TopIntroduction
Besides the economic aspect which affects the level of investment in IT infrastructure, from the standpoint of system availability, there are regulations that require some security controls in many industries. These regulations require investments in IT infrastructure even in cases when there is no economic justification but have a positive effect on raising the availability of IT systems.
For instance, IT systems in financial institutions are subject of regular audits by independent auditing companies which mostly rely on international standards for the management of IT systems. This is the indirect way of setting the requirements to align IT systems of financial institutions with these standards. It happens that the implementation of certain requirement of these standards has no economic justification, but its implementation reduces the risks of IS and increases system availability. An overview of some regulations and standards that banks must be in compliance with and that have direct impact on implementation of controls that improve system availability will be given in this chapter.
This chapter is composed of two parts: the first part presents the standards that are directly related to financial institutions and refer exclusively to them (Basel II and the payment card industry data security standard); second part considers standards for IS security management in general and can be applied on firms in all industries (ITIL, COBIT, ISO/IEC 27001:2013). Karkoskova & Feuerlicht (2015) pointed out that ITIL and COBIT have similar objectives that include maximizing return on Investment, value creation, and IT investment optimization, leading to achievement of competitive advantage by using advanced IT technologies.