ICICI Bank has a mature Risk Management framework that requires every system
and application to undergo risk assessment before it can attain live status. The
bank could foresee the possibility of malicious code being accidentally ported
to live servers through seemingly innocuous business created content such as
promotional pages, mailers, micro-sites along with minor application pages that
brought about 'only aesthetic changes' to the applications. These changes, since
rendered minor were not screened. It meant a significant effort and cost to
address screening of about 200 odd pages and business content per day.
To overcome this issue, ICICI Bank set up the Business Content Scanning Engine (BCSE),
which is a self, help portal where business teams can submit a URL while it is
on a test server; the real-time system generates a simple GO/NO-GO report in a
few seconds. This report can be comprehended by business with clear directions
to close the issues. To address incremental application content, the bank set up
WEBSCAN, a self-help solution that can scan for all critical vulnerabilities for
the submitted pages. ICICI Bank set up the SaaS based malware monitoring as a
detective control. With these solutions in place, the bank could implement 100%
screening of all content, real-time approvals for business content thereby
enabling business agility, and increased business agility and security
assurance.
Project Specs |
|
Implementation Partner Armorize Technologies |