The activities related to Risk Management Framework are paramount to an effective mobile money security program and can be applied to both new and legacy information systems within the context of the mobile money system development life cycle.
Our all-round Risk management approach not only addresses effectiveness & efficiency in selection & specification of security control criteria, but also considers the MFS constraints such as applicable laws & regulations related to providing Mobile financial services, directives, Executive Orders, & other organizational policies. We consider RMF to be an integral part for an effective mobile money security program, which provides a disciplined & structured process to integrate information security & risk management activities into the mobile money system development life cycle. Our RMF services, to select & specify the appropriate security controls revolve around the following steps;
Based on an impact analysis, initially, we categorize the mobile money information system and the information processed, stored, and transmitted by that system.
2. Selection of security controls
In this step, we select an initial set of baseline security controls for the mobile money information system based on our organization assessment of risk and local conditions.
3. Implementation & Documentation
Now we implement the security controls and document how the controls are deployed within the
mobile money information system & mobile money operations.
We further move on to assess security controls using appropriate procedures whether the controls are implemented correctly, operating as intended, and producing the
desired outcome with respect to meeting the security requirements for the mobile money system.
After complete assessment & satisfaction, we authorize mobile money information system operations considering that this risk is acceptable.
6. On-going basis Monitoring & Reporting
Finally, we monitor selected security controls on an on-going basis in order to assess effectiveness, documenting changes to the mobile money system or environment of mobile money operation, conducting security impact analyses of the associated changes, and thus reporting the security state of the mobile money information system to appropriate organizational officials.