Security Strategy and Memo
irongeek
GAPP1.docxThe Key Issues/Challenges/Risks from The Case Study
From the study presented, Bank Solutions was developed to perform the following major activities:
1) Was to act as item processing provider
2) Offer services to other commercial banks
3) Offer services to savings as well as loan associations
Moreover, the bank was to perform the following additional tasks; “provide a full range of services not limited to in-clearing as well as proof of deposits (POD) processing, the caption of images, return as well as exception processing of items, retrieval, and storage and finally rendering of statements to the customers” (Camara, Crossler, Midha, & Wallace, 2011).
The Bank solution, however, has not been able to expand to other parts of the United States due to various challenges facing its operations.
a) First, the bank has not been in a good environment to compete with other financial institutions due to its under development in technology. For instance, as a result of the crisis resulting from loan saving and borrowing procedures within the bank, savings, as well as loan customer base, declined for approximately six consecutive years.
b) Based on the review of the bank’s Disaster Recovery and Business Continuity Plan (DRBCP) by the risk assessment team, the team identified the following gaps to the bank’s operations
1) The important participants of the bank lack a copy of the recovery strategy. Implying that they cannot help in case of a catastrophe since they are not aware of how to go about it. Furthermore, the staff or some of the Bank Solutions executives have not been trained in how to apply the recovery plan in case of a disaster.
2) From the study, it is also noted that some of the senior staff in the bank misuse their powers. For instance, events logging is carried out when power users carry out certain privileged events on servers of bank production as well as authority back-office computers. Indicating that the staff of the bank is not maintaining high standards of data integrity as expected. Furthermore, multiple of the same power users with their events captured in the logs seem to have logs themselves. Therefore, it is easy to see that the integrity of system users at the bank is on trial.
3) Although from the study we have been informed that the Bank Solution has developed a robust host-based Intrusion Detection Systems (IDS), neither Disaster Recovery and Business Recovery Plan nor any security measure, including escalation points of contact as well as methods for taking care of the forensic quantity of logical evidence has been implemented. Therefore, leaving a gap for intruders to penetrate the Bank Solutions’ system and possibly interfere with its data confidentiality.
Security Strategy to Mitigate the Issues/Challenges Identified
To help mitigate the challenges above, Bank Solutions can adapt the following strategies to mitigate the issues.
a) The bank should come up with a list of workers with permission to access “recall backup tapes from the off-site storage vendor.” By doing that, the bank would do away with everyone having access to the same. Also, it would ensure proper storage of the tapes. Unlike where the executives store the tapes at their homes or even at the back of the bank where they are not secure. Moreover, developing an advanced system for generating a listing of access to logs servers to be sure data and information integrity as well as confidentiality is maintained (Pufahl, 2017).
b) For the case of disaster recovery and business recovery plan documents, the bank must ensure distribution of the copies to almost every staff of the bank. The aim is to guarantee that each staff can give their opinion on the same and propose change where necessary. Moreover, it would ensure that in case of a catastrophe, all members are aware of how they can react to ensure business continuity (Crocetti, 2017).
c) The database administrator of the bank needs to come up with excerpts from the intrusion detection systems as well as ensuring the firewall works, to control event logs and as well as keeping the executives’ logs manually and safely for tracking purposes.
d) Important for the bank to come up with well-defined policies, guidelines, procedures, and standards connected to response to insecurity issues. Insecurity issues may include attacks from intruders or hackers. Hackers may be within or outside the bank. So, it is essential to keeps logs of the bank confidential accessible only to database administrators and bank managers if possible.
e) From the study, it has already been identified that the bank is unable to expand since it is facing stiff competition from other financial institutions who are using advanced information technology software. Therefore, it would be very critical for Bank Solutions to allocate funds and secure advanced systems to guarantee the best services to their customers as well as ensuring the easy expansion of their services to the other parts of the state as the management of the bank desires to do.
f) Another strategy Bank Solutions can adapt to do away with most of its challenges is to identify critical systems, taking into consideration detailed hardware as well as software for the purpose of its inventories. Moreover, alternative processing facilities need to be addressed and proper directions laid out by the business administration to see a fast expansion of the bank (Levinson, 2018).
The Proposed Security Solutions and Relationship to the Case Study
For the purpose of confidentiality, integrity, and availability in the event of a calamity, the following proposed security solutions have been put forth as per the case study:
a) The bank solution has to implement data backup as well as information recovery utilities in every data center as well as the facilities for item processing
b) For the purpose of confidentiality, integrity, and availability of data and information about the bank, transaction details as well as “item image files from the present-day bank operations must be uploaded from every item processing facility” to the main data focus (Camara, Crossler, Midha, & Wallace, 2011). That would help to create transparency and trace daily business continuity.
c) Establishment of electronic vaulting in each data center to guarantee continuous backup of all email, files as well as “application servers and databases” at the main data center to the other data centers through the double dedicated fiber-optic lines.
A Detailed, Proposed Timeline for Addressing Each Element of The Strategy
It is always important to have deadlines for carrying out activities. For the benefit of the Bank Solutions executives, it is critical to develop a timeline for the following key strategies for security purposes. Other than the above discussed strategies, here are other strategies to be included in the list. Data backup and recovery utilities, a diagram of the bank's network architecture, flowchart showing item processing, calling trees and critical vendor contact listing (Camara, Crossler, Midha & Wallace 2011).
For instance, time to be taken to perform strategies related to IT would require IT specialized skills. Strategies like chart designing about items processing, searching and identifying useful backup and recovery sites should take no more than twenty business days. The other strategies like adjusting bank systems to achieve data confidentiality as well as data integrity should not take more than fourteen business days. However, all strategies related to IT must be carried out by a specialized IT officer who is trustworthy. Furthermore, other strategies like ensuring each member has a copy of the disaster recovery and business continuity plan should not take more than three working days given that it would be done within the bank itself.
We have also identified that Bank Solutions lacked advanced technological equipment (Camara, Crossler, Midha & Wallace 2011). It is because of that, progress has been slow and therefore not competitive with other financial providers. Bank Solutions needs to procure advance customer service systems as well as advanced systems for loan and borrowing servicing. Implying that it will have to procure those systems. Again, that would be the very critical strategy of positioning the bank at a position where it would compete with other firms. Procurement of the systems may be a little bit tricky since it required authentication of the systems to ensure they are free of any vulnerabilities. The procurement would take approximately two months. Time allocated for procurement, delivery, installation, and begin working with the new systems.
A High-Level Recommendation
Throughout the study, we have identified that technology issues are the main challenge facing Bank Solutions. I would highly recommend that Bank Solutions first employ software specialists and then procure more advanced business software for conducting their duties. That would ensure maximum data and information security and equally important, fair competition with other financial institutions within the same market.
References Camara, S., Crossler, R., Midha, V., & Wallace, L. (2011). Teaching Case-Bank Solutions Disaster Recovery and Business Continuity: A Case Study for Business Students. Journal of Information Systems Education, 22(2), 117. Crocetti, P. (2017, January 1). Disaster Recovery Plan (DRP). Retrieved from TechTarget: https://searchdisasterrecovery.techtarget.com/definition/disaster-recovery-plan Levinson, C. (2018, June 26). Importance of Inventory Management Systems. Retrieved from Biz Fluent: https://bizfluent.com/about-5518506-importance-inventory-management-systems.html Pufahl, J. (2017, January 10). Confidential Data Security Standard. Retrieved from University of Connecticut: https://security.uconn.edu/confidential-data-security-standard/#
