Information Security Management
FirstBank in furtherance of its information security risk management integrated approach has adopted the ISO 27001 standard, which has a fundamental objective to ensure the confidentiality, integrity and availability of its information assets.
Information assets are a critical asset of the Bank and require adequate protection at every point. FirstBank considers the protection of its information assets critical to its business continuity and sustenance. Information security management department has been charged with the responsibility of building an integrated information security management system that will ensure that information assets are adequately protected at all times. Commitment to this responsibility is shared by both the Board and all staff of FirstBank.
The Board has overall responsibility for managing information security through its information security management system.
FirstBank, through its information security management, is continually putting in place structures to help protect its information assets and create an assurance for investors. FirstBank recently set up its information security forum (ISF). The forum serves as a regular meeting arena for management staff to deliberate on security trends and emerging issues with assigned responsibility of establishing and maintaining organisation-wide information security (policy, standards and procedures) and ensuring staff compliance with these standards.
1 Risk mitigation
The major security challenge faced by the Bank this financial year was the disclosure of confidential information (PINs and passwords) by customers as a result of phishing attacks. FirstBank has taken steps to ensure that customers' accounts and confidential information are safeguarded through the following means:
- FirstBank migrated its debit card customers to EMV (chip cards).
- Introduced two factor authentication (tokens) for its internet banking customers.
- Introduced customer awareness 'Secure use of its automated teller machines (ATMs)' through the distribution of awareness posters and flyers across its branches.
- Introduced a section on security tips on the Bank's website to educate customers on safe use of internet banking services.
FirstBank will continue to improve on its information security and align its processes to international standards to ensure that its customers and staff operate in a safe and secure environment.
