The most valuable asset for a financial institution is information – and securing information assets is necessary both to build and maintain trust between financial institutions and its customers, and to comply with the law. The Microsoft Platform Security and Audit Handbook 2008 launched by Microsoft India and PricewaterhouseCoopers (PwC) is targeted at safeguarding the information systems of the financial sector. It provides bankers and auditors guidelines for maintenance of data integrity and protection against security threats.
Over the last two decades, customers have felt the positive impact of technological solutions implemented by banks. Security, however, remains a crucial requirement in an environment that demands high levels of confidentiality. Existing Reserve Bank of India guidelines deem it necessary for organizations in the banking and financial sector to carry out annual Information Systems security audits, but there is a need in the banking industry to customize these guidelines to specific technology platforms. The handbook caters to this need and includes all the key controls that should be evaluated during a systems review for three key Microsoft platforms: Windows Desktop Operating Systems, Windows Server Operating Systems, and SQL Server Databases.
The launch of the handbook is consistent with Microsoft's efforts worldwide to ensure security across the technology ecosystem. Commenting on the launch of the handbook, Pallavi Kathuria , Director, Server Business, Microsoft India said, “Microsoft is deeply committed to delivering secure technologies, products and processes that customers need to ensure safety of critical data. We work with the government, industry partners and customers towards improving platform security, enabling interoperability and integrating applications to provide customers with alliance-based security solutions. Out expertise tells us that a financial institution establishes and maintains truly effective information security when it continuously integrates processes, people, and technology to mitigate risk in accordance with risk assessment – and that is what we expect this book to help the institutions achieve.”
The Security Handbook comprises two sections: the first section considers Windows Desktop (2000, XP, Vista ) and Windows Server (2003) Operating Systems and identifies separately the difference in the review procedure for each. The second section takes into consideration the SQL 2000 and SQL 2005 Databases.
“The handbook provides guidance to Information Security Auditors on assessing the level of security risks to an organization and evaluating the adequacy of the organization's risk management - an area pioneered by PwC.” said Mr Sivarama Krishnan, Executive Director, PricewaterhouseCoopers, “and an area of essential importance for sectors like banking”.
Along with the Security Handbook, Microsoft & PwC have also published vital systems security resources such as Audit & Intrusion Detection Tools, Security Guides and valuable guidance on systems security practices in the form of a Security CD. The Handbook & Security CD are available to Banks, financial institutions, Systems Security Auditors and Consultants free of cost.
|
