Information security analytics

The Reserve Bank of India today asked commercial banks to put in place a framework that would ensure management of operational risk as an independent function within the organisation. The central bank directive comes in the wake of Basel II guidelines that require banks to explicitly earmark capital towards operational risk from April 2007. While demarcating banks' activities into eight business lines, the central bank has put the onus on a bank's board of directors and its senior management to ensure effective management of operational risk.

Sarbanes Oxley seems wholly focused on the accuracy of a company's financial records and controls around these records, so where does IT security come into the picture?

The curtain went down on Act One of Sarbanes-Oxley a couple of weeks ago. In April, the Securities and Exchange Commission (SEC) held an open discussion in Washington and a compliance software vendor, Certus, put on their own conference in San Francisco called Frontlines. We wrote up our conclusions from the latter event at that time.

A committee set up by India's Ministry of Communications and Information Technology to amend the country's Information Technology Act 2000 has recommended tighter provisions and stiffer penalties for data theft. The ministry released the recommendations of the committee to the public on Monday on its Web site, requesting views and suggestions by Sept. 19. However, it did not indicate when the proposed amendments would be enacted.

The Basel II capital adequacy framework is a regulatory tool that is designed to help mitigate the risk that haunts financial institutions. Its designers had a clear purpose in mind: to create safer and sounder financial institutions by mandating that the amount of capital that they hold offsets the risks inherent in the banking system.