Download - Technology Management
![Page 1: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/1.jpg)
CAIIB- General Bank Management -Technology Management –
MODULE C
Madhav PrabhuM. Tech, MIM, PMP, CISA, CAIIB, CeISB, MCTS, DCL
![Page 2: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/2.jpg)
Agenda
• Information Systems and Technology
• IT Applications and Banking
• Networking Systems
• Information System Security and Audit
![Page 3: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/3.jpg)
Information Systems and Technology
• System terminology
• MIS and its characteristics
• Data warehouse
![Page 4: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/4.jpg)
System Terminology
• Systems Development Life Cycle– Planning and analysis – defines needed
information etc– Design - data structures, software
architecture, interface– Implementation - Source code, database,
documentation, testing and validation etc.– Operations and maintenance - ongoing
![Page 5: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/5.jpg)
SDLC
• A framework to describe the activities performed at each stage of a software development project.
![Page 6: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/6.jpg)
Various SDLC Models
• Waterfall Model when– Requirements are very well known– Product definition is stable– Technology is understood– New version of an existing product– Porting an existing product to a new platform.
![Page 7: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/7.jpg)
Various SDLC Models
• V-Shaped SDLC Model when– A variant of the Waterfall that emphasizes the
verification and validation of the product.– Testing of the product is planned in parallel with a
corresponding phase of development• Excellent choice for systems requiring high
reliability – tight data control applications – patient information etc.
• All requirements are known up-front• When it can be modified to handle changing
requirements beyond analysis phase • Solution and technology are known
![Page 8: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/8.jpg)
Various SDLC Models
• Prototyping Model when– Developers build a prototype during the requirements
phase– Prototype is evaluated by end users and users give
corrective feedback – Requirements are unstable or have to be clarified – Short-lived demonstrations – New, original development– With the analysis and design portions of object-
oriented development.
![Page 9: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/9.jpg)
Type of Information Systems
• Transaction Processing Systems
• Management Information Systems
• Decision Support Systems
![Page 10: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/10.jpg)
MIS Structure
• Strategic – Top management
• Tactical – Middle Management
• Operational – Lower Management
![Page 11: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/11.jpg)
Strategic
• External information – Competitive forces, customer actions, resource availability, regulatory approvals
• Predictive information – long term trends
• What if information
![Page 12: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/12.jpg)
Strategic Management
• The People– Board of Directors– Chief Executive Officer– President
• Decisions– Develop Overall Goals– Long-term Planning– Determine Direction
• Political• Economic• Competitive
![Page 13: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/13.jpg)
Tactical
• Historical information- descriptive
• Current performance information
• Short term future information
• Short term what if information
![Page 14: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/14.jpg)
Tactical Management
• People– Business Unit
Managers– Vice-President to
Middle-Manager
• Decisions– short-medium range
planning– schedules– budgets– policies– procedures– resource allocation
![Page 15: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/15.jpg)
Operational
• Descriptive historical information
• Current performance information
• Exception reporting
![Page 16: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/16.jpg)
Operational Management
• People– Middle-Managers to– Supervisors– Self-directed teams
• Decisions– short-range planning– production schedules– day-to-day decisions– use of resources– enforce polices– follow procedures
![Page 17: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/17.jpg)
MIS System
• MIS provides information about the performance of an organization
• Think of entire company (the firm) as a system.
• An MIS provides management with feedback
![Page 18: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/18.jpg)
The FirmProcessing
MIS: The Schematic
Input: Raw Materials, Supplies, Data, etc.
Output: Products, Services, Information etc.MIS
Managers, VPs, CEO
![Page 19: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/19.jpg)
MIS - Questions
Q: How are we doing?A: Look at the report from the MIS
Generic reports: Sales, Orders, Schedules, etc.Periodic: Daily, Weekly, Quarterly, etc.Pre-specified reports
Obviously, such reports are useful for making good decisions.
![Page 20: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/20.jpg)
How is a DSS different?
MIS• Periodic reports
• Pre-specified, generic reports
DSS• Special reports that may
only be generated once
• May not know what kind of report to generate until the problem surfaces; specialized reports.
![Page 21: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/21.jpg)
MIS vs. DSS: Some Differences
• In a DSS, a manager generates the report through an interactive interface– More flexible & adaptable reports
• DSS Reporting is produced through analytical modeling, not just computing an average, or plotting a graph.– Business Models are programmed into a DSS
![Page 22: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/22.jpg)
Decision Support System
• Broad based approach
• Human in control
• Decision making for solving structured/unstructured problems
• Appropriate mathematical models
• Query capabilities
• Output oriented
![Page 23: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/23.jpg)
Types of Decisions
Operational Tactical Strategic
Un-structured
Cash Management
Re-engineering a process
New e-business initiatives
Company re-organization
Semi-structured
Production Scheduling
Employee Performance Evaluation
Capital Budgeting
Mergers
Site Location
Structured Payroll
![Page 24: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/24.jpg)
Project Management
• Planning Tools– Gantt chart– PERT
• Interdependencies• Precedence relationships
• Project Management software
![Page 25: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/25.jpg)
Information Technology
• Some IT systems simply process transactions• Some help managers make decisions• Some support the interorganizational flow of
information• Some support team work
![Page 26: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/26.jpg)
When Considering Information,
• The concept of shared information through decentralized computing
• The directional flow of information
• What information specifically describes
• The information-processing tasks your organization undertakes
![Page 27: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/27.jpg)
INFORMATION FLOWS• Upward Flow of Information - describes the current
state of the organization based on its daily transactions.
• Downward Flow of Information - consists of the strategies, goals, and directives that originate at one level and are passed to lower levels.
• Horizontal Flow of Information - between functional business units and work teams.
![Page 28: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/28.jpg)
INFORMATION PROCESSING
1. Information Sourcing- at its point of origin.2. Information - in its most useful form.3.Creating information - to obtain new information.4.Storing information - for use at a later time.5.Communication of information - to other people or another location.
![Page 29: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/29.jpg)
Data Centers
• Centralised data environment– Data integration– Management awareness– Change impact
• Decentralised data environment– Functional specialisation– Local differences– User proximity– User confidence– Lack of central control– Corporate level reporting– Data redundancy– Loss of synergy
![Page 30: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/30.jpg)
IT Applications and Banking
![Page 31: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/31.jpg)
Banking Systems and software
– Multi currency– Multi lingual– Multi entity– Multi branch– Bulk transaction entry– High availability– Performance management
![Page 32: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/32.jpg)
Selection criteria
• Industry knowledge• Banking IT knowledge• Application familiarity• Project Management• Pricing options• Track record• Incumbency• Technical skills• Accessibility• Total Cost
![Page 33: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/33.jpg)
Other systems
• Electronic clearing and settlement systems– MICR/OCR– Debit Clearing system– Credit Clearing system– RTGS– Cheque truncation
• Electronic Bill presentment and payment– Decrease billing costs– Provide better service– New channels- new revenue
![Page 34: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/34.jpg)
Networking Systems
![Page 35: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/35.jpg)
Data communications
• Electronic mail
• Internet Connectivity
• Local Area Networking
• Remote Access Services
![Page 36: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/36.jpg)
Information System Security and Audit
![Page 37: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/37.jpg)
Computer Security
• Physical security
• Logical Security
• Network security
• Biometric security
![Page 38: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/38.jpg)
Physical Security
• Intrusion prevention- locking, guarding, lighting
• Intrusion detection mechanisms – Disturbance sensors, buried line sensors, Surveillance
• Document security
• Power supply
![Page 39: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/39.jpg)
Logical security
• Software access controls– Multiple type of access control– Internal access control – based on date, time
etc– Max tries– Audit trails– Priviliged access– Encryption
![Page 40: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/40.jpg)
Network Security
• Physical intrusion
• System intrusion
![Page 41: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/41.jpg)
Attacks
• Impersonation - forging identity
• Eavesdropping – Unauthorised read
• Data alteration – Unauthorised edits
• Denial of Service attacks - Overloading
![Page 42: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/42.jpg)
Intrusion Detection Systems
• Categories– NIDS – Network Intrusion Detection –
monitors packets on network– SIV – System Integrity Verifier – files sum
check– Log file Monitor – Log entry patterns
• Methods– Signature recognition – Pattern recognition– Anomaly detection – Statistical anomalies
![Page 43: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/43.jpg)
Firewalls
• First line or last line of defence?
![Page 44: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/44.jpg)
Others
• VPN
• Encryption
• Honey pots
![Page 45: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/45.jpg)
Biometric Security
• Signature recognition
• Fingerprint recognition
• Palmprint recognition
• Hand recognition
• Voiceprint
• Eye retina pattern
![Page 46: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/46.jpg)
Communication Security
• Cryptography
• Digital Signatures
• PKI
• CA
![Page 47: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/47.jpg)
Cryptography
• Art and science of keeping files and messages secure.
• Encryption
• Key – to encode– DES and Triple DES, IDEA– Safe key length
• Cipher
• Decryption
![Page 48: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/48.jpg)
Digital Signatures
• Usage
• Verification
• Why use?– Authenticity– Integrity– Confidentiality– Non repudiation
• Prerequisites – Public private key pair, CA
![Page 49: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/49.jpg)
PKI- Public Key Infrastructure
• A framework for secure and trustworthy distribution of public keys and information about certificate owners called clients
• Client
• Key Management– High quality secret keys– Generation
• Key distribution
![Page 50: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/50.jpg)
CA- Certification Authority
• Central Authority
• Hierarchical
• Web of Trust
![Page 51: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/51.jpg)
Disaster Management
• Natural
• Accidents
• Malicious
![Page 52: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/52.jpg)
Disaster Management
• Disaster avoidance– Inventory– Risk Management
• Disaster Recovery– Data off site– Data off line– Data out of reach– Test
![Page 53: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/53.jpg)
Business Continuity Planning
• Employee awareness
• Fire detection and prevention
• Hardcopy records
• Human factors
• LAN
• Media handling and storage
![Page 54: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/54.jpg)
DRP – Disaster Recovery Planning
• Preplanning
• Vulnerability assessment
• BIA – Business Impact Assessment
• Detailed definition – RTO and RPO
• Plan development
• Testing
• Maintenance program
![Page 55: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/55.jpg)
IS Audit
• Objectives– Safeguarding assets– Data Integrity– Process Integrity– Effectiveness auditing– Efficiency auditing– Importance
![Page 56: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/56.jpg)
IS Audit Procedures
• Audit objectives
• Planning– Who, how and reporting structures
• Audit Software – execution
• Reporting
![Page 57: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/57.jpg)
System Audit - Security
• Environmental Controls• Access controls• Input controls• Communication controls• Processing controls• Database controls• Output controls• Control of last resort (DRP, Insurance)
![Page 58: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/58.jpg)
Cyber Law
• IT Act 2000– Legal recognition of electronic records– Acknowledgement of receipt of electronic records– Legal recognition of digital signatures– Submission of forms in electronic means– Receipt or payment by fee or charge– Retention of electronic records– Publication of rules, regulation in electronic form– CA to issue digital certificate
![Page 59: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/59.jpg)
Some legal issues
• Data theft
• Email abuse
• Data alteration
• Unauthorised access
• Virus and malicious code
• Denial of Service
![Page 60: Technology Management](https://reader034.vdocuments.us/reader034/viewer/2022051818/54b719514a795903798b45d4/html5/thumbnails/60.jpg)
Thank You