Standard Chartered – one of the world’s leading international banks employing 30,000 people across 50 countries and 500 locations – is using the Citicus ONE web-based, automated risk management solution to monitor and drive down risk affecting global IT systems. The decision is part of Standard Chartered’s commitment to build an integrated, dynamic approach to information security and corporate governance driven by a better understanding of information risk across the business lifecycle.
Citicus ONE, developed by UK-based Citicus Limited, will help Standard Chartered to measure and analyse information risk so that they can focus investment and resources where they are most needed and will be most effective. Initially, Standard Chartered will use Citicus ONE across five very different core systems spread geographically. These range from a major mainframe-based branch banking system in Hong Kong to a mid–range front-office system for high-value trading and foreign exchange. If these initial trials are successful, Standard Chartered plans to role out Citicus ONE to its 50 top tier line-of-business applications globally.
"As one of the world's most international banks, leading the way in Asia, Africa and the Middle East, stringent controls around the privacy and security of customer information and the financial transactions they conduct is inherent in our business," said John Meakin, Group Head of Information Security at Standard Chartered. “However, rather than a ‘one-size-fits-all’ approach to global security policy, applying the same controls to every situation, we want to take a more dynamic and flexible view to determine the right level of security controls based on vulnerability, threat and impact. “Citicus ONE allows us to capture risk data and take an aggregate view of information security risk across the enterprise as well as to measure the impact of risk in one system on other related systems – so called dependency risk.”
Citicus ONE also meets two other key criteria for Standard Chartered. “As a web-based tool, Citicus ONE is easy to deploy and use by business and IT staff alike, thus avoiding bottlenecks in collecting data. Output is just as important and powerful graphical reporting functionality allows us to deliver clear presentations of risk and impact analysis in order to get buy-in at the highest level,” adds Meakin.
Banks have many years of experience and data in the areas of market and credit risk, but IT or information risk is a relatively new discipline. However, Citicus ONE is based on the well-proven FIRM (Fundamental Information Risk Management) methodology for managing information risk published by the Information Security Forum and based on some 14 years of data and research. Data is gathered through easy-to-complete scorecards about the risk status of business applications, computer installations, networks and systems development activities. Citicus ONE automatically quantifies and analyses the data to provide high-level risk charts, status reports and risk league tables based on five key factors - criticality, level of threat, business impact, special circumstances and control weaknesses. For example, there are 17 areas of control weaknesses that are measured from user capabilities and contingency plans to data-backup and physical security.
Citicus ONE also delivers important guidance on how to prioritise actions and drive the risk down to an acceptable level. “Threats to information systems are greater than ever and corporate governance initiatives such as Sarbanes-Oxley and Basel II are driving the demand to identify areas where information risk is unacceptably high,” says Simon Oxley, managing director at Citicus. “With Citicus ONE, IT and security managers can go to the Board and present strong and well-supported cases to target and optimise expenditure on security controls to reduce risk and achieve IT governance objectives.”
About Standard Chartered (www.standardchartered.com)
Standard Chartered employs 30,000 people in over 500 locations in more than 50 countries in the Asia Pacific Region, South Asia, the Middle East, Africa, the United Kingdom and the Americas. It is one of the world's most international banks, with a management team comprising 70 nationalities.
Standard Chartered is listed on both the London Stock Exchange and the Stock Exchange of Hong Kong and is in the top 25 FTSE-100 companies, by market capitalization. It serves both Consumer and Wholesale Banking customers. Consumer Banking provides credit cards, personal loans, mortgages, deposit taking and wealth management services to individuals and small to medium sized enterprises. Wholesale Banking provides corporate and institutional clients with services in trade finance, cash management, lending, custody, foreign exchange, debt capital markets and corporate finance.
For more information, contact:
Simon Oxley, Marco Kapp or Sian Alcock, Citicus Ltd
Tel: +44 (0)20 7203 8405
Peter Rennison or Alison Andrews, PRPR Limited
Tel: +44 (0)1442 245 030