Three CISOs have diverse views.
Vivek Gupta, CISO at Allahabad Bank, feels uses of dual authentication in internal environment without exceptions, use of remote access of sensitive servers from less secured and controlled environment, use of emails or USBs in privileged systems, common user set in help desk/ service support systems which run in shifts, various policy validations including domain and groups, management of secured configurations, usage made by super users (if PIM is not implemented), managing various vendors, version control and weaker security of test systems/ networks/ data/ users/ backup etc are some of the measures which are very essential but are not implemented often by BFSI institutions.
Nabankur Sen, CISO at Bandhan Bank, says scrutinizing logs carefully, configuration of alerts through SIEM not by default and implementing security policy strictly are the areas that BFSI organizations commonly neglect. He is of the view that periodic risk assessment, not allowing applications with security bugs in production environment, rectification of vulnerabilities in a time-bound manner or else penalize those concerned and period check of firewall rules are some of the minimum measures needed to ensure security.
Prateek Mishra, CISO at IDBI Federal Life Insurance Co, maintains that measures that are routinely forgotten are automated inventory management (of CCTVs, desktops, printers, servers etc), thorough user access management (access given to employees along with those given to the vendors), secure configuration and patch management across all the systems, metrics on the effectiveness of individual security controls and improper API inventory and API assessments.
– Manoj Agrawal, Group Editor, [email protected]
