The Importance of Information Security for Financial Institutions and Proposed Countermeasures

With a Focus on Internet-Based Financial Services

• Click on fsk0004b.pdf (83KB) to download the full text.

April 18, 2000
Bank of Japan

Overview

1. In recent years, the development of information technology (IT) has brought with it a rapid increase in the use of open network systems, as typified by the Internet, to provide financial services. Concurrently, proper management of information security risks such as the risk of service interruptions, theft or alteration of data, impersonation and other events resulting from unauthorized access to the computer system is rapidly becoming critical.
2. If these risks should occur and cause unauthorized remittances and service interruptions, not only could the business of individual financial institutions be adversely affected, but the entire settlement system could also be impacted. In order to ensure sound development of the financial services sector, while reaping the benefits from the remarkable advance of the IT revolution, it is vital for each financial institution to become thoroughly cognizant of the importance of information security, and to work for managing risk systematically throughout the organization in line with each situation, under the active involvement of management.
3. In this recognition, we have put together a list of points in this paper about the importance of information security and measures thereof in an effort to assist financial institutions in implementing appropriate information security countermeasures and safeguards.

Table of Contents

1. Introduction
2. The Heightening of Information Security Risks
   1. (1) The Move toward Open Systems and Information Security Risks
   2. (2) Impact on Financial Services
3. Formulating Information Security Policies
   1. (1) What Is Information Security Policy?
   2. (2) Efficacy of Information Security Policy
   3. (3) Establishing Information Security Policy as a Management Issue
4. Establishing Information Security Measures
   1. (1) Importance of Properly Combining Various Information Security Measures
   2. (2) Timely and Appropriate Incorporation of New Technology
   3. (3) Importance of the Proper Implementation of Information Security Measures
5. In Closing

Attachment

Checklist of Information Security Measures for Systems That Make Use of the Internet

For more details regarding information security issues, please visit the Web site of Bank of Japan's Institute for Monetary and Economic Studies, which contains a number of works on technical subjects such as encryption and authentication, and this web site for related works.