Dubai Islamic Bank Essay

The document info warrantor system Policy Framework focuses on strategy and roles for implementation warranter constitution in Dubai Islamic verify. Information Security has become and important aspect for the financial existence especi any in ally for a imprecate to protest life-sustaining discipline resources. The sizeableness of this fact needs to be clearly highlighted so that adequate broadsheet sack up be implemented to get wind that acceptable level of bail is in place at the systems and networking level.The policy also addresses the password security guidelines for effective wariness of passwords associated with user and administrative profiles, network devices and other specialize peripheral devices associated with the infrastructure. Responsibility of the Employees The development security policy should be whole read and its importance should be understood. In case of whatsoever queries, pull through letter to concerned department flip. Keep corporate cultivation occult dont sh ar this information with people stunned-of-door DIB. follow orphic of your password. Only you be desire billable with all the activities associated with your profile. Be observing look for singular activities in your area and report it to your manager for strict executes. It is the responsibility of every individual to comply with this policy. Non compliancy may resolving in disciplinary action. Components of security policy The major components of security policy are ? jeopardy analysis identification of comminuted assets ? Risk management protection of identified assets.The objective is to pee-pee sure that employees of the bank building should know their roles and responsibilities in protection of information assets and to emphasize the importance of having secured communication. Risk analysis critical business concern employments As all functions of DIB are automated, downtime of any system has a direct implication to efficiency and working. Some systems are mission critical as they impact directly to customers. Mission critical application are mentioned as follows, in order of priority. ? Core banking application ? Electronic messagingRisk management Risk management is the serve of identifying potential threats. Protection of information resources Information resources including customer information or other critical system parameters should be protected from accidental or intentional modification or disclosure. This includes loss of information physically and logically. Information should be classified with the level of risk associated with it by the business owners. at once the information is classified, appropriate controls should be implemented to protect the information.Internet Security Internet access would be granted to users for business purpose only. topic information security Confidential information such as account statements, reports, ledgers or customer related information, security poli cy, corporate policy and mathematical function etc should be retained in a secure and locked cabinet. Information such as package license or maintenance agreements or information that is highly confidential should be kept securely in just or fire proof cabinet with combination lock enabled. never leave your desk unattended for long hours.While dispatching memos / earn internally, It should be mark as Confidential with recipient name and address and should be besotted in an envelop. Information security administration Information engineering social class reserves the right to assign or revoke user permissions found on approve request and conduct entitlement review. Security officer should be assigned to conduct this task in segregation. The security officer not is involved in performing any transactions that conflict with the security administration function.Security officer is required to review security study logs, exception handling reports and document any unusual or su spicious activity. Compliance Dubai Islamic armes and corporate office portions are required to ensure compliance as per the rules and guidelines mentioned in security policy. Divisional heads should have a formal documented process to conduct self-assessment on semi annual basis. These results should be communicated to risk management ream for mitigation activities.Audit and implementation division should reference the security policy while conducting internal audit of branch / divisions. System and operations division should ensure compliance for all the useable unit areas of Dubai Islamic bank. Conduct self-assessment and periodic checks that regulatory and central bank wants are being adhered to. A process should in place to make sure that whenever a new project is launched, concerned division entrust ensure and verify that security controls are implemented at the initial phase of the project.Human resource division includes security awareness computer program as an integ ral part of training IT quality assurance and compliance manager will ensure compliance of this policy for all systems and technology related platform. Self-assessments and review will be conducted to validate that relevant processes are in place. This unit are will also circulate letters to create awareness among users to follow the security policy and abide by the rules and regulations as defined. In case of any incident or despiteful or fraudulent activity, inform your respective manager and divisional head IT for further investigation.Social Engineering Social engineering is the human action of breaking the security. Users should be careful while talking within and outside the organization. Information security can be violated very substantially or may fail, if an employee gives away confidential information whether intentional or unintentional. Employees should be careful while talking on telephone and reply questions with unknown recipient or replying back an unknown email message. If a user is not sure whether to answer such a question, he/she should consult the line manager. Information sharingConfidentiality of information should be maintained. This includes information such as PIN codes, TPINS, passwords, customers financial statements, banks budgetary statements, cash positions are all treated as confidential information and should not be shared among employees. Avoid yarn confidential documentation in a public area. The classification for confidential and public / shared information should be classified by information owners. Information that is required to be shared can be circulated in the form of letter or policy document or can be uploaded on internet.Access rights should be implemented so that unofficial people does not go through the information that is meant for some precise people. Employees can share information only if they have valid business reason. Installation of software applications Application / software installed on corporat e systems should be licensed. Unlicensed software should not be installed on any system. all software installations would be carried out by the IT support staff by ensuring first that the said software fulfills the obligations of software licensing.For third party software installations, the IT support staff would accompany such individuals with prior scheduling and reviewing all hardware wants and post implementation impacts. Users would be cut back from downloading and installing software, freeware and shareware or evaluation copy of software on corporate laptops / workstations. This increase the run across of installing virus or Trojan thus compromising critical corporate resources. Only standard corporate software on approved list should be installed and accessed.In case there is a requirement to install application other than approved software then disagreement should be filed and approved by divisional head IT and subsequent approvals from host head IT. Users are not allo wed to download and install crummyy conceal saves and desktop backgrounds, only windows default settings should be used. User of external media theater of operations recipients are not allowed to relate personal laptop or workstation on the DIB network. Only corporate equipment should be connected on corporate network. both such travail would be taken up as an attempt to sabotage the network.Use of removable media such as floppy disk, CDs, DVDs, flash drives via USB port or any other external media on DIB force field is strictly prohibited. In case if there is any business requirement the same may be forwarded to the information technology division or for scanning and uploading of document in a shred folder with restricted access rights. Use of modems of any sort on the corporate workstations/ laptops and dialing out via internet over corporate network is strictly prohibited. Should there be business requirements to do so the said workstation would NOT be allowed to connect t o the corporate network.