Evaluating The Efficiency of The banking Accounting Information Systems in Protecting The Data And Information
Abstract
This research aims to identify the risks and problems resulting from modern techniques used in banks, and to investigate the protection measures which are represented by administrative, technical, and monitoring procedures and policies applied in banks and which enhance the efficiency of information systems.
As a means to realize and achieve its objectives, the research presented the concept of information systems efficiency, and the factors influencing this efficiency, in addition to the actual status of the electronic work environment in Syrian banks and services offered by these banks to their clients. The researcher also demonstrated the risks and threats facing the uses of technology in general and in banks in particular in terms of using the global networks- Internet – thus shedding the light on risks that cannot be overcome unless by taking action, and applying some principles-the researcher focused here on COBIT and ISO standards (27001) and (27002).
The researcher has chosen the Real-Estate Bank and Audi Bank as a sample of her research. She studied the extent to which these banks were affected by the uses of information techniques, and the risks that they were exposed to, and also the administrative, security and technical procedures taken to reduce the risk of technology uses. This was done through analyzing and assessing the actual status of information and data security by comparing the data of practical reality with safety standards specified by the appropriate authorities.
Necessary data related to the accounting information systems used in the sample banks were collected from the managerial reports and statistics beside interviewing staff concerned in information and data security. In addition to that, some experimental trials were carried out, like Acunetix Website Audit, in oreder to know the number of penetrations and gaps that can occur and through which they can determine the level of protection in some electronic bank transactions.
The research concluded that the efficiency of accounting information systems to offer security for bankers is relatively limited, and that it could have been better. These systems were not able to reach an advanced level of safety objectives through their security policies and procedures.
تقييم مدى قدرة نظام المعلومات المحاسبي المصرفي على حماية البيانات والمعلومات (دراسة مقارنة)
هدف البحث إلى التعرف على المخاطر والمشاكل الناتجة عن استخدام البنوك والمصارف للتقنيات الحديثة وما هي إجراءات الحماية المتبعة متمثلة بالسياسات والإجراءات الإدارية والفنية والرقابية المطبقة في المصارف والتي تعزز من كفاءة نظم المعلومات.
تم بلوغ هدف البحث من خلال عرض واقع بيئة العمل الالكتروني بالمصارف السورية والخدمات التي تقدمها المصارف لعملائها، كما قام الباحثان أيضاً، ببيان المخاطر والمهددات التي تجابه استخدامات التقنية بصورة عامة وبالبنوك بصفة خاصة وذلك في ظل استخدام الشبكات العالمية:(الإنترنت) فتفتح بذلك نافذة على مخاطر لا يمكن التغلب عليها إلا باتخاذ إجراءات وسياسات وتطبيق معايير محددة, حيث تمَّ التركيز هنا على معيار الكوبيت والآيزو (27001) و(27002).
اتخذ الباحثان المصرف العقاري ومصرف عودة عينة لدراستها لمعرفة مدى تأثرها باستخدامات تقنية المعلومات والمخاطر التي تتعرض لها، ولمعرفة الاجراءات الإدارية والأمنية والفنية المتخذة للحد من مخاطر استخدامات التقنية, وذلك من خلال تحليل وتقييم واقع حماية المعلومات والبيانات عبر مقارنة معطيات الواقع العملي لها بمعايير الأمان المحددة من المرجعيات المناسبة.
تم جمع البيانات والمعلومات اللازمة عن أنظمة المعلومات المحاسبية المستخدمة في المصارف عينة الدراسة من خلال التقارير الإدارية والإحصائيات، والمقابلات الشخصية مع العاملين ذوي العلاقة بأمن المعلومات. كما أُجريت بعض الاختبارات التجريبية كاختبار Acunetix Website Audit لمعرفة عدد الاختراقات والثغرات التي يمكن حدوثها والتي يمكن من خلالها تحديد مستوى الحماية في بعض العمليات المصرفية الإلكترونية.
وخلص البحث إلى أن كفاءة نظم المعلومات المحاسبية في تحقيق الأمان لـلمصرفين محدودة نسبياً، وكان من الممكن أن تكون أفضل, فهي لم تتمكن من بلوغ مستوى متقدم من أهداف الأمان من خلال سياساتها وإجراءاتها الأمنية التي كانت رسمتها.
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
-
The authors retain the copyright and grant the right to publish in the magazine for the first time with the transfer of the commercial right to Tishreen University Journal of Research and Scientific Studies - Economic and Legal Sciences
Under a CC BY- NC-SA 04 license that allows others to share the work with of the work's authorship and initial publication in this journal. Authors can use a copy of their articles in their scientific activity, and on their scientific websites, provided that the place of publication is indicted in Tishreen University Journal of Research and Scientific Studies - Economic and Legal Sciences . The Readers have the right to send, print and subscribe to the initial version of the article, and the title of Tishreen University Journal of Research and Scientific Studies - Economic and Legal Sciences Publisher
-
journal uses a CC BY-NC-SA license which mean
You are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material
- The licensor cannot revoke these freedoms as long as you follow the license terms.
-
Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
-
NonCommercial — You may not use the material for commercial purposes.
-
ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
