Kotak Mahindra Bank-Info Security Assurance

Information security risks exist 24x7 because IT infrastructure of a bank

runs continuously, and is open all many at one point or the other. So Kotak

Mahindra Bank wanted a new model for information security that would provide

higher value to their business. The model would ensure operational excellence in

information security governance and deliver result-based information security

measurement and reporting. The new solution would be holistic, continual and

integrated to address security challenges for today and tomorrow. So, they

deployed a managed security services solution wherein the system would be able

to report security strengths and weaknesses in near real-time to drive action.

It tells the level of security the system is in. The bank now has a consistent

level of information security. The new system takes up security measures like

phishing combat, e-mail security, scanning desktops, vulnerability testing,

patch mgmt, and user authentication. The managed security solution has seven

components, namely risk engine, vulnerability mgmt, threat mgmt, access mgmt,

process risk mgmt, compliance mgmt and governance. The risk engine has a

repository of risks and appropriate controls as well as a repository for banking

industry drawn from several sources.

	Project Specs Business problem: There was no one-stop information security model that would help the Bank to combat all types of security threats IT solution: A managed information security assurance program deployed Impact: Expected cost reduction of over 30%; network downtime due to security breaches Implementation partner: Paladion Networks
Arvind Kathpalia, Head-Operations, Technology & Finance

New risks can also be added to the list.

The system constantly monitors internal and external environments to update risks

and controls. It maintains an inventory of asset and IT and business-dependent

processes in the bank and maps risks and controls from repository to them. The

self-assessment and audit module of the project checks for compliance,

effectiveness and report for driving improvements. The system also lets you

decide the value of risk and suggests methods for mitigation. There is also an

e-learning and security portal to carry out security training and awareness

programs across the bank.