Jump to content

Get Your
Free 30-Day Trial WhatsUp Gold

Basel II

Supporting Operational Risk Management of Financial Data in Global Banking Institutions

The Basel II Accord provides recommendations on an international standard of banking practices that regulators can use to manage capital and operational risks in global financial institutions. From the perspective of IT organizations, the focus is on the measurement and management of internal operations risk. Like in the case of Sarbanes-Oxley, section 664 of the original Basel Accord mandates that senior management must be involved and have sufficient oversight of the operational risk management framework. This includes providing sufficient resources to control and audit of operational risk processes in the major business lines.

With financial information being used, stored and transmitted within the IT environment, network security and health monitoring is crucial to manage the operational risks of data loss or compromised data integrity. Both the WhatsUp family of Event Log Management solutions as well as the WhatsUp Gold family of infrastructure and applications monitoring and management products offer support towards complying with the broad recommendations of the Basel II practices. Some illustrative examples of how each of these product families support Basel II compliance efforts are provided below:

WhatsUp Log Management:

  • Comprehensive collection and storage of user and system activity and access across all infrastructure that is  involved in financial data processing, storage and reporting
  • Real-time views of event log data enabling spot check audit and analysis to validate that adequate security operations processes are in place
  • Forensic analysis of stored event log data to support detailed compliance audits and security breach investigations
  • Secure storage of key event log files using cryptographic methods to alert to any kind of tampering 

WhatsUp Gold Infrastructure and Application Management:

  • Single platform coverage of all infrastructure components supporting financial information usage and reporting for enhanced correlation and insight
  • Monitoring of all access points on the network (physical and wireless) to prevent unauthorized connections
  • Identification and alerting of internal (e.g. after a virus intrusion) or external (e.g. denial of service) attack incidents, and initiation of problem triage leading to their resolution
  • Maintaining the health of infrastructure and application assets and ensuring secure access to protected health data and management information as required