Προσεγγίσεις, πρότυπα και πλαίσια ασφαλείας στον τραπεζικό τομέα
Καραμανλή, Ευαγγελία Ε.
SubjectΤράπεζες και τραπεζικές εργασίες -- Ποιοτικός έλεγχος ; Ποιοτικός έλεγχος -- Πρότυπα ; Διοίκηση ολικής ποιότητας
Nowdays, information and therefore information technology infrastructure is considered as one of the most important properties for an organization, it is of great value and therefore the need to protect it is evident. The object of this thesis deals with the case study implementation of the standards ISO27001: 2005 and Cobit in a Greek bank organization, using the ISF methodology and the tool IRAM. Initially, there is an overview of all the information security standards and approaches to implement an information security management system in organizations, which have been published by government agencies or non-governmental organizations today and we evaluate their applicability in a Greek banking institution. Afterwards, an overview is presented of all the methodologies and approaches that have been published on Risk Assessment and Risk Management, so that analysts and institutions are able to implement an integrated and comprehensive information security framework. Having carried out this review of the standards and methodologies, the decision is explained of our approach in the Greek banking institution XBANK to implement the standard ISO27001: 2005, having the Cobit as our framework by adopting ISF’s IRAM methodology. The case study presents the steps followed and part of the results of this work together with the security measures and controls chosen, with reference to risk analysis and business impact analysis that were conducted.