The Implementation of the Security Plan - Case Study Example

IMPLEMENTATION PLAN EXECUTIVE SUMMARY Security of information is crucial at bank Solutions Inc. a company that deals with many customers. A lot of information is passed through the networks and computers systems and networks from users inside or outside the company. Bank Solutions will employ the use of various technologies to protect its information from prying eyes, hackers and other malicious software sent to access sensitive information. The company will use various strategic technologies the information in the system is safe. The technologies are intrusion prevention systems (IPS), Pen-Testing, and Amazon S3. The implementation of the security measures will use the various software together to enhance security. INTRODUCTION Purpose of Plan The purpose of the action plan is to beef up the information security in the banks and ensure that all threats and vulnerabilities are reduced to a minimum. The program will use the various federal laws, policies and regulations together with best practices from the industry to come up with an effective information security plan for the bank (Whitman & Mattord, 2014). The national institute of standards and technology is an important set the various information technology security measures that should be followed together with other bodies like national security agency, the office of management and budget among many others (Peltier, 2010). The paper will thus focus on the various programs and determine the various remedies that will help implement the system security plan. GOALS AND OBJECTIVES: Business Goals and Objective To ensure that the information security regarding the business is safeguarded and that loopholes are dealt with immediately to prevent leakage and hacking and, therefore, unauthorized access to sensitive information of the bank and the accounts of the people. Project Goals and Objectives To come up with strategies regarding security that follows the security protocols that is set by the governments and other regulatory bodies. To develop security measures and programs that will ensure that the employees and information regarding the assets of the company is safeguarded from outside threats and vulnerabilities and that will provide the bank with retaliatory programs in terms of preventing penetration to the banking information systems. SCOPE: The plan covers all the banking departments, the managers, president of the bank, managers, supervisors, employees at all levels in the bank, all security personnel at the bank, interested parties and stakeholders, contractors and finally the guests who venture into the bank and access various facilities in the banks to name a few. The assets that the bank has and that can be accessed by individuals outside will be included in the implementation the action plan PROJECTED EXPENSES: time Activity first quarter Phase one Abide by the security regulations and policies Initiating SLDC plan second quarter Phase two Extending SDLC agenda in SDLC process Increasing awareness internally third quarter Phase three fourth quarter Phase four Including security in the systems Including security in the company needs System development life cycle Introduction The various infrastructure that will be involved various technologies and equipment obtained by the business to protect it. The different techniques will help banking solutions to enhance its security as a whole for the information that is critical to the banking operations. The various infrastructures will use the technologies to prevent any attacks and loopholes that could lead to sensitive data being accessed by unauthorized people. OWNERSHIP The managing and control of the technology will be in the hands of the system analyst and other staff below him or her. Scope The information security plan is going to be applied to the users of IT services and systems used by banking solutions. The users are the banking solution’s employees and the users who access the business solutions premises. The security plan will apply to the developers of the software or any person that has interests in the software development for business solutions. Security applications The banking solutions have a lot of use for the computers. Therefore, the incorporation of various technologies to boost information security is crucial. The various security measures put in place need offset each other. The different technologies enable information to be secured at different levels where they act in different capacities to ensure that the information is obtained. One of the objectives of using the security technologies is to prevent intrusion into the systems of banking solutions. Therefore, various technologies have applications that safeguard information. Ownership System Manager Alternate information analyst General information security standards The primary function of the implementation is it to protect the availability of data, integrity and confidentiality of the information. The designing of the various systems needs to consider critical security concepts. There are various technologies are going to be used for safeguarding the information. The different technologies will focus on: Strong encryption or authentication The logins by programs of the various access carried out by employees Right input authentication Various tests to determine the effectiveness of security of information The aspect of security is enshrined in every activity concerning the company Controlling internal processing Various formal procedures to ensure controls are applied to identify corruption of data. The below control systems need to be included in the various technologies used. Put in place various mechanisms to govern the storage of programs with their data altering users Ensuring that programs execute in the correct sequence Checks and controls Implement various integrity and monitoring power through prescribed procedures. The different technologies will need to cover Authentication of data formed by the system Confirmation software or data reliability in network systems Confirmation of security of files and records Confirmation that the applications run without being damaged Confirmation that the system functions smoothly Data output reliability Using formal procedures ensure suitable validation, substantiation and examining is implemented in the production of various technologies. The technologies should considered the following methods. Reasonableness tests Validation and reconciliation tests on output Controls to determine the precision of output, accuracy and completeness; Classifying security output display Operating systems Operating systems provide a medium in which the other applications work and ensure that they carry out their various functions smoothly. Any tempering of the operating systems affects the programs and may stall them changing the information stored or being stored. The breach in the operating system can lead to loss of system control and integrity and may require an overhaul of the operating system or a new operating system. Therefore, there should be control on accessing system files. Ownership System Manager Control of functioning software Through laid down procedures, make certain that the operation of software on functional systems. The control objectives below are important in the various technologies to use. Updates of functional software libraries are allowed; The operational systems do not keep the source codes for programs that are compiled; Store of previous varieties of software offline Examining the risk in safe keeping posed by software releases Login of physical access is allowed Monitor vendor activities Update security patches Securing of system trial data Using prescribed procedures, control and secure access to acceptance and system test data. The control objectives below should be included in the technologies for securing system data. Functional access measures are used in testing system applications Any operational data copied to other applications will require authorization The data is deleted to prevent any unauthorized peeking into the information. This is the case where the user level of the employees is different on several computers. Elimination of sensitive data from emulated functional information. Control access to source of program Access to program sources inhibited Other staff have controlled access to the source of program Access to program inventory is controlled Logs access is taken from all the computers at every level and different departments Separation of software under maintenance or development on operations The security support and development procedures are in important in ensuring that the whole system of securing data is safeguarded to prevent any breach as much as possible. Implementation The company, having the security system technologies in place, will ensure that confidentiality is prioritized and maintained to protect the information of users and interested parties. The IPS will help in ensuring that there is no intrusion into the system and thus protect the information concerning users of the system. The pen testing software will further enhance confidentiality and integrity in that it will seek to find out loopholes that hackers or other people can use to have access to information at the bank. The availability of the information will be stored in the Amazon S3, which has measures in place to prevent unauthorized access. The IPS, Pen-Testing technology will Ensure that the vulnerabilities and threats that may affect the confidentiality, integrity and availability of data. The techniques will ensure that the system is impenetrable from unauthorized access and ensure that people inside have only authorized access according to their authority in the company. Thus, the technologies will ensure that the integrity, confidentiality and availability of the information are secured. Operations and maintenance The system manager will follow up on the various activities of the security technologies put in place to ensure that they perform their functions smoothly. The different systems installed will undergo maintenance to ensure that their functions are not stalled and that the information or data collected is dealt with appropriately. IT department employees under the system manager will thus monitor the IPS, Pen-Testing software and the Amazon S3 storage. Any intrusion will be directed to them where they will take the necessary action. The Amazon S3 will help in the storage of the information collected daily for security purposes and ensure that confidentiality and integrity are maintained. The pen testing software will be used to look for loopholes in the computer systems and networks and deal with them. Updating of the software will take place weekly to ensure that any new threats do not go unnoticed. The users will have an acclimatization time with the new system for safeguarding information security. 1. Cisco IPS 4520-Xl Network Security/Firewall Appliance- Confidentiality of information in banking solutions should maintained at all costs. The different software puts in place to block any intrusion, like the IPS, will help ensure that information is secured, and only unauthorized access is allowed. The pen testing technology will also prevent any unauthorized access by looking for loopholes that expose the company to intruders (Brown et al., 2013). ASSUMPTIONS: The government will chip in to assist in establishing systems that deal with cyber security especially making use of the cyber security division The government to ensure that a cyber-security officer is in every state to follow up on issues regarding cyber security as most of the systems in banks is online. CONSTRAINTS: Project constraints The project had to make an assumption on most things due to the limited time and vast scope of the project in covering many systems in the bank. The implementation strategies need to analyze assessed and evaluated in phase spread over a longer period. The limited period and vastness of the banks resources were a limitation that and not all of them could be analyzed in a short time. Barriers The implementation of the various restrictions, as addressed by Technology Evaluations, is few. The technologies are easy to set up, and one does not need to have prior knowledge to set up the systems. Manuals are provided which are easy to follow should any issues arise. Amazon S3 and Pen testing are not hard to implement. The bank is remaining with the option of purchasing the service and putting it into use. Therefore, the barriers to the implementation are reduced considerably. Critical project barriers The risk related to technology and information security is rapidly changing. Security needs for companies are quite dynamic hence changing frequently. Diminishing resources as other areas need resources, and therefore they need to share with other departments that may not ultimately establish the solutions put in place Network Diagram References Brown, G. M., Wood, M. D., Hogan, N. A., & Practicing Law Institute,. (2013). Understanding the securities laws, Fall 2013. Basin, D., Schaller, P., & Schläpfer, M. (2011). Applied information security: A hands-on approach. Berlin: Springer. Peltier, T. R. (2010). Information security risk analysis. Boca Raton, Fla: Auerbach Publications. Whitman, M. E., & Mattord, H. J. (2014). Management of information security. Stamford: Cengage Learning. ISPEC 2011, Bao, F., & Weng, J. (2011). Information security practice and experience: 7th International Conference, ISPEC 2011, Guangzhou, China, May 30 - June 1, 2011 : proceedings. Berlin: Springer. Read More