ECCB 2017-2018 Annual Report and Statement of Accounts

ECCB ANNUAL REPORT 2017/2018

40

Utilise Technology to Inform Data-Driven Decision Making External Security Risk Assessment of ECCB’s Network Infrastructure The ECCB conducted a vulnerability and penetration test of its network infrastructure to identify and confirm vulnerabilities to information systems from internal and external threats by attempting to penetrate defenses of the ECCB’s perimeter network infrastructure. The exercise also provided an independent assessment relating to the effectiveness of perimeter and web facing application security and its alignment with leading practice system network security processes and procedures. SWIFT Customer Security Programme (CSP) In fulfillment of a mandate by SWIFT to mitigate against the growing threat of cyber attacks by implementing mandatory security controls and new services to help prevent and detect fraudulent activity, the Bank complied successfully and attested to the SWIFT CSP before the 31 December 2017 deadline. Storage Area Network (SAN) Solution Upgrade The upgrade of the SAN solution was undertaken in the last quarter of the financial year 2017/2018. The upgrade allowed for increased performance and storage capacity across the storage network. Implementation of the ECCB’s Wi-Fi Solution The ECCB’s enterprise Wi-Fi Solution provides staff and authorised ECCB guests the benefit of a managed, seamless wireless solution allowing for connectivity throughout the ECCB campus without having to connect to each individual access point. The solution allows for redundancy and management of

bandwidth using multiple Internet Service Providers.

Develop Holistic Internal Risk Management Framework Office of Risk Management (ORM) During the year, the Bank advanced its thrust in the development and implementation of a comprehensive Enterprise Risk Management (ERM) Framework for the effective management of the various risk elements inherent to its operations. The ERM framework focuses on the major risk categories as outlined in the Bank’s Risk Appetite statement, namely: strategic, financial and operational risks. The Bank has deployed key risk management tools, such as the risk and control self assessments, risk registers and heat maps, to support the risk management functions across the Bank. The Executive Committee, supported by the Board Audit and Risk Committee (BARC), is responsible for the oversight of the operations of the ORM. Over the past year, the Bank spearheaded various initiatives aimed at improving its risk profile and advancing the implementation of its ERM framework. These included: •  • Bank-wide Risk and Control Self Assessment exercise; •  • Capacity building sessions across the Bank on areas pertaining to effective risk management; •  • Implementation of an assessment and reporting framework to aid departments in their risk management roles; •  • Development of a Business Continuity

Management System Policy to guide the re- engineering of the Bank’s Disaster Recovery and Business Continuity Programme;