CITI-GROUP INFORMATION TECHNOLOGY RISK ASSESSMENT

Citi-Group Information Technology Risk Assessment



Abstract

In an on-demand centered banking world, a customer's use of the Internet has improved the quality of banking services rendered. It has created a trade-off between giving clients the best possible service and protecting their vulnerability to malicious attacks. This report is centered on Citi Group's risk assessment to the possible threat of IT fraud. This report will bring to light the importance of Citi Group's risk management and its integration that yields its new policies concerning IT fraud. Further more, the risk assessment will identify the threats and vulnerabilities of the current systems to fraud and determine the adequate control schemes. Then, mitigation strategies to lessen these threats will be discussed and a result of this will yield recommendations for Citi Group. Lastly, this report will be a good resource tool for companies seeking improvements in their security of information and sensitive data. Invariably, this report points out the visible threats the public is vulnerable to due to the new banking innovations and elaborates on the control and mitigation strategies.

CITI-GROUP Information Technology Risk Assessment

Introduction

Security of networks and systems operating in business organizations is of paramount importance to all business engaged in electronic commerce and online commerce (Lawrence et. al. 2006). In an increasingly connected world where most organizations have connection to the internet, security is most wanted and security management is needs to be done in a well-organized and systematic way as it will have a direct impact on the organization itself.

The essay sets off with a critical review of the term security in the context of information systems, which illustrates the treats and risks arising from extensive use of information systems. Then, through a case study of banking giant Citibank, the essay addresses which security measures and how security management's are conducted to subdue threats and risks by Citibank in securing its information system and business. In the end of the essay, another great emphasis is laid on an outlook of banking industrial, which discuss the challenges as well as the development of the industrial.

Discussion

The term “information security” means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide (Wiseman, 2008):

Integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity;

Confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and

Availability, which means ensuring timely and reliable access to and use of information.

Effective information security depends on taking a multi-layered approach, combining technical, organizational and legal countermeasures.

Security and Information Systems

Security and control of information systems is very important, however, often overlooked by some companies. Companies have to depend on information system to manager their core business. Once the information system have a security problem, company's information assets like confidential staff information, business secrets, and commercial development plan will be lost (Adam, 2003).

Risks of Accidents with Information Systems

Many people, particularly in managers assume that information ...