In what is termed a significant suggestion, Cyber Society of India has asked the Reserve Bank of India (RBI) to raise a pool of ‘empanelled information security auditors' across the country. They could then be deployed or allotted to different banks like the RBI allots statutory auditors.
“All the banks do not have a proper information security policy and audit system. They have their own internal audit. Or, they get audited through their own known auditors,” according K. Srinivasan, President of the Cyber Society of India.
Mr. Srinivasan said the Cyber Society had asked the apex bank to empanel information security auditors based on specified minimum qualification and experience. “After auditing the banks, they could submit the report to the RBI and banks. This will improve the quality of information security audit,” he felt. From this year onwards, that is, March 2012, all banks are required to declare their information security status (IS) in their annual reports as per the Gopalakrishna Committee report. This is for the first time that the banking industry is going to declare such IS status. “Hence, an audit by competent RBI-nominated IS auditors may improve the quality of information security in banks,” he said.
The Cyber Society of India also wanted RBI to issue a fiat to all banks, making it mandatory for them to send out mobile alerts to their clients on withdrawals.
At present, mobile alerts are given by banks only on request. “Even educated customers are not aware of this facility.
Many cyber crime police cases could have been avoided, if the customers had a mobile alert,” Mr. Srinivasan said. Customers should get mobile alerts by default. “Only if they do not want, they have to request the bank, like ‘do not disturb' model,” he pointed out. “We are in the initial stage. Customer awareness is very low. Even a remote rural person is having credit and debit cards. All these justify the importance of information security to protect the interest of the customers," he added.