StudyDaddy Article Writing Project #4: Security Strategy and Plan with Recommendation MemoInstructionsDevelop a Security Strategy and Plan (“Plan”) and a separate Recommendation Memo (“Memo”) addressed to the CIO.  The

Project #4: Security Strategy and Plan with Recommendation MemoInstructionsDevelop a Security Strategy and Plan (“Plan”) and a separate Recommendation Memo (“Memo”) addressed to the CIO.  The

Bank Solutions Case Study

Issues Related to Security, Interoperability, and Operations of Bank Solutions

The case study has highlighted multiple issues relating to information security, Bank Solutions operations as well as issues revolving around the bank’s interoperability. To mention but just a few of the key issues discussed in the study include:

Stiff competition from other item processing facilities – The bank seems to lack advanced information technology software which would aid in its expansion just like its competitors. The study has identified that Bank Solutions lacked “proprietary software systems which were considered top of the line” (Camara, Crossler, Midha & Wallace 2011). Its competitors had implemented and put into operation these proprietary software systems, therefore, outperforming Bank Solutions in the market.

Flowcharts - Which document the operations of the item processing as well as the flow of data between Bank Solutions item processing amenities. Moreover, flow charts contain data centers as well as outside entities. The main aim of the flowcharts is to master the flow of information from the Bank Solutions to its outside facilities. With the help of an external consultant, the bank was able to develop a flowchart including all its data centers.

Development of diagram of Bank’s network architecture – As we are aware, the architecture design used in any software determines where a software is prone to attacks or malicious software. In order to ensure that the best software architecture is used during the designing of the Bank's software, the bank would first diagram the kind of architecture it would wish to have, then proceed to procure it.

Disaster recovery and business continuity plan – Occurrence of calamity affects business operation and may even lead to business collapse. In order to stay safe, it would be essential to develop a business disaster discovery plan that will help to bring back the business into its original position in case a calamity occurs. A good plan should show procedures to be used to safeguard the business from the crisis and how to restore the business in case a crisis happens (Camara, Crossler, Midha & Wallace 2011). It is an issue concerning Bank Solutions operations as well as the security of the bank in case of a disaster.

Procedures, guidelines, policies, as well as values connected to respond to security matters – These are basically procedures to be used by Bank Solutions to address its matters relating to data as well as information security of the bank as well as the security of its customers. The guidelines would be addressed from system access up to control of the data over the network.

Essential plan participants responsibilities, roles as well as requirements - Issues relating to bank operations by outlining duties as well as responsibilities of each employee in the bank. Moreover, the plan should include each employee required in order to guarantee no confusion on the bank's operations.

Procedures governing the relationship of the Bank and the communication - This is an issue touching on the interoperability of Bank Solutions. For the purpose of a good relationship between bank and communications, there needs to be good guidelines governing Bank's contact and communications.

Significant system, taking into consideration hardware as well as software inventories - As we have seen earlier, the bank has been underperforming due to use of poor technology. It has not been in a position to expand its operation to most parts like its competitors (Camara, Crossler, Midha & Wallace 2011). Therefore, it is essential for the bank to come up with critical systems which involve advanced software as well and advanced hardware to compete favorably with its competitors as well as advancing its operations and service to customers.

Unique bank recovery methods for major systems - There is the main system within the bank which contain essential data for the bank. It is important to guarantee the immediate recovery of information stored in those systems in case of a disaster. Otherwise, failure to come up with unique procedures may threaten the security of essential data in those systems and, in the event the data is lost, may lead to the collapse of the bank.

Intrusion Detection System (IDS) - These may include firewalls as well as other configurations concerning capability of event logging. Help to bar intruders from accessing Bank Solutions’ systems.

Prioritization and Articulation of Security, Interoperability and Operations Issues

Issues tackling the bank operations, interoperability as well as bank security can be prioritized according to their usefulness to the bank. From my point of view, bank security matters should be given the first priority. We know no operation or interoperability of the bank can progress if the bank is not on the safe side. Although matters revolving data as well as information security concerning the bank’s security may be costly, it is worthy to be given first priority than issues revolving around business operations. The issues to be tackled following bank security is the operation of the Bank Solutions within itself. Guaranteeing good operations within the bank is less costly, less complex and may use available resources to create a good atmosphere within the bank. Moreover, when the safety of workers and bank property is guaranteed, then the operations of the bank become simpler. The other matter which I will consider or prioritize last is issues revolving around bank interoperability. When the bank is settled, assured that its operations, as well as the security of its property, are protected, then it can think of operating with other item processing facilities to expand its markets. Issues concerning establishing interoperability are less costly, less complex and may require fewer resources to establish since it requires simple negotiations and agreements.

Government Legislations That Control the Requirements of IT Security

There exist government regulations or standards that must be met while setting up information technology security measures. The legislation is put in place to avoid violation of rights of users if the available information is over the network. Some key legislation which can be absorbed by Bank Solutions to guarantee its safety may include:

Sarbanes-Oxley Act (aka Sarbox, SOX)” - The act was enacted back in 2002. Its main aim was to safeguard investors as well as the public by aggregating the accuracy as well as the reliability of corporate exposure. In the same line, Bank Solutions can absorb the same act when designing its IT requirements to ensure that data about its customers is accurate, protected and reliable even to the public (Staff 2018). The architecture design of the Bank Solutions should be set to meet the obligations of this act.

Federal Information Security Management Act (FISMA)” - Bank Solutions can implement a program that would offer protection for their information as well as their information systems, counting those offered or managed by other contractors or other item processing facilities. In order to have that program, Bank Solutions will have to involve an IT expert who would help in setting up the program.

The Gramm-Leach-Bliley Act (GLB) Act of 1999” The legislation was developed to offer protection of consumers’ financial information held by financial institutions (Staff 2018). Given that Bank Solutions is a financial institution, it must consider implementing the act to ensure the protection of its customers' financial information from intruders or malicious software.

Payment Card Industry Data Security Standard (PCI DSS)”Hoping that Bank Solutions will embrace new IT software just like its competitors, then it must meet this legislation by offering the maximum security of payments customer account data, especially about lending and saving of items or money (Staff 2018). The main aim of the legislation is to offer maximum data security of Bank Solutions customers.

Information Technology Security Controls

There are multiple securities as described in “NIST Special Publication 800-53” which may be used by Bank Solutions to address security, operation as well as interoperability above discussed among other challenges. Some of these security controls may include the following:

Accountability and audit- Bank Solutions would need to ensure its information concerning operations as well as the security of its customers' data and the information is guaranteed. That may be achieved by ensuring that there is accountability in which information is transmitted over the network to other facilities as well as information in Bank Solutions itself. To achieve this, the bank would need to audit its information after a determined period of time.

Identification and authentication – Bank Solutions should ensure that every person who gets access to their systems are identified and the necessary authentication carried out to prove the identity of the user. By embracing that, the bank will be on the safe side to guard its system against attack by intruders with malicious intentions.

Security planning- According to NIST Special publication 800- 53, it is essential to have well-developed guidelines of tackling security matters. For the case of Bank Solutions, it needs to come up with nice procedures addressing security matters within the operations of the bank as well as interoperability of the bank.

System and information integrity - As described in NIST Special publication 800-53, it is important for system administrators to guarantee the integrity of the system as well as the integrity of the institution’s information. Bank Solutions, especially the IT and database administrator must ensure the integrity of bank systems, as well as bank information is highly maintained. This is to ensure customers' information, information pertaining to bank operations as well as bank interoperability is confidentially maintained and free from attack by malicious users or attackers.

References

Bryson, J. E. (2012). NIST Special Publication 800-53 Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations JOINT TASK FORCE TRANSFORMATION INITIATIVE.

Camara, S., Crossler, R., Midha, V., & Wallace, L. (2011). Teaching Case-Bank Solutions Disaster Recovery and Business Continuity: A Case Study for Business Students. Journal of Information Systems Education, 22(2), 117.

Staff, C. (2018). The security laws, regulations and guidelines directory. Retrieved from https://www.csoonline.com/article/2126072/compliance/compliance-the-security-laws-regulations-and-guidelines-directory.html#PCI-DSS


Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!