Kotak Mahindra Bank-Info Security Assurance

Information security risks exist 24x7 because IT infrastructure of a bank
runs continuously, and is open all many at one point or the other. So Kotak
Mahindra Bank wanted a new model for information security that would provide
higher value to their business. The model would ensure operational excellence in
information security governance and deliver result-based information security
measurement and reporting. The new solution would be holistic, continual and
integrated to address security challenges for today and tomorrow. So, they
deployed a managed security services solution wherein the system would be able
to report security strengths and weaknesses in near real-time to drive action.
It tells the level of security the system is in. The bank now has a consistent
level of information security. The new system takes up security measures like
phishing combat, e-mail security, scanning desktops, vulnerability testing,
patch mgmt, and user authentication. The managed security solution has seven
components, namely risk engine, vulnerability mgmt, threat mgmt, access mgmt,
process risk mgmt, compliance mgmt and governance. The risk engine has a
repository of risks and appropriate controls as well as a repository for banking
industry drawn from several sources.

	Project Specs Business problem: There was no one-stop information security model that would help the Bank to combat all types of security threats IT solution: A managed information security assurance program deployed Impact: Expected cost reduction of over 30%; network downtime due to security breaches Implementation partner: Paladion Networks
Arvind Kathpalia, Head-Operations, Technology & Finance

New risks can also be added to the list.
The system constantly monitors internal and external environments to update risks
and controls. It maintains an inventory of asset and IT and business-dependent
processes in the bank and maps risks and controls from repository to them. The
self-assessment and audit module of the project checks for compliance,
effectiveness and report for driving improvements. The system also lets you
decide the value of risk and suggests methods for mitigation. There is also an
e-learning and security portal to carry out security training and awareness
programs across the bank.