SEC440 System Security Plan

profileaussieinmiss
sec440_system_security_plan.docx

System Security

SEC440 System Security Plan

Name

Class

Date

Professor

System Security Plan

A bank is a financial institute that is responsible for safeguarding the money of its customers. When a bank does not have an adequate security system the result will be security breaches that will result in financial loss for the bank and its customers. In the past the bank only need worry about internal attacks from employee or external attacks from bank robbers but in modern society there is no a threat from unseen external threats that aces the bank and its private information through the banks information systems. In current society the bank must have the necessary physical security measures in place as well as the necessary information system security.

Description of Bank

A bank is a financial institution that stores the money of organizations, large and small, and the money of the private citizen. The bank is responsible for investing the money of its customers and for loaning money to other customers in order to obtain interest. Banks are privately owned but in order to ensure that if the citizen’s money is stolen in a bank robbery the bank must be insured and must have the necessary security measures in place to protect the citizen’s money. There are many different types of banks, from national banks, state banks, and central banks.

The Federal Reserve is the nation’s banking authority tasked with providing the nation with a safer, more flexible, and more stable monetary and financial system. The Federal Reserve watches over banking and money in the United States and is called a central bank. It supervises and regulates the banking industry and maintains the stability of the financial market to ensure event, such as the Great Depression, did not result in citizens losing the money they had entrusted to their banks. The Federal Reserve serves to protect the nation’s finances and to fund foreign investments.

The bank has many assets as it hold the money of giant corporations or the funds of the average consumer. They have access to precious metals such as gold and silver and store an unaccountable mount of wealth in their safe deposit boxes. A bank also has tens of thousands if not hundreds of thousands of dollars in the bank at any given time and holds important financial documents such as saving bonds and mortgages. Banks have investment securities, reserves, loans, and the money of the customers. Loans generate revenue but loans are funded though the money of the bank customer.

A bank has many different types of vulnerabilities both physical and digital. A bank is a building that has always tempted criminals to rob of its valuable assets. It has always been essential that the bank has the necessary physical security in place to ensure that bank robbers cannot enter the bank after hours and steal all of the money as well as security during the days to ensure that criminals are deterred from physically robbing the bank. This includes security cameras, vaults, security alarms, and security guards. While these physical security measures do not always deter the criminal from robbing the bank they help limit the amount of money received by the robber as well as help the police to identify the offender.

The other type of vulnerability faced by the bank comes from outsides threat especially those posed by new cyber threats. In the new information age, technology now poses as big a threat to a financial institution as a physical threat. Criminals can now hide their bad acts behind new advanced technology and commit crimes never leaving the comfort of their homes. The bank faces the threat of the cyber criminal accessing their private security systems in order to access the financial information of customers or in order to illegally transfer funds from the bank. The bank is vulnerable to outside attacks that will create major damage to information systems or result in the secrets of the financial institution being stolen.

In order to ensure that the private information of the bank and its customer are aptly protected from both the internal and external threats the bank must have a systems security pan in place to prevent these security breaches, losses, or attacks. Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co. and Wells Fargo & Co., have breached some of the nation’s most advanced computer defenses and exposed the vulnerability of its infrastructure, said cyber security specialists tracking the assaults (Strohm, 2012). These attacks have also resulted in major financial loss for the financial institution, the FDIC, and the customer.

Systems Security Plan

The system security plan is the vital to ensuring the bank can keep the money and possessions of the customers safe from threat or loss. This includes not only securing the physical perimeter of the bank and putting the necessary security measures in place to stop employee theft, it also includes ensuring that outside threats and internal threats from employees do not occur through the backs information systems. In order to ensure the customer can be guaranteed this protection the bank will need to employ at minimum a security system that protects information networks from damage from malicious code, viruses, and spyware as well as ensure the necessary internal security steps are put into place.

Types of Information in Security Plan

The types of information that should be located in the security plan involve information on the types of threats posed to the bank. These threats include computer related crimes that could affect the bank and the different types of attacks that can be conducted against the banks information systems. Other information that needs to be contained in the security plan is common threats such as phishing scams, hackers, wireless intrusions, malware, malicious insiders, and mobile devices. The security plan will explain the company’s security policy and provide data on the appropriate countermeasures. It will include a security risk and threat assessment and information on attest measures used by cyber criminals.

The security plan will evaluate our electronic and physical methods of accessing, collecting, storing, using, transmitting, protecting, and disposing of our customers’ non-public personal information (Smith, 2010). The purpose of the pan is to protect the private information of the banks and their customers form internal and external intrusion. The plan will assist the bank in protecting information systems against threats and assist the bank in anticipating the potential risks. The security plan will assist in preventing unauthorized access and identify potential threats.

Data is a key factor in determining what areas are vulnerable and what recommendations should be made. The type of information that will be gathered in the threat assessment includes what needs to be protected, the potential threats or vulnerabilities faced by the organization, value to organization, and to identify ways to minimize damage or loss. In other words the security plan will identify gaps in security that must be addressed and provide the best practices for closing this security gap.

Other important organization data that needs to be collected include the policies and procedures will be collected, past and present security documents, interviews with key personnel, and important information on security systems and networks. the type of operating system being used, services the organization is running, network applications, physical location of information systems, access controls, intrusion detection, firewalls, and networks surveying measures.

Internal and External Data Access Needs

· Establish information networks and systems security password guidelines

· Passwords are essential to ensuring the information of the customer and the employee are properly protected.

· Limit access to password

· Identify reasonably foreseeable internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer information or information systems (Smith, 2010).

· Authorized personnel

· Evaluate existing IT security policies

· Testing of the security controls and safeguards

· Security practices of information providers

· Evaluating and adjusting the plan

· Firewall software blocks unauthorized access

· Employees sign confidentiality agreements to protect customer private information

Potential IT System Vulnerabilities

· Internal and External threats

· Misuse by Employees

· Hackers, Phishers, Malicious scammers

· Misuse by customer

· Security gaps by information providers

· Former employees

· Weakness in design

· Failure in security software

Disaster Recovery Plans

The disaster recovery plan will need to have an action plan in place in order to respond to any attacks to the IT system and ensure an immediate recovery. It is essential that the bank be prepared to sufficiently respond to any internal and external threats to limit the impact to the customer and to limit the negative exposure the bank could receive. The data disaster recovery plan will protect critical data and immediately take steps to limit or stop the security breach and information loss. The ability to recover critical data soon after a disaster is a cardinal requirement, which cannot be over looked (Patel, 2006). This includes the implementation of a daily back up routine. The disaster recovery plan includes understanding the consequences of a security breach on the bank and what measures will need to be taken to ensure an immediate and successful recovery.

Business Continuity Plans

The business continuity plan involves different stages the bank will need to go through in the event of a security breach or intrusion to the information systems. This begins with the business impact analysis that will inform the bank on what kind of damage the breach or attack has created to the banks operational systems and the impact to the customer. The continuity plan will consist of a list of recovery strategies that can be employed to limit the impact of the intrusion, loss, or attack and allow the bank to select the one that bests fits the current security crisis. Next is the plan development where the recovery strategy is determined and the team is assembled. Once the plan is implemented it will be tested and changes will be made.

Conclusion

The systems security plan is essential to any organization but especially the financial institution. When a bank does not have an adequate security system the result will be security breaches that will result in financial loss for the bank and its customers. The systems security plan ensures the bank can be adequately prepared in the event of a cyber attack as well as is adequately prepared to provide an effective response in the event of a security breach or a security attack.

Retrieved

Kadel, L. (2004). Designing and Implementing an Effective Information Security Program.

Retrieved January 19, 2013 from

http://www.sans.org/reading_room/whitepapers/hsoffice/designing-implementing-effective

Patel, M. (2006). Data Disaster Recovery Plan. Retrieved January 20, 2013 from

http://www.knowledgebed.com/sociology/article-item.php?id=0609052150

Strohm, C. & Engelman, E. (2012). Cyber Attacks on U.S. Banks Expose Vulnerabilities.

Bloomberg News. Retrieved January 19, 2013 from

http://www.businessweek.com/news/2012-09-27/cyber-attacks-on-u-dot-s-dot-banks-expose

Smith, M. (2010).Sample Written Information Security Plan. Retrieved January 19, 2013 from

http://www.meredithsmith-cpa.com/images/wisp.pdf