Is the Security Bubble Within the Banking Sector About to BURST?

摘要

- In the context of Access provision, Identity access management holds the key to administering, monitoring and assurance of access to information within the Bank, both internal premises and application hosted on cloud. It is vital that the information is available when required providing both integrity and confidentiality. Failure to deliver information on time, lacking in integrity could results in compensation, loss of business, disclosure of company secrets and compliance issues. Identity management is widely herald as an opportunity for enhancing the operational process in information security, reducing cost, enhanced reporting capability and regulatory compliance. However in recent year this has proven to be the concept misunderstood, complex and costly. A case study within an investment Bank information system department is used to highlight issues around access management and the controls. Organisation is still reliant of manual provisioning of information access, user access addition, removal and update. This leave user under-privilege or over privilege access, high risk of human error and this could open up the organisation fraud risk. In this paper we extend the, issues within the previous unsuccessful implementation of Identity access management solution and highlight flaws within the access control provisioning requirements within investment banks by proposing a model framework to be used by the banks to enhance the process of access control and to be use by software vendors as a guideline in developing access provisioning identity access management software.