StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Security, Interoperability, and Operations in Bank Solutions, Inc - Case Study Example

Cite this document
Summary
This paper "Security, Interoperability, and Operations in Bank Solutions, Inc." analyses issue around the organization’s system, based on results from its internal report, and recommend IT security controls and government regulations and standards that can safeguard the company’s data…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95% of users find it useful
Security, Interoperability, and Operations in Bank Solutions, Inc
Read Text Preview

Extract of sample "Security, Interoperability, and Operations in Bank Solutions, Inc"

Case study November 08, Case study Information technology has emerged to be the backbone of the finance industry whose balk of services relate to data storage, data management, and dissemination of data. Threats to data safety such as physical damage due to accidents and calamities or intentional threats that could be internal or external identify need for security measures for protecting data from loss and breach. Disaster recovery and business continuity (DRBC) planning prepares an organization for dealing with the threats but security controls and regulations also exist for promoting data security. The scope of operations of Bank Solutions Inc. identifies the need for security measures but risk assessment of the company’s operational set up identifies security, interoperability, and operations issues that threaten the organization’s ability to implement DRBC plan and safeguard its data. This report analyses issue around the organization’s system, based on results from its internal report, and recommend IT security controls and government regulations and standards that can safeguard the company’s data. Issues related to security, interoperability, and operations in Bank Solutions, Inc. Security issues Scope of the company’s operations that identifies data in electronic format and the company’s outdated and untested data system identifies integrity, confidentiality, and authentication as major security issues (The United Nations, 2007). This is because the company’s outdated and untested could be inefficient in detecting and preventing possible internal threats. This also raises authenticity, repudiation, and integrity concerns due to possible arbitrary data alteration (Camara, Crossler, Midha, & Wallace, 2011). Confidentiality is also an issue because of company’s laxity in customization and implementation of disaster recovery and business continuity master plan that mean that stored data is susceptible to breach from employees who are not entitled to access and external threats. Such access can only identify malicious intention and breach of confidentiality (Chhabra, 2013) and lack of regulation on data access suggests this. Operations Operational issues are also evident in the case and implementation of Information Technology governance is an example. Effective governance offers leadership for availability and implementation of necessary frameworks for operations and security of a system (Grajek & Pirani, 2012). Assessment results suggest lack of such governance, leading to application of an outdated and untested system. Identified failure by some facilities to customize and implement DRBC plans also shows lack of effective governance in operating and managing the company’s information system. This further means that some personnel could lack knowledge and application of the plans, leading to non-uniform operations and operational inefficiencies. Professional competence in operating system infrastructure is another significant issue, especially because the organization has not trained its plan participants (2012). The lack of training also suggests significance of inefficiency in operations, even in other areas (Dreager, 2007). Interoperability Data management is also done at center level with limited integration and implementing a cloud system that will link all systems, for back up is necessary (Grajek & Pirani, 2012). Independent security management, from the organization’s strategic and operational planning is another issue as the analysis results fail to identify the role of strategic and operational planning (The U.S. Government Accountability Office, N.d.). Interdepartmental infrastructure, for efficient operations is also significant and is identifiable from the low-level interdependence of data centers (Doumeingts, Muller, Morel, & Vallespir, 2007). Prioritized requirements based on immediate need, security posture, complexity, resource availability, and cost The most important need is integrity among IT personnel and should be prioritized. This will ensure moral practice and personnel’s initiative towards data safety, through honesty that will either mitigate possible internal breach or identify and report threats for prevention and management of external threats. Leadership and seminar may be necessary for promoting integrity at no extra cost or resource necessity and the process is not complex. Proposing policies and moral codes can also help achieve this. Testing and updating the system is another need for the organization. Expertise, software and hardware, and money for financing the resources may be necessary and the process is complex. It will however prevent security breach and data loss and will reinforce effects of achieved integrity. While integrity and a tested and updated system ensure safety from deliberate threats, customization and implementation of disaster recovery and business continuity master plan will improve the company’s ability to detect and prevent other threats such as physical damage due to calamities and accidental malware. IT governance and training of personnel may however be necessary. Incorporating software that restrict data alteration, to ensure authenticity, and introduction of a cloud system, for an integrated system across the organization, are other necessities. These will require software, programs, and expertise for installation and management. Their significance is however low to identify the low priority. After implementing these necessities, the company can consider its overall IT governance for efficiency and effectiveness of development and implementation of security measures. General personnel training and interdepartmental infrastructure may also be necessary for efficiency. Data and cost of implementing necessities are the fundamental bases of the prioritization, and are supreme for the company’s scope and need for competitiveness. Applicable government regulations/ standards that govern measure or implementation of the requirements Section 609.930 of Code of Federal Regulations identifies some of the applicable government regulations to the case. One of the regulations is need for “security and integrity of system institution and borrower data” and corresponds to the identified integrity and privacy issue (Cornell University Law School, n.d. p. 1). This requires the company to establish a reliable system that protects data from threats. The company has however not achieved this because of its failure to test and update its system for disaster prevention and management. Another government regulation, based on the policies and procedure, is an organization’s responsibility to ensure privacy of its clients’ data. This identifies need for controls that can safeguard data should there be breach of integrity and measures for authenticity are examples. Failure to update the system establishes threats to privacy and a breach of the provision. Another regulation is the required ability to readjust after occurrence of a risk and identifies with the organization’s failure to implement DRBC plan in some facilities and failure to educate its members on required skills. This therefore addresses issues such as employee training and governance that the organization lacks. Another regulation requires an organization’s ability to detect and manage intrusions. This is however possible with an updated system and a competent team of staff that the company lacks (Cornell University Law School, n.d.; Powner, 2009). Security controls that relate to the issues and effects of the controls on enhancing security posture or implementation of identified requirements “Unsuccessful logon attempts,” “separation of duty,” “information flow enforcement,” and “access control policy and procedures” are some of the controls that relate to the issues (National Institute of Standards and Technology, 2013, p. F-7- F21). Unsuccessful logon attempts, information flow enforcement, and access control policy control possible unauthorized data access through approved accounts, therefore ensures privacy, and promote authenticity. Separation of duties however distributes roles among personnel and departments and therefore facilitates governance and competence due to specialization. Information flow enforcement also facilitates interdepartmental integration and strategic planning for cohesion. The unsuccessful logon attempts limit the number of unsuccessful logins and therefore prevent unauthorized login through trial and error entry of password. This will ensure that only authorized personnel access data and will address issues such as authenticity, confidentiality, and privacy, through ensuring accountability. The attained level of accountability will also facilitate integrity. Information flow enforcement offers control over accessibility of data to personnel and facilitates integrity through ensuring accountability of few individuals. Effective enforced flow also incorporates need of different departments and requires IT governance for effective interdepartmental operations. The enforcement will also require, and therefore ensure strategic planning. access control and policy procedures ensures availability of revised policies and procedures and will ensure updated and tested systems with awareness and competence of the systems among relevant employees, through IT governance. The last of applicable controls is separations of duty and is likely to reinforce restricted access to data, personnel’s competence due to specialization, and integrity due to accountability among few individuals. Implementing the four controls will therefore help the company address most of its security, operations, and interoperability issues. References Camara, S., Crossler, R., Midha, V., & Wallace, L. (2011). Bank solution disaster recovery and business continuity: A case study for CSIA 485. Journal of Information Systems Education, 22(2) : 117-123. Chhabra, S. (2013). ICT influences on human development, interaction, and collaboration. Hershey, PA: Idea Group Inc (IGI). Cornell University Law School. (n.d.). 12 CFR 609.930- Policies and procedures. Cornell University Law School. Retrieved from: http://www.law.cornell.edu/cfr/text/12/609.930. Doumeingts, G., Muller, J., Morel, G., & Vallespir, B. (2007). Enterprise interoperability: Nnew challenges and approaches. London, UK: Springer Science & Business Media. Dreager, J. (2007). Information technology investment and the relationship to jey hospital operational metrics: An exploratory analysis. Ann Arbor, MI: ProQuest. Grajek, S. & Pirani, J. (2012). Top-ten IT issues, 2012. Educause Review. Retrieved from: http://www.educause.edu/ero/article/top-ten-it-issues-2012. National Institute of Standards and Technology. (2013). Security privacy controls for federal information systems and organizations. The U.S. Department of Commerce. Retrieved from: http://www.disa.mil/Services/DoD-Cloud-Broker/~/media/Files/DISA/Services/Cloud-Broker/NIST-SP80053-SecurityandPrivacyControls.pdf. Powner, D. (2009). Information technology: Federal laws, regulations, and mandatory standards for securing private sector IT systems and data in critical infrastructure sector. Washington, DC: DIANE Publishing. The U.S. Government Accountability Office. (N.d.). Issue summary. The U.S. Government Accountability Office. retrieved from: http://www.gao.gov/key_issues/leading_practices_information_technology_management/issue_summary. The United Nations. (2007). Information and communication technology policy and legal issues for Central Asia: Guide for ICT policymakers. Geneva: United Nations Publications. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Case Study Example | Topics and Well Written Essays - 1250 words - 9”, n.d.)
Case Study Example | Topics and Well Written Essays - 1250 words - 9. Retrieved from https://studentshare.org/information-technology/1664452-case-study
(Case Study Example | Topics and Well Written Essays - 1250 Words - 9)
Case Study Example | Topics and Well Written Essays - 1250 Words - 9. https://studentshare.org/information-technology/1664452-case-study.
“Case Study Example | Topics and Well Written Essays - 1250 Words - 9”, n.d. https://studentshare.org/information-technology/1664452-case-study.
  • Cited: 0 times

CHECK THESE SAMPLES OF Security, Interoperability, and Operations in Bank Solutions, Inc

Model for Integrating Physical and Virtual Identity Management Systems

The researcher of this essay aims to analyze suitable attributes for interoperable identity management systems… It is evidently clear from the discussion that the framework of Global interoperability Framework (GIF) has been developed on the basis of Identification, Authentication and Electronic Signature (IAS).... interoperability between different types of smart card schemes is desired to be achieved by means of this framework.... The interoperability takes place on an intermediate layer that serves as an abstraction of the authentication mechanism....
39 Pages (9750 words) Thesis

The Security of Access Management Systems

This dissertation "The security of Access Management Systems" focuses on freedom from any sort of danger or fear.... security is one of the most important aspects of an access management system since the login credentials of the users need to be safeguarded with security measures.... nbsp;… The different forms of security have been categorized into three divisions.... Each of these aspects has a different degree of security related to it....
46 Pages (11500 words) Dissertation

Security in the Cloud

This literature review "security in the Cloud" presents security in the cloud; it will focus on the issue of security as regards the concept of cloud computing.... It is evidently clear that the security risk of cloud computing is real and needs to be addressed in order to protect customers' data.... However, despite the many benefits that come with cloud computing, there is a thorny issue of privacy and security....
9 Pages (2250 words) Literature review

What Is Electronic Authentication

A single sign-on solution allows end-users a secured authentication for access and usage of desktops, enterprise applications, electronic communications, administrative and operational tasks (“SECUDE IT security,” 2008).... Our existence in society has become dependent on proving our credentials, our identity and our right of access to a certain set of resources....
12 Pages (3000 words) Essay

Technology Evaluation - Bank Solutions Inc

Security concerns also establishes the need for applications that can guarantee security issues such as authenticity, privacy, and confidentiality and legal… bank solutions inc.... Evaluation of the technology's capabilities, costs, maintenance requirements, flexibility, and feasibility is however necessary before implementing the technology for bank solutions inc.... With the technology, bank solutions inc.... One of the technology's features, which also establish its capability to address the issues, is its architecture that allows for cloud operations....
5 Pages (1250 words) Case Study

Promoting Information Security in Banking Solutions Inc

This case study "Promoting Information Security in Banking Solutions Inc" focuses on the major information security issue faced by bank solutions inc.... Skipping some item processing facilities poses an information security risk to both customers and the institution.... Skipping some item processing facilities poses an information security risk to both customers and the institution.... ther failures contributing to information security issues include problems regarding critical systems, business processes, alternative processing facility address as well as directions, notification listing, and procedures for public relations management....
5 Pages (1250 words) Case Study

IT Controls

This case study "IT Controls" examines the security issues related to security, interoperability, and operations of bank solutions, Inc.... Security and privacy controls of information systems are one of the primary strategies organizations and individuals implement to protect their operations, assets, etc.... In addition, it prioritizes and articulates selected requirements based on immediate need, security posture, complexity, available resources, and cost....
7 Pages (1750 words) Case Study

Issues Related to Security Interoperability and Operations

This case study "Issues Related to security interoperability and operations" focuses on the issues faced by Banking Solutions Inc, a number of them are related to security, interoperability, and operations.... nbsp;… The controls will have to support the financial as well as the operational planning of Banking solutions inc.... More importantly, the best IT security controls would be the one giving way to the promotion of objectives as well as measurable progress indicators in aspect like information security, item progress, and operations among others....
8 Pages (2000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us