Re: Core Banking Applications

[Tracy Bost <tbost () valocity com>]

I think you have made a valid point. There is value in having such as
list as the vertical industry typically has to deal with the
same compliance and security issues.
As in any mailing list, one would hope good judgment is made in the
amount of organization specific information given to the list.

- T

Beauford, Jason wrote:

> When asking the question, "how many people DO know about the kinds of
> systems working within a bank environment and how they interact", I
> didn't mean IT people.  Rather I mean the general population.  Sorry for
> not making that clear.
>
> I was only noting the possibility that information discussed on such
> list might leak sensitive information about which banks are running
> particular systems and hopefully the list admin would take that into
> consideration and closely monitor and maybe scrub that info if need be.
>
>
> -JMB 
>
>       |   -----Original Message-----
>       |   From: Barrie Dempster [mailto:barrie () reboot-robot net] 
>       |   Sent: Monday, September 26, 2005 5:21 PM
>       |   To: Beauford, Jason
>       |   Cc: Lbuchalski () bankinfosecurity com; 
>       |   security-basics () securityfocus com
>       |   Subject: RE: Core Banking Applications
>       |   
>       |   On Thu, 2005-09-22 at 12:59 -0400, Beauford, Jason wrote:
>       |   > The very first thing that popped into my head is 
>       |   "I don't know 
>       |   > anything about banking systems."  Then I wondered 
>       |   how many people DO 
>       |   > know about the kinds of systems working within a 
>       |   bank environment and 
>       |   > how they interact.  I answered "Probably not too many."
>       |   
>       |   So who runs these systems then, if hardly anyone 
>       |   knows about them ?
>       |   
>       |   Bank systems don't differ from any other companies 
>       |   systems, apart from a few select specialist apps 
>       |   (often in-house), but almost every company type has 
>       |   specialist apps like this. The difference with 
>       |   banking systems is that they are *generally* more 
>       |   competently put together, although not always. 
>       |   There are no "boxed bank" applications - their 
>       |   systems are generally built on existing solutions 
>       |   with in house modifications or designed by their 
>       |   internal team just like any other company. For 
>       |   example Internet banking systems exist where the 
>       |   front end is IIS, the app is coded in ASP and the 
>       |   backend database server is a SQL server. There are 
>       |   no secrets here. There are some process that people 
>       |   outside of the banking industry may not understand 
>       |   at a technical level, but do at a procedural level 
>       |   such as the BACS system in the UK. However this 
>       |   isn't secret information and the procedures for it 
>       |   are publicly available, the technical details come 
>       |   with spending some time working for a bank. Banks 
>       |   rely heavily on contractors in order to get 
>       |   projects through, usually a security check and 
>       |   credit check are required - just like many other 
>       |   companies, then you can quite happily work on a 
>       |   contract with a bank as a client.
>       |   
>       |   It's a kin to saying that you don't know anything 
>       |   about call centres because you've never seen a web 
>       |   based calling application. If you understand web 
>       |   technology and can understand how a business 
>       |   process translates to an IT system, the particular 
>       |   business type is unimportant.
>       |   Although most of these companies like to hire 
>       |   people that have worked in similar places as it 
>       |   lessens their burden of explaining the business 
>       |   processes. The important point is that the 
>       |   technology doesn't change, it's just used to 
>       |   support a different business process.
>       |   
>       |   There are many large banks and therefore many 
>       |   skilled IT guys working within these banks, in some 
>       |   countries (like mine - Scotland) the IT job market 
>       |   is dominated by the banks.
>       |   
>       |   --
>       |   With Regards..
>       |   Barrie Dempster (zeedo) - Fortiter et Strenue
>       |   
>       |   "He who hingeth aboot, geteth hee-haw" Victor - Still Game
>       |   
>       |   blog:  http://reboot-robot.net
>       |   sites: http://www.bsrf.org.uk - 
>       |   http://www.security-forums.com
>       |   ca:    https://www.cacert.org/index.php?id=3
>       |   
>
>
>