checked and ensured that One Bank's data center and branches are built to local authority standards.

In addition to the physical security of the data center, network and workstations, logical security is also very important to One Bank Limited. The bank will not publicly share any information that could be harmful to its customers or that could affect the bank's business. The bank is obliged to provide any information requested by the country's law enforcement agencies.

Continuous expansion of services of One Bank Limited its IT infrastructure and information system needs constant updating, expansion over time. Because the information system and IT resources are interdependent, change management is actually more complex and critical than other plans. Hardware Management means the necessary hardware installation, upgrade and maintenance of One Bank Limited's hardware resources.

This should describe the procedures for the manual operations to be automated and the purpose of the activity. A team leader is also chosen, preferably the one who had done the initial feasibility study and analysis of the project. After the meeting, the project manager, with the help of the project team, would prepare a needs analysis report.

The project source code should be updated weekly to the repository, and other documents should be updated monthly. After the UAT is complete, a copy of the software (executable only) is installed on the production machine after all required environment settings. Developers should be revoked write permission after the project is launched. v) No copy of the Software is permitted except for development purposes. you).

After the software is developed, all copies should be deleted, except backup copies kept in the repository and production copies. If we can exceed the above policy limits, we can ensure better security of banking information systems.

NETWORK SECURITY

DISASTER RECOVERIES

Disaster recovery is the process of resuming business operations after an unexpected damage or stoppage of operations. One Bank Limited's IT Disaster Recovery Plan has two parts, one is "Disaster Recovery Plan" and the other is "Data Backup Plan".

CHANGE REQUEST MANAGEMENT

Provide duplicate up-to-date information for recovery purposes with the same level of integrity and quality. Because the committee can review the request for possible failures and threats and decide whether to grant or defer the change request.

HARDWARE MANAGEMENT

In the event of any need for the use of portable media devices, prior written approval must be obtained from the IT division.

SYSTEM DEVELOPMENT AND TESTING…………………………….…… 17-20

At this stage, the IT manager would designate a person to review the user requirements and decide on the feasibility of the project. Each member of the development team can perform more than two roles at the same time, except for the tester. This elevator should explain the weak points, dependencies and other causes that can hinder or stop the development of the project.

The entire project should be divided into smaller modules (can be defined as jobs) and the schedule for each job should be detailed with the name of the person assigned to carry out the work. A dedicated machine should be used as a repository for software code and documentation. ii) Visual Source Safe (VSS) or CVS should be used to control the development .. of the project. iii) VSS domain users must be created. Submitted copy Please provide a copy of the approval. the system administrator is available in the IT Division 1.4 It is policy. containing .. clear instructions and responsibilities for different administrative persons?.

One of the most important security challenges missing from the proposed ICT security policy is that there is no guidance on how to ensure customer awareness of this.

Referensi

Unduh sekarang ( PDF - 44 Halaman - 858.58 KB )

Dokumen terkait

Lidar is coming of age - Research at ASSAf

4 | 2020 QUESTONLINE.ORG.ZA Published by the Academy of Science of South Africa ASSAf PO Box 72135, Lynnwood Ridge 0040 Subscription rates 4 issues and postage for other countries,

Report - Article 71

Independent Limited Assurance Report to BinDawood Holding Company on the Chairman’s Declaration on the Requirements of Article 71 To the Shareholders of BinDawood Holding Company We