Protection of Bank Data

Page 1 of 2

In the context of its recurrent control process, a company wished to assess the protection level of its bank data stored on its computer system. Bluekrypt carried out the audit on the basis of interviews of technical verifications. The analysis focused on the system, network and applications under use.

Context

The assessment revealed positive points and others to be improved.

Positive points

To protect bank data, some services limit the nature of the stored data and implement some protections (for example: ciphering),
A jamming mechanism of the data has been set up,
Access to the environments is submitted to approval and other appropriate procedures.

Improvement axes

Confidentiality of the bank data is not guaranteed uniformly: information such as trigrams but also secret passwords are stored uncoded,
Bank data flows are not protected: it is possible to eavesdrop a flow with sensitive data on the network of the company,
Quite a lot of environments are still using generic accounts,
Production data are used by some services for tests without anonymity,
Service heads are thus little aware of the protection of bank and personal data.

The global level of bank data protection is assessed at considerable reservations (scale: satisfactory, to be improved, considerable reservations, unsatisfactory).

«
Start
Prev
1
2
Next
End
»

BlueKrypt

Context

Positive points

Improvement axes

Services

Case Studies

e-Voting Solution

Cryptographic Length

2009 Election of UCL Rector

Élections sociales 2012