Bank Negara Policy Document on IT Risk Management
Bank Negara, Malaysia in its IT Risk Management policy document very succinctly puts that with the more prevalent use of technology in the provision of financial services, there is a need for financial institutions to strengthen their technology resilience against operational disruptions in order to maintain confidence in the financial system. The growing sophistication of cyber threats also calls for the increased vigilance and capability of financial institutions to respond to emerging threats.
Bank Negara Malaysia policy paper S 10.61 explicitly states that:
(a) access controls to enterprise-wide systems are effectively managed and monitored; and
(b) user activities in critical systems are logged for audit and investigations.
Activity logs must be maintained for at least three years and regularly reviewed in a timely manner
In this paper, ARCON explains how its robust risk control solution ARCON| Privileged Access Management helps financial institutions in addressing some of the toughest challenges emanating from Information Technology.
ARCON Privileged Access Management offers IT risk management and governance teams with the following safeguards
- A unified policy framework to restrict and control privileged user access to target systems
- Granular level control to ensure rule and role based access to critical information
- Real time monitoring of privileged users including third party activities on databases, network devices, could applications, servers and other business critical applications
- Robust password vaulting and randomization to secure privileged credentials
- Multi-factor authentication to ensure authorized access to target systems
- Detailed Audit trails of all privileged tasks happening in the IT ecosystem
ARCON | PAM can secure a financial institution’s IT infrastructure by offering the following:
- Building resilient Information Security framework
- Ensuring authorized and secure access to systems
- Keeping the brand equity intact as it mitigates data breach incidents
- Winning the digital trust of all business stakeholders
- Complying with all major international security standards