The Basel Accords are a set of international banking guidelines issued by the Basel Committee on Banking Supervision.
There are three versions of Basel standards:
- Basel I was issued in It is focused on credit risk and the appropriate risk-weighting of assets.
- Basel II was published in 2004. It establishes risk and capital management requirements to ensure that a bank has adequate capital for risk. Basel II consists of three pillars: minimum capital requirements, supervisory review and market discipline.
- Basel III was created in 2010 in response to the 2008 banking crisis. It requires differing levels of reserves for different forms of bank deposits and other borrowings.
Complying with BASEL II Information Security Requirements
It’s the first pillar of Basel II, minimum capital, which most affects information security staff in the banking industry. According to Computer Weekly, “capital requirements must align with a bank’s actual risk, and that includes Basel II operational risk and the risks that result from system failure, financial fraud and information security attacks, all of which information security professionals likely have a hand in assessing.”
It should be noted that there is no one size fits all Basel II compliance strategy. Banks put in place the specific Basel II regulations implemented in their own countries, rather than one overarching Basel II mandate. Therefore, a cyber security solution that helps a bank implement a comprehensive IT risk management plan is essential.
Lieberman RED – Rapid Enterprise Defense Identity Management is well suited for banks needing to reduce exposure to cyber security risks. RED Identity Management is a privileged access management solution. It automatically manages sensitive credentials and provides controlled access to high value systems with sensitive data.
RED Identity Management specifically addresses the security risk management aspect of Basel II compliance in the following ways:
- Segregation of duty – Split passwords into different segments for dual access. Assign each password segment to an authorized user at the appropriate time, in a fully audited manner.
- Maximum password age – Maintain change frequency standards for passwords
- Request/approval workflows – Configure password checkout workflows that quickly provide authorized users audited access to systems.
- Tracking access – Audit and document who accessed sensitive systems, when and for what purpose.
- Session recording – Fully monitor the activities of users who log into systems.
- SIEM integration – Tie individuals who have privileged access to the security events that they can trigger.
To learn more about how RED Identity Management can help your organization meet its BASEL II compliance requirements. Contact us today.