The client is a fast-growing private sector retail bank. Ensuring security of banking transactions and customer privacy has been a norm for the bank since its inception. The top management at the bank is committed to inculcate security in all forms in the DNA of the organization. While many projects had been implemented for increasing the information security level in the past, the bank felt the need to look at the future scenario and prepare itself ahead of time to manage information security in a comprehensive manner. Therefore a new security project was undertaken in February 2007.
Over the last few years, threat landscape has changed. There have been a number of high profile attacks on financial organizations, new kinds of threats have emerged and the number of attacks has also increased. A recent study by Gartner shows that 40% of attacks by 2008 will be financially motivated attacks. The future thus will be more challenging for banks. The current model of information security, as practiced by most of the financial institutions today, is often inadequate for meeting the future challenges. Most banks have the required security technologies. What is, however, missing is the ‘control and management layer’ for operational excellence and a result-driven approach.
The bank therefore decided to adopt a new model for information security that can provide higher value to its business.
To meet the challenges of future, the bank in association with Paladion worked towards making security a more operations focused and result oriented function thereby making security activities run daily along with business processes. Further, the new model is based on three key criteria- holistic, continual and integrated. A system that can make security a part of every business activity, align with business goals and provide high level of assurance to stakeholders. And this assurance should be in quantified terms, measured through the protection provided to business. Part of the concept is to have the security quantified to the extent that it can be measured through structured SLAs (service level agreements) that are visible through a management dashboard. Among numerous features of this model are:
Based on the implementation of this model, the bank has accrued the following key benefits: