Basel III Summary and SSH Key Based Authentication
The Basel accords (known as Basel I, Basel II, and Basel III) comprise a set of international standards that the capital reserves banks must maintain in order to weather the potential consequences of financial and operational risks. Given that banking operations are highly IT intensive, the Basel committee determined that IT governance, risk and compliance (GRC) must play a role in determining risk adjusted capital reserve requirements.
Basel III uses a "three pillars" concept:
minimum capital requirements (addressing risk)
All three pillars are underpinned by and pose requirements on the IT systems.
ContentsBasel III IT Operational Controls Secure Shell (SSH) Related Requirements Comparing Basel II and III Download the White Paper to Learn More
Basel III IT Operational Controls
Basel III places several demands on IT. The first and foremost is to minimise operational risk arising from the IT infrastructure and its management.
In short, a bank operating with substandard IT controls requires greater capital reserves in order to compensate for the increased operational risk. Thus, Basel II establishes incentives for banks around the world to maintain robust operational controls over their IT operations. It should be noted that Basel II does not create a new set of standards for IT operational controls. Instead, the Basel committee determined that the COBIT framework would provide the basis for these controls.
Secure Shell (SSH) Related Requirements
Because Secure Shell is pervasive in IT operations and has the potential to create great operational harm if misconfigured, the Basel II control objectives for IT security also include requirements that pertain to Secure Shell and particularly SSH key based access. Read the white paper for more details.
Comparing Basel II and III
Basel III is an extension of the existing Basel II Framework, and introduces new capital and liquidity standards to strengthen the regulation, supervision, and risk management of the whole of the banking and finance sector. While Basel III does not introduce any new IT-related controls or requirements as such, the increasingly stringent standards in other areas further raise the importance of sufficient IT risk control measures.
Download the White Paper to Learn More
To learn more about how to map Basel III Risk Event Types to IT Related Risks and COBIT Processes/Controls as well as what is the role of sound Secure Shell practises in meeting the Basel IT security requirements, please download our comprehensive Basel III Compliance white paper.