FEDBANK

FINANCIAL SERVICES LIMITED

IT Risk Management
The Business environment is constantly changing and new threats and
vulnerability emerge every day. Secondly the choice of counter
measures (controls) used to manage risks must strike a balance
between productivity, cost, effectiveness of the counter measure, and
the value of the informational asset being protected.
Risk management is the process that allows IT managers to balance
the operational and economic costs of protective measures and achieve
gains in mission capability by protecting the IT systems and data that
support their organizations missions.
This process is not unique to the IT environment; indeed it pervades
decision-making in all areas of our daily lives.
IT systems must have to provide the desired level of mission support in
the face of real world threats. Most organizations have tight budgets for
IT security.
1

FEDBANK
FINANCIAL SERVICES
LIMITED

Security & Alarm System->

We are already having CCTV and Hooter in our branches which will be having
a real time capturing of events clips and the Hooter will give a panic signals
and make noise to get attention of the public in case some thing is happening
abnormally, IR Camera to capture the images during night hours (fixed inside
Safe room) and additionally some branches to capture the entrance.
Training->
Training has been given to branch staff and other verticals like Vigiliance, audit
etc. to verify the CCTV on daily basis and during branch visits. Alert mail will
be sent about checking the CCTV footages to branches and other verticals on
daily basis and surprise checking will be done from IT team to verify the CCTV
recordings and proper functioning.
Reporting the issues->
We are already having the Manage Engine tool to report the IT related issues
apart from sending mails or calling over phone, which will be on record as
well, when the CCTV, UPS having issues in any branches, and when ever user
not able to log the call they can report by means of phone or mail we will log
a call on behalf of the user and take it up with the respective vendor for

FEDBANK
FINANCIAL SERVICES
LIMITED

Identified Areas of Risk Involved

Virus & Malwares->
Symantec Cloud Antivirus has been installed on the Desktops, Laptops &
Netbooks which will protect our network environment from virus and
malwares on real time basis, updates will be taking directly from the
server, and centralized monitoring done remotely.
Personal Mails & Social networking Blocked->
We are already blocked accessing of personal mails and social networking
sites which may be not required for the business point of view and also to
properly utilize the man hour during the Business hours.
Data Transfer-> We are Blocked the USB mass communication devices like
pen drive, mobile & memory chips/ card readers which are possible to
transfer companies important data as well as customer details to our
competitors.
External Emails:We had already blocked the external Emails from sending / receiving to
avoid any

FEDBANK

FINANCIAL SERVICES LIMITED

Array-> Implemented Array to secure the accessibility of the Links to only authorized
users.
Password Protection-> We are protected every applications like User Login, Array, Finnone,
mail, Manage Engine, HRMS,FTP, Domain etc and password policy reset every 45 days.
OTP-> OTP is generated to and the same will be validated during the Loan process to avoid
any wrong mobile numbers of the customers entered into the system which is required to
follow-up and chase during the Auction time, and send SMS about new products.
MPLS-> With the Help of MPLS we could able to bring the systems on domain and possible
to have virtual network internally to communicate from branches to Server located
internally and also escalation and follow-up made easy with the common vendor instead of
different vendor who can be followed only by branch staff.
AMC / Preventive Maintenance-> Vendor will be conducting preventive maintenance on
quarterly and avoid the down time of the equipment.
Plans Pipelined-> Working closely with the Safety and Security solutions vendors like (Tyco,
Zicom etc.) to identify suitable devices which shall give real time alerts on the spot and
also give alert of any attempt of theft / burglary during the day or night time.
4

Educating the user -> Educating user about the Risk involved by connecting BYOD which