The Bank of Zambia Experience Shamambo W Saasa
advertisement
BANK of ZAMBIA Protea Safari Lodge 24th – 28th August, 2008 The Bank of Zambia Experience Shamambo W Saasa Manager – ICT Security & Quality Assurance Bank of Zambia Policies Procedures Standards FOCUS AREAS Align activities to Strategy Deliver Value Management Resource prudently Judiciously managing RISKS faced Measure Performance Understand UnderstandAssociated AssociatedRisks Risksand andExploit ExploitIT ITbenefits benefitsand and find findways waysto todeal dealwith: with: ••Alignment AlignmentofofIT ITwith withBusiness BusinessStrategy Strategy ••‘Standard ‘Standardofofdue dueCare’ Care’ ••IT ITenabling enablingthe theBusiness Business ••Obtaining Obtainingvalue valuefrom fromIT ITinvestments investments ••Providing Providingorganizational organizationalstructures structuresthat thatfacilitate facilitatethe the implementation implementationofofstrategy strategyand andgoals goals ••Creating Creatingconstructive constructiverelationships relationshipsand andeffective effective communication communicationbetween betweenthe thebusiness businessand andIT, IT,and andwith with external externalpartners partners ••Measuring MeasuringIT’s IT’sperformance performance ••Linkage Linkageto toBusiness BusinessRequirements Requirements ••Make Makeperformance performanceagainst againstrequirements requirementstransparent transparent ••Organize Organize activities activitiesinto intoaagenerally generallyaccepted acceptedprocess processmodel model ••Identify Identifymajor majorresources resourcesto tobe beleveraged leveraged ••Defining Defining the themanagement managementcontrol controlobjectives objectivesfor forconsideration consideration Governance Governanceand andControl ControlFrameworks Frameworksare arebecoming becomingaapart partofofIT IT Management ManagementGood GoodPractice Practiceand andare arean anEnabler Enablerfor forestablishing establishing IT ITGovernance Governanceand andComplying Complyingwith withRegulatory RegulatoryRequirements. Requirements. • Structured Innovation & Change • Competitiveness • Survival • Growth • Cost Containment • Changing technology • User accessibility • Business reliance on IT • Adapting to changing business needs • Business / IT alignment and fusion • A commonly accepted, formal body of Knowledge • Formal recognition by fellow Professionals • Subscription to a code of ethics Control Manage Measure COBIT FRAMEWORK 4 Domains 34 IT Processes Activities Activities COMPONENTS Capacity Capacity Management Management Availability Availability Management Management Service Service Level Level Management Management IT IT Financial Financial Management Management IT IT Service Service Continuity Continuity BANK of ZAMBIA PMBOK PMBOK –– PROJECT PROJECT MANAGEMENT MANAGEMENT ISO27002 ISO27002 aligned aligned ICT ICT SECURITY SECURITY POLICY POLICY COBIT COBIT -- GOVERNANCE GOVERNANCE ITIL ITIL –– SERVICE SERVICE MANAGEMENT MANAGEMENT BANK of ZAMBIA Business Intelligence Delivery Systems Temenos Banking operations RTGS Systems Administration Common Single Database EDMS Human Resources BSA Procurement & Logistics Financials Vault Management Economic Analysis CURRENT & PROJECTED SYSTEMS Security & Usability Compromise Policies, Standards & Procedures Ease Of Use Security Dilemma Need for Security Vs Need to provide Services & Products Usability Vs Security Balance ICT Security Policy COBIT Low Confidentiality ISO/IEC Prevention Firewalls, VPNs, Antivirus Software, Content & URL Filtering, OS Platform Management People Information Applications Infrastructure [..Data..] Co m Easy to Use – Low Security Zo prom n e is e Security Access Control Directory Services - [MS Active Directory] Physical Security - Babylon System [..Business Objectives..] Integrity Availability Response & Remediation Antivirus (Threats) Management Network Management Patch Management Inform & Train Users Continuous Monitoring & Evaluation Reliability Effectiveness Efficiency Process Enhancement SDLC Project Management - PMBOK Service Delivery- ITIL Service Support - ITIL Difficult to Use – High Security High ICT Security Implementation Some Areas Of Implementation Business Continuity Management Data Encryption Physical & Environmental Security Management •WebSense – Internet Content & URL Filtering •Kaspesky – Email, AntiSpam •Microsoft Active Directory Services – Access Control •Windows Server Update Services (WSUS) – Patch Management •WASP – Asset Tracking & Management •Babylon Access System – Physical Security Network Admission Control Logical Security – Operating Systems, Applications Symantec Antivirus Enterprise Edition Servers, PCs, Email Symantec End Point Compliance Anti-virus, AntiSpam, AntiSpyware Administration Tools Implemented Underway Implementation Data Centric Based Security Implementation Redundancy •PolicY •PolicY driven driven approach approach to to addresiing addresiing Regional Regional Cybersecurity Cybersecurity threats threats •Guided •Guided by by Standards Standards •Internal •Internal Quality Quality Assurance Assurance Capacity Capacity with with corporative corporative External External Assurance Assurance •Template •Template designs designs to to assist assist COMESA COMESA member member states states •Change •Change in in business business approach approach on on Cybersecurity Cybersecurity matters matters •COMESA •COMESA REPSS REPSS System System Re-alignment Re-alignment to to ICT ICT Security Security and and ensure ensure compliance compliance by by member member states states Thank You Q&A
