Abstract
Over the past decades, the business environment in the banking sector has changed substantially. Financial service providers and direct brokers have entered the market for private customers. Insurances meanwhile offer investment funds and other products for retirement provision and companies that usually operate in other branches offer new services to customers (e. g. home-banking software of Microsoft). Faced with such increased competition, banks, in particular, pursued Customer Relationship Management (CRM) (Sackmann and Strüker 2005) as a strategy for canvassing new customers and optimizing existing customer relationships. This personalization has a serious side effect: the business of whole institutions depends on the availability, correctness and security of the infrastructure to run the services. Security and the relationship between customers and providers has become a critical issue for both to protect assets and to provide transparency.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Armour P G (2005) Sarbanes-Oxley and Software Projects. Communications of the ACM 48: 15–17
Basel Committee on Banking Supervision (2005) International Convergence of Capital Measurement and Capital Standards Retrieved December 12, 2005, from http://www.bis.org/publ/bcbs118.pdf
Basel Committee on Banking Supervision (2001) Working Paper on the Regulatory Treatment of Operational Risk Retrieved December 12, 2005, from http://www.bis.org/publ/bcbs_wp8.pdf
Booth D, Haas H, McCabe F, Newcomer E, Champion M, Ferris C et al. (eds) Web Services Architecture, W3C, Retrieved December 12, 2005, from http://www.w3.org/TR/ws-arch/
Brown W, Nasuti F (2005) Sarbanes-Oxley and Enterprise Security: IT Governance – What It Takes to Get the Job Done. Security Management Practices 14: 15–28
CERT (2004) CC Statistics 1988–2004 Retrieved January 1, 2006, from http://www.cert.org/stats/
Control Data (1999) Why Security Policies Fail. White Paper. Retrieved December 13, 2006, from http://www.mis.uwec.edu/keys/Teaching/is365/ 208770-BT%20Why%20Security%20Policies%20Fail%20-20000718.pdf
Cruz MG (2003) Modeling, Measuring and Hedging Operational Risk. John Wiley & Sons Ltd., Chichester
Deutsche Gesellschaft für Qualität (2001) FMEA – Fehlermöglichkeits- und Einflussanalyse. Beuth-Verlag, Berlin, Zürich, Wien
Faisst U, Kovacs M (2003) Quantifizierung operationeller Risiken – ein Methodenvergleich (in German). Die Bank 43: 342–349
Fontnouvelle P, Virginia DR, Jordan J, Rosengren E (2003) Using Loss Data to Quantify Operational Risk. Retrieved November 23, 2006, from http://www. bis.org/bcbs/events/wkshop0303/p04deforose.pdf
Gordon LA, Loeb MP, Lucyshyn W, Richardson R (2005) CSI/FBI Computer Crime and Security Survey 2005. Retrieved December 11, 2006, from http://i.cmpnet.com/gocsi/db_area/pdfs/fbi/FBI2005.pdf
Hilty M, Basin D, Pretschner A (2005) On Obligations. In: De Capitani di Vimercati S, Syverson P, Gollmann D (eds.) 10th European Symposium On Research In Computer Security. Springer-Verlag, Berlin, Heidelberg, pp. 98–117
Hölscher R (2002) Von der Versicherung zur integrativen Risikobewältigung: Die Konzeption eines modernen Risikomanagements In Hölscher R, Elfgen R (eds.) Herausforderung Risikomanagement. Identifikation, Bewertung und Steuerung industrieller Risiken, Wiesbaden: Gabler, pp. 3–31
Kletz T (1992) HAZOP and HAZAN. 3rd Edition, Taylor & Francis Inc, London
Lampson B, Abadi M, Burrows M, Wobber E (1992) Authentication in Distributed Systems: Theory and Practice. ACM Transactions on Computer Systems 10: 265–310
Lonvick C (2001) RFC 3164: The BSD syslog Protocol. Retrieved December 12, 2004, from http://www.rfc-archive.org/getrfc.php?rfc=3164
Müller G, Gerd tom Markotten D (2000) Sicherheit in der Kommunikationstechnik (in German). Wirtschaftsinformatik 42: 487–488
Müller G, Eymann T, Kreutzer M (2003) Telematik- und Kommunikationssysteme in der vernetzten Wirtschaft (in German). Oldenbourg, München, Berlin
New D, Rose M (2001) Reliable delivery for syslog. RFC 3195. Retrieved April 23, 2004, from http://www.faqs.org/rfcs/rfc3195.html
Österle H, Bach V, Schmid R (2000) Mit Customer Relationship Management zum Prozessportal (in German). In: Bach V, Österle H (eds.) Customer Relationship Management in der Praxis. Springer, Berlin, pp. 3–55
Piaz JM (2002) Operational Risk Management bei Banken (in German) Versus, Zürich
Puschmann T, Alt R (2004) Process Portals – Architecture and Integration In: Sprague, R (ed) Proceedings of the Thirty-Seventh Annual Hawaii International Conference on System Sciences. Hawaii, 05.01.2004, Los Alamitos (CA)
Roßnagel A (2005) Verantwortung für Datenschutz (in German). Informatik Spektrum 28: 462–473
Schierenbeck H (2001) Ertragsorientiertes Bankmanagement (in German). Band 2: Risiko-Controlling und integrierte Rendite-/Risikosteuerung. 7th Ed., Gabler, Wiesbaden
Sackmann S, Strüker J (2005) Electronic Commerce Enquête 2005 – 10 Jahre ECommerce: Eine stille Revolution in deutschen Unternehmen (in German). Institut für Informatik und Gesellschaft, Telematik, Universität Freiburg. KIT-Verlag, Leinfelden
Sackmann, S, Strüker, J, Accorsi, R (2006) Personalization in Privacy-Aware Highly Dynamic Systems, Communications of the ACM Vol. 49 (9), 32–38
Schneier B, Kelsey J (1999) Security audit logs to support computer forensics. ACM Transactions on Information and System Security 2: 159–176
Sloman M (1994) Policy Driven Management For Distributed Systems. Journal of Network and Systems Management 2: 333
Smith B (2005) Protecting Consumers and the Marketplace: The Need for Federal Privacy Legislation. Retrieved Sept. 12, 2006, from http://download. microsoft.com/download/c/2/9/c2935f83-1a10-4e4a-a137-c1db829637f5/ PrivacyLegislationCallWP.doc
Subirana B, Bain M (2005) Legal Programming: Designing Legally Compliant RFID and Software Agent Architectures for Retail Processes and Beyond. Springer, New York
Vaughan E (1997) Risk Management. John Wiley & Sons, Inc., New York
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Müller, G., Sackmann, S., Prokein, O. (2008). IT Security: New Requirements, Regulations and Approaches. In: Seese, D., Weinhardt, C., Schlottmann, F. (eds) Handbook on Information Technology in Finance. International Handbooks Information System. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-49487-4_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-49487-4_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49486-7
Online ISBN: 978-3-540-49487-4
eBook Packages: Business and EconomicsEconomics and Finance (R0)