Initial situation
Financial service providers need to address the issue of information security far more intensely than they have in the past. Digitalisation of the bank’s value chain and the interlinked sourcing networks in the financial sector are both a blessing and a curse. The economic and procedural benefits thereof have to be balanced against the risk of exposure to data loss, something which is becoming increasingly hard to manage. The fact, that foreign states now openly finance the theft of data is pushing the issue of information security high up the agenda of banks. We are seeing that the common approach of focusing firstly on the technical/procedural side of information security and secondly on the diametrically opposed issue of selectively running awareness programs, is clearly not going far enough. An article by Prof. Dr. Lutz Kolbe (University of Göttingen) und Marcel Dreyer (COMIT) on this matter was published in the April edition of Schweizer Bank. Article
The Göttingen reference model for information security
In cooperation with the chair in Information Management at the University of Göttingen and the Direct Management Institute/Competence Center Sourcing at the University of St.Gallen, COMIT is now developing approaches and methods to better meet these challenging requirements. The result will be the "Göttingen reference model for information security". This will address the issue of information security in a considerably more comprehensive management approach, following both the spirit of the Business Engineering Model published by the University of St.Gallen and the findings of the Competence Center Sourcing.
COMIT's extensive approach to consultancy
On the basis of the Göttingen reference model, COMIT is developing an approach which considers the robustness of information security in a far more comprehensive and integrated way than it is currently the case. An assessment phase lies at the very heart of this approach. This phase puts an institute's information security through its paces in an integrated maturity test. The test is a modular process based on the dimensions of strategy, process, system, people and culture. Metaphorically speaking, it opens up a 360° view on an institute’s information security. The use of a highly integrated assessment tool, which indicates any need for optimisation in the critical areas of action through gap analyses, ensures this result.
The USP’s of the COMIT approach to consultancy
Focusing on the financial industry
Banks and financial providers have specific needs when it comes down to the confidentiality of customer data. Operating exclusively in the financial industry, COMIT has a proven and appropriate consulting track record.
Comprehensive and consistent approach
Both model and consultancy approach are focused on strategy, process, system and also the socio-cultural dimension in the sense of Business Engineering. The resultant consultancy framework allows for a 360° view and guarantees therefore the level of decision-making certainty required.
Focusing on networking
The structures currently used, some of which are highly networked, make information security an increasingly challenging job in all areas of a bank. The assessment modul includes both in- and outsourcing aspects. Findings from the work carried out by the Competence Center Sourcing are incorporated at this point.
Focusing on people + culture
People and corporate culture have a huge influence on information security and how security incidents are handled in a company. The analysis approach therefore considers this dimension in depth.
Cooperation between science + business
The model and consultancy approach are being developed in collaboration with the Universities of Göttingen and St.Gallen (Competence Center Sourcing/DMI) and is therefore based on the very latest and combined findings and experience from science and business.
Roadmap
During the 2nd quarter of 2010, the COMIT consultancy approach will be put through a pilot test and will be launched during the course of the 2nd semester.
Contact:
Marcel Dreyer
Senior Management Consultant
marcel.dreyer@comit.ch