Académique Documents
Professionnel Documents
Culture Documents
The branch has to do the BOD operation to begin the day's transaction. This is done before the day's
operations start. After the BOD the users will be given access to the full module so that they can do
transactions.
538
Physical security
Cryptography
Security management practices
Law, investigations, and ethics
-
The following are the accepted usage practices for desktop and laptop users:
1. Users are responsible for the security of their desktops and should take adequate measures to
restrict physical and logical access to their desktops.
2. The hardware/software will have to be configured securely as per the guidelines of the bank.
Secure configuration shall mean enabling auto anti virus updates, enabling firewalls (where the
operating system allows the same), enforcing passwords, disabling macros by default, patch
management (software upgrades) or any other such configuration standards that shall be decided
by the competent authority from time to time.
3. The users should not change any hardware configuration, settings in the operating system or any
applications installed on their desktops. If users require any change in hardware (e.g. attaching a
CD-ROM drive or an increase of system memory) or software settings, they should contact
respective EDPs. Any change in hardware/software settings, desired by the user, will be vetted by
the competent authority.
4. Users should not install any software or applications, on their desktop, that is not authorised or
not essential to bank's business. If the users require additional software, they should be installed
only after getting it vetted by the competent authority.
5. Users should not connect modems to their machines unless and otherwise approved by the
appropriate authority. Accessing external networks, including internet, using modems, exposes
the entire network to several risks.
6. The passwords selected should be of a minimum eight characters with a combination of alphabets
and digits. The passwords should be changed at periodic intervals at least once every month.
1. Protection measures.
To prevent the risk of unauthorised access, users should adopt the following measures:
- a.
Log out of all applications or turn off the desktop, if leaving the desktop unattended
for an
extended period.
- b.
To prevent unauthorised access while desktop is unattended for short durations,
enable the
screen saver with password protection.
- c.
In the case of core banking users, care should be taken not to leave the terminals in the
middle
of a transaction.
- d.
Disable sharing of folders in desktop with other users over the network.
-
PASSWORD MANAGEMENT
Employees (Users) are responsible for all activities originating from their computer accounts.
As a first level security measure, access is allowed to any information system only after authentication
through valid passwords at both the operating system level and application level. Users should,
therefore, protect the confidentiality of their accounts through good password management and should
not allow anyone else to operate their accounts.
-
- 2.
539
Password Construction
Users should choose passwords that are easy to remember but difficult to guess. Some of the
guidelines for password constructions are:
Own name, short form of own name, own initials, names of family, friends, co-workers, company
or popular characters should not be used.
Personal information like date-of-birth, address, telephone numbers, etc., should not be used.
Common words found in English dictionary should not be used.
- Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc., should not be used.
Any of the above words preceded or followed by a digit (e.g. secretl, lsecret) should not be used.
Strong passwords would have a minimum length of eight characters and can be constructed through
a mix of numerals (1, 2, 3, etc.), special characters (!, @, #, $, etc.) and capital letters (A, S, C,
etc.).
One way to create complex, but easy to remember passwords, is to take a known word or phrase
and convert it using numerals, special characters, and capital letters.
-
- 3.
-
Password Protection
a. Users should not share their passwords with anyone including colleagues and IT staff.
Users
should also not ask others (including customers and colleagues) for their passwords. All passwords
are to be treated as sensitive, confidential information. If the password needs to be shared under
unavoidable circumstances, care should be taken to change it at the next log in by the owner of
the password.
b. Users should ensure that nobody is watching when they are entering password into the
system.
Users should also not watch when others are entering passwords in their system.
c. User should not keep a written copy (in paper or electronic form) of their password in an
easily
locatable place. If the password needs to be written down, ensure that these are stored securely
and are masked or scrambled (e.g. by changing one or more characters of the password).
d. Users should change their password regularly. While some applications will enforce
password
change and complexity on users automatically, it may not be feasible to enforce it for all accounts
and for all applications. Users must change their passwords under any of the following
circumstances:
At least once in thirty days
As enforced by system (applications and operating system)
If password has been shared with someone else
As soon as possible, after a password has been compromised or after you suspect that a
password has been compromised.
e. Users who have been authorised to use the smart cards or private keys should safeguard
them
carefully as compromising the same could have wide ramifications.
27.11 INTERNET AND WORLD WIDE WEB - INFLUENCES ON BANKING
The twentieth century has been the century of the advent of Internet, e-mail and e-commerce.
Internet is the inter-connection between several computers of different types belonging to various
-
networks all over the globe. It is a network of networks. Internet gives the computer machine
powers that are
540
mind-boggling. To send (or receive) data within a matter of seconds to someone beyond the
country was unthinkable before the advent of the internet. The internet is making a major impact on
the information technology industry. The internet has more than a million computers attached to it.
-
The internet application that is drawing the most attention is the World Wide Web (WWW).
WWW is a series of servers that are interconnected through hypertext. Hypertext is a method of
presenting information in which certain text is highlighted that, when selected, displays more
information on the particular topic. These highlighted items are called hyperlinks and allow the users to
navigate from one document to another that may be located on different servers. The user can use the
browsing software such as Internet Explorer, Mosaic or Netscape Navigator to navigate the web. A
browser is a software that helps the users to navigate the WWW. The web is a graphic medium with
most web pages having some amount of images. The term home page commonly refers to the index
page of any organisations or source of information. The home page has links that take the user to
further levels of information within the same topic or other home pages.
E-mail is the most used feature of internet. It is the sending of messages through the internet as
mail on a definite address. Many sites on the internet provide free e-mail facility.
E-commerce means Electronics Commerce, i.e. buying and selling on the Web. It is a way of
enabling business over the net. Product and services can be offered through sites on the internet. Banks
and other financial institutions are working on various methods, protocols, and standards to enable such
transactions over the Web. The transactions are mostly done through credit cards and, therefore,
security as well as secrecy is very important for a trustworthy electronic commerce solution over the
Web.
Banks in India are not far behind the use of modern technology and many leading banks are
having their own home page, which provides details of the banks, their branches, and the services that
they render. Each branch of a bank has a separate internet address and an e-mail address through
which it communicates with other participants on the net. Banks-in India are now also venturing into ecommerce, slowly but steadily.
With the advent of internet, computer, and the World Wide Web, a modern bank is now
expected to be a 'The Convenience Bank'. It is now expected to have a working schedule of 365 days a
year and 24 hours a day. As against the traditional five and a half days a week banking, it is now a
seven days a week concept adopted by the modern banks. The modern bank network incorporates major
metros and cities aiming to tie-up all industrial and business centres in a network on-line and 'Round
the Clock'. This is designed not just to meet conventional banking needs, but also offers a broad
spectrum of investment options and an assurance of high returns. This philosophy is based on the
belief that a customer should spend less time on banking procedures and more time on his personal
and official work.
A modern bank with interconnected branches offers to the customer the convenience of being a
customer of the entire bank rather than one branch, since all branches are connected via satellite. This
enables an immediate transfer of funds. It also offers the convenience of 'Home-Banking', wherein a
customer calls the bank and Mr Convenience will come to his home/office to open his account
(facilities are normally intra-city only). The system offers the facility of banking 'Round the Clock' with
the automated teller machine (ATM) card. It also offers safety: safe deposit lockers are available in
various sizes to suit a customer's requirement at most branches. The customer has the facility of
banking seven days a week with Sunday banking and the convenience of personalised customer
service including the convenience of telephone banking: Dial 'n' bank. The concept of internet
banking is also fast picking up in India thanks to immense computerisation and technology
innovation.
-
541
27.13
KEYWORDS
Data: Data mean any facts, observations, assumptions or occurrences. In accounts they mean
accounting
entries to be passed in books of account to prepare financial statement.
Software: A computer is run on the basis of a set of instructions called the software programme
developed
by a computer professional called the programmer.
Computerised Accounting: Computerised accounting means maintaining books of
account and
preparing financial statement using a computer.
Internet: Internet is the inter-connection between several computers of different types
belonging to
various networks all over the globe.
World Wide Web (WWW): WWW is a series of servers that are interconnected through
hypertext.
Hypertext is a method of presenting information in which certain text is highlighted that, when
selected,
- displays more information on the particular topic. These highlighted items are called
hyperlinks and
allow the users to navigate from one document to another that may be located on different
servers.
-
27.14
TERMINAL QUESTIONS
(b) Data stored inside a computer and its processing are easily visible.
(c) Computerised accounting software may be single or multiple user type software.
(d) Computer includes in its meaning computer peripherals also.
(e) Ready-made and tailor-made, both the types of computerised accounting software are available
in the market.
(f)
542
(g)
10. (a) True (b) False (c) True (d) False (e) True.
11. (a) Computerised accounting; (b) computer programme, software programme; (c) back up;
(d) Computer viruses.
12.
BIBLIOGRAPHY
13. Anthony Robert N. and James Reece, Accounting Principles.
14.
15.
Decisions.
16. R.L. Gupta and V.K. Gupta, Financial Accounting.
S.P. Jain and K.L. Narang, Financial Accounting.
17.
18.