GAP Analysis Issues - Report Example

GAP analysis November GAP analysis Introduction Business operations face interruption risks that could lead to terminated processes and lost data. Disaster recovery and business continuity (DRBC) planning however prepares an organization for such interruptive occurrences. Bank Solutions Inc. offers item processing services, such as in-clearing and Proof of Deposit (POD) processing, item capture, return and exception item processing, and image archive storage and retrieval, to diversified stakeholders such as community banks, internet banks, and small to midsized credit unions. The company is at its prime image for buyout and seeks to maintain this attractive position. Risk assessment however identifies issues, risks, and challenges that could threaten this position, and this report offers an analysis of the factors and recommends a security strategy and security solution for managing the risks, issues and challenges. The report is organized into five sections for clarity. Step 1: Key Issues/Challenges/Risks Key security and technology issues Scope of the company’s operations that include clearing deposits and processing proof of deposits, as well as item processing and data storage and retrieval identify exposure to diversified security and technological issues. “Integrity and authentication” as well as confidentiality are some of the security issues that are apparent to the company’s operations, based on the assessment (The United Nations, 2007, p. 31). Ease of alteration of electronic data offers threats to unauthorized changes and difficulty in detecting such changes or the times at which the changes are made. Assessment results shows that the company’s system has not been updated since January 2009 and that its disaster recovery and business plans have not been tested (Camara, Crossler, Midha, & Wallace, 2011). These exposes the company to integrity and authentication issues among its employees as fraudulent programs could lead to undetected malicious errors. Even though disaster recovery and business continuity master plan was developed, with intention of modification at facility levels, some facilities have not customized and implemented the plan, a factors that also offer threat of malicious data loss. Assessment results also note that measures for addressing security incidents towards preservation of evidence lack and means easy leak of information and data, contrary to expectations of confidentiality doctrine. This also extends privacy, as a security issue. Repudiation issues is another security based concern (Chhabra, 2013) that is imminent in the company’s system. Results on event logins shows that power users with write access also use general even log and the multiple access point is an indicator of possible actions with which power users do not want to associate. Use of a system whose update is long overdue is also a threat to system performance and the organization could be operating inefficiently. Some of the company’s plan participants have also not accessed the company’s DRBC plan, a factor that identifies possible incompetence in the plan’s implementation. Full back up performance are also dome on a weekly basis and this exposes data to loss from the system’s physical damage. From a technological perspective, multiple layer applications, such as experienced in different outsourced data storage and possible add in applications to the company’s system, is another issue. Design complexity of the DRBC plan as well as that of the system, since some users have not even accessed the plan, is another issue (Beqiri, n.d.). Risks and challenges Unskilled staff, inefficient change management, insufficient training, inefficient communication of procedures are some of the risks and challenges that database management and operations face (Abdalla & Albadri, 2010). Unskilled staff lack competence in their expected operations the fact that some personnel have not accessed DRBC plan suggest risk of their incompetence in expected practices. The experience at one facility where back up operations have failed is another indicator of incompetence operations. Outsourcing for backup while the company has systems for the same operation also suggests personnel’s inability to utilize available resources. It is also evident that the company uses an outdated system that it has also not tested for compatibility with the dynamic operational environment. Poor change management is therefore a challenge. Not only is the organization under threat of effects of insufficient training for personnel but analysis results show that it plan participants have not undergone any form of training. Availability of DRBC plans in the organization system, yet some plan personnel have not accessed the plan is also an indicator of poor communication. Derived paradigms The identified risks and challenges are likely to compromise efficiency of the organization’s systems into poor service delivery. Processes may be slow, may be erroneous, and could fail to identify fraud by employees of external hackers. “Technological paradigm” and “socio-technological paradigm” can however aid the company’s service delivery (Academic Conferences, 2009, p. 239). Technological paradigm integrate systems with the aim of availing, sharing, and distributing knowledge and such applications as enterprise resource planning and cloud computing could inform the organization’s system update. Socio-technological paradigm could also facilitate communication and personnel’s motivation into pursuing the organization’s objectives. The paradigm is likely to eliminate laxities such as personnel’s incompetence and lack of fundamental information on the organization’s blue print for operations. Step 2: Recommended Security Strategy for Mitigating the Issues and Challenges Times back up data base strategy that incorporate data encryption and restricted data access is the recommended security strategy for mitigating the issues and challenges. Based on a developed model from Oracle database, the timed backup system ensures automated backup creation, and would remedy such issues as system performance, and untrained staff because such a system is automatic and would therefore require minimal personnel attention. It will also guarantee back up and therefore prevent risk of data loss through damaged systems. The automated system also limits multiple data storage approach such as interlinking data centers and simplifies the backup system (Du, 2012). “Transparent data encryption” that encrypts data automatically could enhance safety of stored data through restricting readability (Solomon, 2013, p. 296). This would guarantee confidentiality and privacy of information, especially if decryption is restricted to specific personnel or office. Following such an application is the need to restrict access to data, especially decrypted data, and Structured Query Language (SQL) can facilitate this. This will ensure that only people who are authorized to access data access it, and would reinforce confidentiality and privacy issues besides improving authenticity of data. With restricted data access, ensuring integrity is easier because users can be traced and be held accountable, especially with use of designated individual access accounts with private entry passwords (Solomon, 2013). Step 3: Proposed Security Solutions and Relationship to the Case Changing from the current backup system to an integrated automated backup system that includes data encryption and Structured Query Language is therefore the recommended security solution. The solution’s technology is an upgraded Oracle database, Structured Query Language, and Transparent data encryption. The database backup system is automatic and procedure only exists for developing it. This includes creating backup parameters and then following this by a stepwise procedure of setting up backup intervals, defining backup directory, and running the program. a technology expert is needed for this. The technician also incorporate key for the encryption program but a programmer is necessary for creating the Structured Query Language (Du, 2012). Step 4: Proposed Timelines for Addressing Elements of the Strategy The strategy involves development and running an automated and improved Oracle backup system that has encryption and SQL programs. This will ensure integrity and authentication through restricting access of stored data to specific individual, a factor that will facilitate accountability and truthfulness among personnel who access stored data. Attained integrity will also eliminate possible repudiation of ills. Efficient system performance and limited need for staff training are other recommended solutions that the automated system will achieve. Secured data, through an efficient backup system, and simplified data backup system are other recommended solutions. Three tasks help in achieving the solutions. Development of the automated Oracle backup system is one of the tasks and relates to system performance, staff training, data safety, and complexity. Integration of Transparent data encryption and SQL programs are the other activities and the two resolves problems that relate to integrity, authentication, confidentiality, privacy, non-repudiation. The table shows proposed timeline for implementing the three activities. Table 1: Timeline of activities Time Activity People involved Resources 2 weeks Recruitment and appointment of technology specialist Outsourced human resource specialist Money for consultancy 1 week Review of recommendations and the organization’s system Appointed technologist, the company’s technologist and member of the engagement team Human resource 1 ½ weeks Development of the backup system Outsourced technologist Oracle software and human resource 2 week Pilot implementation in one of the data centers Outsourced technologist Human resource 1 week Incorporation of Transparent data encryption program and testing in the same facility Outsourced technologist Human resource 1 week Incorporation of SQL program and piloting in the same facility Outsourced technologist Human resource 3 weeks Evaluation of success and effects of the proposed change Outsourced technologist and the engagement team Human resource 1 week Implementation Outsourced technologist and the engagement team Human resource 3 months Evaluation and recommendation of possible changes Outsourced technologist and the engagement team Human resource Step 5: High-level Recommendation for Mitigating Risks Mitigation An upgraded Oracle backup system that also has transparent data encryption and SQL is recommended for mitigating the identified issues, challenges, and risks. The backup system will facilitate the organization’s key objective through proper data storage while the integrated programs will ensure safety. This will reduce burden on human resource due to data management. Next steps The company should develop a team of IT specialist that can develop and run a secure internal database management system. This will the company’s image among its customers and ensure its competence in protecting data from external threats. References Abdalla, S. & Albadri, F. (2010). ICT acceptance, investment, and organization: Cultural practices and values in the Arab world. New York, NY: IGI Global. Academic Conferences. (2009). Proceedings of the 6th international conference on intellectual capital, knowledge management and organizational learning. Reading, UK: Academic Conferences Limited. Beqiri, E. (n.d.). Information and communication technology security issues. University of East London. Retrieved from: http://www.kaspersky.com/images/information_and_communication_technology_security_issues.pdf. Camara, S., Crossler, R., Midha, V., & Wallace, L. (2011). Bank solution disaster recovery and business continuity: A case study for CSIA 485. Journal of Information Systems Education, 22(2) : 117-123. Chhabra, S. (2013). ICT influences on human development, interaction, and collaboration. Hershey, PA: Idea Group Inc (IGI). Du, W. (2012). Informatics and management science I. New York, NY: Springer Science & Business Media. Solomon, M. (2013). Security strategies in windows platforms and applications. Burlington, MA: Jones & Bartlett Publishers. The United Nations. (2007). Information and communication technology policy and legal issues for Central Asia: Guide for ICT policymakers. Geneva: United Nations Publications. Read More