Internet banking - audit and security

About the course The internet is a highly functional but potentially very insecure means of enacting or controlling a business. It represents very low costs of network ownership and access to the widest possible customer base, but exposes your company to the accumulated risks of a vast number of unknown connecting machines and persons, over whom you have no direct control. The banking industry has been torn between the security of closed networks and in-house systems on the one hand, and the open internet, with its vast number of potential clients and cheap networks. As history shows, we have been driven down the pathway of internet connectivity and this is largely due to the heart and soul way in which the public has embraced the technology. It has come to the pass that for a high street bank that does not trade the internet way, that at some point in time, it will not be trading in the high street at all. The course aims to show you how the computer systems that run internet banking work, what the main risks are and how best practice should be followed to mitigate those risks. You will build your own web sites, see a firewall in action and examine competitors’ internet banking sites and assess their vulnerabilities. Anyone who needs to know and understand the elements of internet banking, from a security or audit standpoint, must attend this course. The IT technical components will be explained to you, so you will understand how the various elements work together. Also, the organisational and management aspects of internet banking, equally critical, are addressed. Auditors, security specialists, project managers and project owners will all benefit from this course. You will find some of the components of e-commerce in the lab and will have a chance to examine it first hand – PKI software, a web site, CGI programs, a firewall and much more. We will show you how to find your way around web sites representing best practice in internet banking. Learn how to examine browser and web server configurations. Build a digital certificate. Prerequisites Delegates should have a reasonable knowledge of IT in general and of the banking/finance industry. You should feel comfortable investigating system settings through a Windows GUI interface, as well as entering line commands in console environments. Some investigations may be carried out on a Unix platform. The course has technical content, but this is generally technically in breadth, rather than depth. Audience If you come from one of these business areas, you would find the course very useful: An application developer seeking a wider view of the wired-world An IT manager from the finance/banking industry, wishing to understand how the technology fits together and what the risks are A senior user or system owner wishing to establish sources of risk An internet banking project manager Computer auditors and computer audit planner Computer security specialists Business risk analysts Legal experts who need to understand how internet banking works and how the components are connected together Duration: 3 days