news.am, Armenia
Feb 13 2010

RA banks overlook IT security audit

13:40 / 02/13/2010Each bank using computers has to conduct an IT
audit, Belgian IT security auditor Alexis Hirschhorn told
NEWS.am-Innovation, adding that IT audit in Armenian banks is still at
a low level.

`Regular financial audit is carried out in Armenian banks, however
computers and financial software are not examined,’ expert said.

According to Hirschhorn, IT security audit gives possibility to assess
security of systems, networks, physical information security and
probable risks.

`IT audit enables to define actuality of available decisions and cut
expenses dramatically. In case of defects’ detection more viable and
optimal solutions will be offered,’ stated Hirschhorn. He also added
that banks planning the issuance of stocks should mandatory conduct IT
audit.

The expert noted that auditing allows to have a clear picture of the
bank’s information security level, emphasizing that not only equipment
auditing is carried out. `Audit also includes physical security of
servers, and listing of people having access to server room. In
addition, sensitivity level provided by the bank employees is
assessed,’ said Hirschhorn, stressing that sometimes employees put the
passwords on a piece of paper and post it on a keyboard in order not
to forget.

`Audit is a team work and we intend to cooperate with bankers,’
Belgian specialist stated, expressing hope that Armenian banks will
put a greater emphasis on IT security audit.

A.G.