Risk and Security of Information Systems in the Portuguese Financial Sector

Abstract

This work follows the need of safety standards, update ISO27002:2013, in the major central banks of several European countries. This need has been studied by establishing a focus group that integrated European experts from major central banks. The analysis carried out was supported in the current methodology of information risk management, used by central banks in the safety management of information systems. This methodology is used to analyze and evaluate the adequacy of practices to risk management in the financial activity. The main objective was to present a proposal, sufficiently comprehensive and consistent, to a new risk management process of Information Systems within the European System of Central Banks. And a definition of a practical guide to risk management throughout the different stages of the Information Systems Life Cycle. The proposed model provides a higher degree of protection systems, technologies and information, especially in Central Banks, taking as reference the Portuguese Central Bank.