The rapid developments in information technology and security segments should promote value advantage to stakeholders, says Dr. R. Seetharaman, Group CEO, Doha Bank, the leading private commercial bank in Qatar.
He was speaking at a conference titled ‘Information Security in the Financial Sector- Enabling a Secure Financial Community’, held this week at West Bay Lagoon, Doha. Senior executives from various Central Banks, Global and Regional Bankers, as well as technology consultants participated in this event.
Dr. Seetharaman highlighted the key purpose of the meeting and current trends in the niche I-banking segment. “There is a significant change on how banks do business these days, and how the customers are now banking and obtaining a multitude of financial services. The rules have changed for better, and opponents – old and new – are armed with experts in information security, and the risks are more than ever. I- Banking changes present huge business opportunities for banks, while on the flipside they have dramatically modified the sector and in some cases this development increased many of the traditional information security risks associated with banking activities,” he said.
Dr. R. Seetharaman gave insights on responsibilities arising from information security developments. “Regulation in Qatar has changed further to support the efforts in managing Information Security risks for financial institutions. There is a current draft related to cyber-crimes law, which is going through the legislative process. ICT Qatar implemented regulations related to Electronic Transactions (the E-Commerce Law No. 16 of 2010), and associated laws, which contains limited provisions in relation to certificates for electronic transactions. Qatar Central Bank (QCB) issued circulars such as 105/2012 and 101/2013, to emphasis on the importance of securing financial and customers information,” he added.
Dr. R. Seetharaman highlighted the efforts of Qatar authorities on information security. He said, “Qatar Central Bank established the Information Security Committee (ISC) and mandated to all the banks that operates in Qatar to be a member of it. The Ministry of Information & Communications Technology (ICT) in Qatar and its Qatar Computer Emergency Response Team (QCERT) have played a major role in supporting the entire Banks in Qatar. The Ministry of Information and Communications Technology – Qatar developed the Qatar National Information Assurance Policy, NIA.”
Policy (equivalent to ISO 27001), which will significantly improve the overall Information Security and Technology Controls for the key infrastructure in Qatar. The Ministry of Interior (MoI) provided great support to fight cyber security criminals, through its Cyber Crimes Investigation Centre. Qatar will be a completely cyber-secured country in the immediate future, further strengthening the Qatar National Vision 2030.
Dr. Seetharman also gave insights on the initiatives undertaken by various banks on information security system. “Banks introduce new policies and standards that address the dynamic nature of Information Security. Banks conduct security assessment of ATMs to prevent the increased security risks related to the related hardware and software. Physical Security Controls have been enhanced in the premises bank, which also implement many cyber security controls to reduce the impacts of online Phishing Attacks. IT Security Controls improved through a number of progressed measures that includes Data Leakage Prevention (DLP), controls over Email, web, and endpoints with new ways of DLP detection and prevention techniques, along with other requirements such as removable media security, security operations Centre, formalized process for code reviews to identify application level threats, and common infrastructure security reviews,” he said.
“When it comes to the evolution of information security, Dr. Seetharman said, “Security management has evolved over a point of time. The computers evolved from mainframes, then shifted to Personal Computers, and then to the Internet, Cloud Technology and Mobile. The IT Security has also evolved on account of developments in Computer. In information security management, risks associated in the mainframe include unauthorized access, Disaster recovery, Back-up of data and Computer dependency. The risks have further compounded today due to Privacy concerns, Vulnerabilities, Cyber terrorism, Insider sabotage, mobile computing, Wireless access, Worms, Trojan Horses and spyware. Information security is now viewed as a key risk management and compliance issue. The focus is on accountability and integrity.”
Dr. Seetharaman emphasized the key intiatives on information security in Qatar. He said, “There is a strong need for cyber security law in Qatar. Information security function should be strengthened further in banks. Information security awareness to be developed. Roles of customer and bank clearly defined. Information security planning part of strategy in banks. Involve staff in electronic crimes unit of Ministry of Interior with QCB security committee. Increase frequency of regulatory inspections on banks cyber security network. Information technology is moving faster hence Information Security should catch up with Information technology.”
For further information, please contact:
Ms. Tasneem Raza