Banking Security and Control Objectives

Questions and Answers

What is a major concern for banks when it comes to online transactions?

• Security threats and risks (correct)
• Profitability and revenue
• Data encryption
• Marketing and advertising

What is the primary objective of data confidentiality?

• To protect sensitive information from unauthorised access (correct)
• To reduce online security costs
• To provide access to all online systems
• To increase online transaction speed

What should banks evaluate when adopting an encryption solution?

• The speed of the encryption process
• The type of encryption algorithm to use
• The cost of the encryption solution
• The security requirements associated with their internet systems (correct)

What is the purpose of establishing a security strategy for banks?

To provide assurance that online login access and transactions are adequately protected and authenticated (A)

What type of risks do banks face when conducting online transactions?

Denial of service attacks, spamming, spoofing, and other forms of malware (B)

What is the primary purpose of encryption in banks' online systems?

To protect sensitive information from unauthorised access (D)

What should banks consider when selecting encryption algorithms?

Algorithms that are well-established international standards (A)

What is the most important aspect of data encryption?

The protection and secrecy of cryptographic keys (C)

Who should have access to the cryptographic keys?

No single individual should have complete access (D)

What determines the frequency of key changes?

The sensitivity of the data and operational criticality (A)

What is the primary application of cryptography?

Protecting the integrity and privacy of data for a specified time (D)

Where should the encryption security of the customer's PIN and other sensitive data be maintained?

At the application layer (D)