You are the information security manager (ISM) of a financial and savings organization (NCU Financial Savings Bank, or NCU-FSB) with a clientele base of 250,000 customers averaging 1.2 million transactions per week. The IT infrastructure consists of 10 servers for each of the three locations: five for local production and five for replication and redundancy. After a recent vulnerability assessment performed by an external firm, specific threats and vulnerabilities were identified and needed to be addressed. The conceptual network diagram for NCU-FSB is displayed in Figure 3 (attached file)
The following findings were reported:
– MAC address conflicts that need to be resolved between telecommunications and network appliances (routers, switches, firewalls, servers, etc…)
– Security warnings coming from the proxy and email servers
– Constant firewall alerts classified as high
– Employee collusion in certain processes that can result in a significant financial loss to the organization
– Inconsistencies in data transmissions
– Attacks detected from external international sources caused by multiple critical servers that have been compromised due to vulnerabilities in the operating system, where the presence of additional services, opened ports, additional dynamic link libraries (DLLs), additional files and scripts added to the system partitions, and critical data missing from the server issues were detected
As the newly hired ISM of the organization, you have been tasked by the board of directors to analyze and layout a strategy to address risk issues and what aspects or areas should be considered when performing a security risk assessment. One of the first observations is the lack of segregation of duties (SOD) to reduce any collusion, but you recognize this could lead to an increase in the number of employees within your team. Budgetary constraints are against the addition of employees in your department.
For this assignment, you must write an article presenting the results of your analysis and initial data discovery (eDiscovery) in which you briefly answer the following questions:
– An introduction that addresses the essence of a security risk assessment. In this introduction, you will explain and defend the importance of having a risk management program in place, the main elements of a risk program, and the benefits derived from incorporating this strategy as part of the corporate security program.
– What solutions can you employ to reduce or even eliminate the possibility of collusion in the financial organization?
– How would you address the need to segregate duties (SOD) and rotate tasks, for it is a requirement by laws applicable to financial and savings institutions like Sarbanes Oxley (SOX) and Gramm Leach Bliley Act (GLBA)?
– What actions or changes in server setting and configuration must be made to avoid MAC address collision and server compromise?
– Discussion of the primary threats enterprises are currently facing, the impact, and a comprehensive analysis of how security must address these threats, attacks, and vulnerabilities.
– Different regulatory requirements that warrant a security risk analysis.
– Taxonomy of risk elements for cyber-risk management as part of the security risk analysis. Define the concept of taxonomy and its importance as part of the risk assessment and management process. Develop a table and relation diagram.
– Information needed to initiate a security risk analysis—eDiscovery process flowchart and explanation.
Length: 4-5 pages with a minimum of 3 scholarly references (within 5 years)
– Grobler, J. (2018). Cyber risk from a chief risk officer perspective. Journal of Risk Management in Financial Institutions, 11(2), 125-131.
– Elnagy, S.A., Qiu, M., & Gai, K. (2016). Understanding taxonomy of cyber risks for cybersecurity insurance of financial industry in cloud computing…
– Knight, M. (2017). What is taxonomy? Dataversity.
– Tokunaga, R.S. (2017). Cyber-defense: A taxonomy of tactics for managing cyberstalking. Journal of Interpersonal Violence. 32(10), 1451-1475.
We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.Read more
The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.Read more
The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.Read more
By placing an order with us, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.Read more