technology management
DESCRIPTION
TRANSCRIPT
CAIIB- General Bank Management -Technology Management –
MODULE C
Madhav PrabhuM. Tech, MIM, PMP, CISA, CAIIB, CeISB, MCTS, DCL
Agenda
• Information Systems and Technology
• IT Applications and Banking
• Networking Systems
• Information System Security and Audit
Information Systems and Technology
• System terminology
• MIS and its characteristics
• Data warehouse
System Terminology
• Systems Development Life Cycle– Planning and analysis – defines needed
information etc– Design - data structures, software
architecture, interface– Implementation - Source code, database,
documentation, testing and validation etc.– Operations and maintenance - ongoing
SDLC
• A framework to describe the activities performed at each stage of a software development project.
Various SDLC Models
• Waterfall Model when– Requirements are very well known– Product definition is stable– Technology is understood– New version of an existing product– Porting an existing product to a new platform.
Various SDLC Models
• V-Shaped SDLC Model when– A variant of the Waterfall that emphasizes the
verification and validation of the product.– Testing of the product is planned in parallel with a
corresponding phase of development• Excellent choice for systems requiring high
reliability – tight data control applications – patient information etc.
• All requirements are known up-front• When it can be modified to handle changing
requirements beyond analysis phase • Solution and technology are known
Various SDLC Models
• Prototyping Model when– Developers build a prototype during the requirements
phase– Prototype is evaluated by end users and users give
corrective feedback – Requirements are unstable or have to be clarified – Short-lived demonstrations – New, original development– With the analysis and design portions of object-
oriented development.
Type of Information Systems
• Transaction Processing Systems
• Management Information Systems
• Decision Support Systems
MIS Structure
• Strategic – Top management
• Tactical – Middle Management
• Operational – Lower Management
Strategic
• External information – Competitive forces, customer actions, resource availability, regulatory approvals
• Predictive information – long term trends
• What if information
Strategic Management
• The People– Board of Directors– Chief Executive Officer– President
• Decisions– Develop Overall Goals– Long-term Planning– Determine Direction
• Political• Economic• Competitive
Tactical
• Historical information- descriptive
• Current performance information
• Short term future information
• Short term what if information
Tactical Management
• People– Business Unit
Managers– Vice-President to
Middle-Manager
• Decisions– short-medium range
planning– schedules– budgets– policies– procedures– resource allocation
Operational
• Descriptive historical information
• Current performance information
• Exception reporting
Operational Management
• People– Middle-Managers to– Supervisors– Self-directed teams
• Decisions– short-range planning– production schedules– day-to-day decisions– use of resources– enforce polices– follow procedures
MIS System
• MIS provides information about the performance of an organization
• Think of entire company (the firm) as a system.
• An MIS provides management with feedback
The FirmProcessing
MIS: The Schematic
Input: Raw Materials, Supplies, Data, etc.
Output: Products, Services, Information etc.MIS
Managers, VPs, CEO
MIS - Questions
Q: How are we doing?A: Look at the report from the MIS
Generic reports: Sales, Orders, Schedules, etc.Periodic: Daily, Weekly, Quarterly, etc.Pre-specified reports
Obviously, such reports are useful for making good decisions.
How is a DSS different?
MIS• Periodic reports
• Pre-specified, generic reports
DSS• Special reports that may
only be generated once
• May not know what kind of report to generate until the problem surfaces; specialized reports.
MIS vs. DSS: Some Differences
• In a DSS, a manager generates the report through an interactive interface– More flexible & adaptable reports
• DSS Reporting is produced through analytical modeling, not just computing an average, or plotting a graph.– Business Models are programmed into a DSS
Decision Support System
• Broad based approach
• Human in control
• Decision making for solving structured/unstructured problems
• Appropriate mathematical models
• Query capabilities
• Output oriented
Types of Decisions
Operational Tactical Strategic
Un-structured
Cash Management
Re-engineering a process
New e-business initiatives
Company re-organization
Semi-structured
Production Scheduling
Employee Performance Evaluation
Capital Budgeting
Mergers
Site Location
Structured Payroll
Project Management
• Planning Tools– Gantt chart– PERT
• Interdependencies• Precedence relationships
• Project Management software
Information Technology
• Some IT systems simply process transactions• Some help managers make decisions• Some support the interorganizational flow of
information• Some support team work
When Considering Information,
• The concept of shared information through decentralized computing
• The directional flow of information
• What information specifically describes
• The information-processing tasks your organization undertakes
INFORMATION FLOWS• Upward Flow of Information - describes the current
state of the organization based on its daily transactions.
• Downward Flow of Information - consists of the strategies, goals, and directives that originate at one level and are passed to lower levels.
• Horizontal Flow of Information - between functional business units and work teams.
INFORMATION PROCESSING
1. Information Sourcing- at its point of origin.2. Information - in its most useful form.3.Creating information - to obtain new information.4.Storing information - for use at a later time.5.Communication of information - to other people or another location.
Data Centers
• Centralised data environment– Data integration– Management awareness– Change impact
• Decentralised data environment– Functional specialisation– Local differences– User proximity– User confidence– Lack of central control– Corporate level reporting– Data redundancy– Loss of synergy
IT Applications and Banking
Banking Systems and software
– Multi currency– Multi lingual– Multi entity– Multi branch– Bulk transaction entry– High availability– Performance management
Selection criteria
• Industry knowledge• Banking IT knowledge• Application familiarity• Project Management• Pricing options• Track record• Incumbency• Technical skills• Accessibility• Total Cost
Other systems
• Electronic clearing and settlement systems– MICR/OCR– Debit Clearing system– Credit Clearing system– RTGS– Cheque truncation
• Electronic Bill presentment and payment– Decrease billing costs– Provide better service– New channels- new revenue
Networking Systems
Data communications
• Electronic mail
• Internet Connectivity
• Local Area Networking
• Remote Access Services
Information System Security and Audit
Computer Security
• Physical security
• Logical Security
• Network security
• Biometric security
Physical Security
• Intrusion prevention- locking, guarding, lighting
• Intrusion detection mechanisms – Disturbance sensors, buried line sensors, Surveillance
• Document security
• Power supply
Logical security
• Software access controls– Multiple type of access control– Internal access control – based on date, time
etc– Max tries– Audit trails– Priviliged access– Encryption
Network Security
• Physical intrusion
• System intrusion
Attacks
• Impersonation - forging identity
• Eavesdropping – Unauthorised read
• Data alteration – Unauthorised edits
• Denial of Service attacks - Overloading
Intrusion Detection Systems
• Categories– NIDS – Network Intrusion Detection –
monitors packets on network– SIV – System Integrity Verifier – files sum
check– Log file Monitor – Log entry patterns
• Methods– Signature recognition – Pattern recognition– Anomaly detection – Statistical anomalies
Firewalls
• First line or last line of defence?
Others
• VPN
• Encryption
• Honey pots
Biometric Security
• Signature recognition
• Fingerprint recognition
• Palmprint recognition
• Hand recognition
• Voiceprint
• Eye retina pattern
Communication Security
• Cryptography
• Digital Signatures
• PKI
• CA
Cryptography
• Art and science of keeping files and messages secure.
• Encryption
• Key – to encode– DES and Triple DES, IDEA– Safe key length
• Cipher
• Decryption
Digital Signatures
• Usage
• Verification
• Why use?– Authenticity– Integrity– Confidentiality– Non repudiation
• Prerequisites – Public private key pair, CA
PKI- Public Key Infrastructure
• A framework for secure and trustworthy distribution of public keys and information about certificate owners called clients
• Client
• Key Management– High quality secret keys– Generation
• Key distribution
CA- Certification Authority
• Central Authority
• Hierarchical
• Web of Trust
Disaster Management
• Natural
• Accidents
• Malicious
Disaster Management
• Disaster avoidance– Inventory– Risk Management
• Disaster Recovery– Data off site– Data off line– Data out of reach– Test
Business Continuity Planning
• Employee awareness
• Fire detection and prevention
• Hardcopy records
• Human factors
• LAN
• Media handling and storage
DRP – Disaster Recovery Planning
• Preplanning
• Vulnerability assessment
• BIA – Business Impact Assessment
• Detailed definition – RTO and RPO
• Plan development
• Testing
• Maintenance program
IS Audit
• Objectives– Safeguarding assets– Data Integrity– Process Integrity– Effectiveness auditing– Efficiency auditing– Importance
IS Audit Procedures
• Audit objectives
• Planning– Who, how and reporting structures
• Audit Software – execution
• Reporting
System Audit - Security
• Environmental Controls• Access controls• Input controls• Communication controls• Processing controls• Database controls• Output controls• Control of last resort (DRP, Insurance)
Cyber Law
• IT Act 2000– Legal recognition of electronic records– Acknowledgement of receipt of electronic records– Legal recognition of digital signatures– Submission of forms in electronic means– Receipt or payment by fee or charge– Retention of electronic records– Publication of rules, regulation in electronic form– CA to issue digital certificate
Some legal issues
• Data theft
• Email abuse
• Data alteration
• Unauthorised access
• Virus and malicious code
• Denial of Service
Thank You