Paper 2 : Construction of Security Policy for Banks
By - V.P.Gulati, K.R.Ganapathy, Ashutosh Saxena and M.V.S.Prasad 

This working paper sets computer security policies and procedures for Indian Banks and Financial Institutions.  The paper lists issues and factors that an organization must consider while deciding on the policies.  In order to have an effective set of policies and procedures, organizations will have to make many decisions, then communicate them and implement the policies.

This document is not directed at programmers or those trying to create secure programmes or systems.  The audience of this work are System Administrators and Decision Makers in the Banks. 

Paper 3 : Electronic Commerce and Banks in India
By - V.P.Gulati, K.R.Ganapathy, Ashutosh Saxena and M.V.S.Prasad 

Continuing advances in IT and its prominent role in commerce leads Financial Institutions towards E-commerce.  In this work, we have defined E-commerce and tried to identify the driving forces for the phenomenal growth of E-commerce globally.  We also discuss critical issues for E-commerce in the country and the role banks can play.  

The paper also presents initiatives taken by the Government and activities carried out by RBI and IDRBT in this direction.

Paper 4 : An Approach To Establish Data Warehouse For Banks In India
By - P. Radha Krishna

Operational data is the source for all business intelligence applications, but most of  the times, the data isn't in the correct format to support the decision making process. Moreover, now-a-days, banks are storing more information than ever before.  Decision makers must have the right information at the right time to help them make more informed and intelligent decisions. 

The data in the operational database represents current transactions, however, the decisions are based on a different time frame; that is, there is no time component.  On the other hand, data in operational databases are stored with a functional or process orientation. What really decision-makers would like to have is subject orientation of data, which facilitates multiple views for data and decision making. Data Warehousing  and  Data Mining are the right solutions for this purpose.

One of the main goals of implementing a data warehouse is to turn the wealth of corporate data into information that can be used in the daily decision making process.  Dr. Vasudevan Committee on Technology Upgradation in the Banking Sector recommended that all banks should put in place their Data Warehouse strategy by January 1, 2001. 

In this paper, we highlight the need of data warehousing and data mining for banks and provide an approach to build the warehouse suitable to banks.

Paper 5 : Technology for Forex Risk Management - Delta Normal Method for Risk Analysis
By - Aditya Gaiha and Supriya Kumar De

Risk management is a relatively new concept in the Indian Financial system. With the globalization of markets, including money markets, debt markets, forex markets and the like, risk management has become one of the essential elements of modern portfolio management. World over, the subject of risk management is still in it’s infancy. Various methodologies ranging from the thumb rules of business intuition to the most complex analysis using neural networks and artificial intelligence have been developed and implemented with varying degrees of success all over the world.

The concept of risk management and the more specific concept of asset liability management are being perceived as one of the important tools to be used by the majority of players in the Indian Financial Sector for being able to maintain their positions and move onto becoming major players in the international financial markets. With growing globalisation and opening up of the economy, forex risk management becomes a key performance area for banks as financial institutions and banks in India will commence to cater to a growing need of forex transactions of their customers.

 The paper tries to crystallize some of the methods, which could be utilized in dealing with forex risks. The paper also argues about the relevance of the methodologies employed in the analysis and their relative advantages and disadvantages over other possible methodologies. 

Paper 6 : A Framework for Smart Card Payment Systems
By - Ashutosh Saxena and Aditya Gaiha

This work is a compilation of current knowledge relating to a new technology known as Smart Card. We begin by understanding the various physical and technical characteristic features of Smart Cards and then move on to various operational issues involved in setting up of a Smart Card-based Payment System. 

We present a foundation for understanding Smart Cards and follow it up by specific application software that is required for understanding the technology -- and challenges -- associated with the uses of Smart Cards for banking applications. Java Card and Windows for Smart Cards (WfSC) have also been separately discussed.

The paper concludes with an overview of Smart Cards for Payment Systems in the country (SMARS) along with emerging scenarios, and also focuses on the prevailing multi-application on Smart Card. 

Paper 7 :  A Framework for IT Security Policy
By - Ashutosh Saxena and V.P.Gulati

Information is an important asset, which like other business assets, is of immense value to an  organization.  Therefore, it needs to be suitably protected.  Information security is achieved by framing a suitable set of policies and procedures. In this work, we present a Framework of IT Security policy by suitably classifying the security policy into three levels.

The first and foremost is the top-level security policy, which outlines a clear direction to the information security needs of an organization.  The second is the security architectural policy, which is developed in accordance with the top-level security policy and consists of various components of the security profile. The third, security operational policy provides specific guidance on allocation of security roles, responsibility, do's and don'ts within the organization. 

We conclude with a criteria for evaluating a security policy and remarks on interpretation and publicizing the IT security policy and methodology to define the security policy.