China - World Bank

www1.worldbank.org

China - World Bank

A Tremendous Potential E-financingMarket is is coming in ChinaServiceTelephoneUnit (person)Ten thousandExistedCustomers20352.9IncreasedCustomers2316.1MobileTen thousand18485.53963.4InternetTen thousand4331.9675.7Penetration ofTelephone/100 persons30.22Penetration ofinternet/100 persons3.25Penetration ofMobile/100 persons13.86Internet bankingTen thousand250.2InternetStockjobbingTen thousand491.8


What’s happening in the ChineseFinance Industry• Almost all the financial industries including retailbanks, insurance agents, stockjobbers, etc. havebeen delivering their products and services byinternet and telephone.• Almost all the banks are launching more money intodeveloping Internet banking, telephone banking,mobile banking and Call Center.• Three major banks are to role out Internet bankingwith Call Center collaboration.E-security as a key component to the delivery ofelectronic finance benefits is getting more and moreattentions!


Key Technology Risks• Authentication, Identity Verification, and Authorization• Transactions errors• Data Corruption• Repudiation of transactions• Intercept of data -- privacy and confidentiality• Hacking• Fraud and illegal acts• Virus intrusion


E-Security Framework and MechanismPolicies &StandardsClassification &ControlConfigurationManagementOrganizationInfrastructureManagementAdministrationProceduresSystems PlanningDevelopment &MaintenanceMonitoringLogging &ReportingValidated AccessAuthorizationAuthenticationAdministrationEnvironment AccessPerimeter Network Internal Network Application FacilityInternetExtranetWirelessDial-UpAccess ControlSecure CommunicationsWorkstationServersLANWANConfidentialityeMail & eFormsWebEnterpriseMiddlewareDatabaseReliable TransactionsIntegrityNon-RepudiationAccountabilityAreasEquipmentMediaPersonnelRoles &ResponsibilityTraining &AwarenessIncident ResponseComplianceVirusOperating SystemsInfrastructure IntegrityProtectionContentConfigurationNetwork DevicesIntrusion / MisusePhysicalSegmentationThird-Party AccessRisk ManagementRecoveryContinuityAvailabilityBackupRedundancy


Key Elements of Security Program• Reviewing physical and logical security:– Review intrusion detection and responsecapabilities to ensure that intrusions will bedetected and controlled– Seek necessary expertise and training, as needed,to protect physical locations and networks fromunauthorized access– Maintain knowledge of current threats facing thebank and the vulnerabilities to systems– Assess firewalls and intrusion detection programsat both primary and back-up sites to make surethey are maintained at current industry bestpractice levels


Thank you for your attention!

More magazines by this user
Similar magazines