Information Security

Pakistan’s growing and dynamic banking sector is essential for revenue generation in the country because growth in the banking sector and the real economy mutually reinforce each other. The banking sector constitutes the core of the financial sectors in Pakistan. Private sector investment and consumption should be seen as the key drivers of the revenue generation and must be supported by growing financial intermediation and services, including not only banks but also non-bank financial institutions. 

Parallel to this constructive growth, Computer crime is on a rise and can broadly be defined as criminal activity involving an information technology infrastructure, including illegal access), illegal interception misuse of devices, forgery (ID theft), and electronic fraud.

In Pakistan where there is not much awareness in the common people about the online systems; things are sketchy and very vulnerable. Online banking, credit cards, and online shopping are making inroads in the common Pakistani lifestyle and middle class is getting drawn to it. But there is no awareness at all about the security of the information in the country. I hope that at least the financial institutions offering such services online would take this upon themselves to educate their customers about cyber safety and information security. We need to be very careful online.

Around the World, organizations are facing cumulative pressure to improve the security of the information they process and the sensitive data they handle. As the governments are passing more information security laws and legislations, the financial sector is bound to adhere to them in order to protect all the stakeholders of an organization against cybercrime.

Sectors such as banking and other financial installations need to secure its sensitive data so that they do not fall victim to data theft. With the growth of our financial sector in Pakistan, banking in particular, the customers are demanding the evidences of sound information security practices so they may secure their banks accounts and sensitive information. Similarly, all the organizations who have large databanks, such as software houses and IT companies try their level best to secure their information.

In order to counter these breaches, companies can adapt an effective way of attaining a certification specifically designed to help them secure their information and data. ISO 27001 is the information security management system simply known as ISMS. When properly managed it allows you to operate with confidence. Information security management gives you the freedom to grow, innovate and broaden your customer-base in the knowledge that all your confidential information will remain that way.

Having ISO 27001 Certification will be a requirement to do business in many different verticals.  Your competitors are most likely already looking at or moving toward ISO 27001 Certification. 

Holding an ISO 27001 Certification is widely accepted proof of a reliable, defensible, standards-based information security posture. It confirms to both management and clients that your organization is proactively managing its security responsibilities.

Defensibility and valid risk assessment means the organization can easily defend and justify its choices to management, customers and regulators.

With such requirements, Clear communication assists the management gain a clear window into the results of its security investment, and better insight into which security processes are working well and which need improvement.  This increased visibility helps to make the case for the information security group and often can serve as a model for other parts of the organization.

ISO 27001 Certification is a dynamic process, requiring at least annual audits and periodic renewal of the certification.  This offers independent proof of ISMS adequacy and the ongoing benefit of continuous process improvement.   It offers clients and management proof that the ISMS continue to meet its security responsibilities.

Knowledge of financial technology, its benefits and especially its detriments are never given enough attention in Pakistan in order to protect our citizens from lasting damages. We must take the necessary steps to safeguard our Information security system.