StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

The Implementation of the Security Plan - Case Study Example

Cite this document
Summary
This case study "The Implementation of the Security Plan" focuses on the action plan that is to beef up the information security in the banks and ensure that all threats and vulnerabilities are reduced to a minimum. The program will use the various federal laws, policies and regulations…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.6% of users find it useful
The Implementation of the Security Plan
Read Text Preview

Extract of sample "The Implementation of the Security Plan"

IMPLEMENTATION PLAN EXECUTIVE SUMMARY Security of information is crucial at bank Solutions Inc. a company that deals with many customers. A lot of information is passed through the networks and computers systems and networks from users inside or outside the company. Bank Solutions will employ the use of various technologies to protect its information from prying eyes, hackers and other malicious software sent to access sensitive information. The company will use various strategic technologies the information in the system is safe. The technologies are intrusion prevention systems (IPS), Pen-Testing, and Amazon S3. The implementation of the security measures will use the various software together to enhance security. INTRODUCTION Purpose of Plan The purpose of the action plan is to beef up the information security in the banks and ensure that all threats and vulnerabilities are reduced to a minimum. The program will use the various federal laws, policies and regulations together with best practices from the industry to come up with an effective information security plan for the bank (Whitman & Mattord, 2014). The national institute of standards and technology is an important set the various information technology security measures that should be followed together with other bodies like national security agency, the office of management and budget among many others (Peltier, 2010). The paper will thus focus on the various programs and determine the various remedies that will help implement the system security plan. GOALS AND OBJECTIVES: Business Goals and Objective To ensure that the information security regarding the business is safeguarded and that loopholes are dealt with immediately to prevent leakage and hacking and, therefore, unauthorized access to sensitive information of the bank and the accounts of the people. Project Goals and Objectives To come up with strategies regarding security that follows the security protocols that is set by the governments and other regulatory bodies. To develop security measures and programs that will ensure that the employees and information regarding the assets of the company is safeguarded from outside threats and vulnerabilities and that will provide the bank with retaliatory programs in terms of preventing penetration to the banking information systems. SCOPE: The plan covers all the banking departments, the managers, president of the bank, managers, supervisors, employees at all levels in the bank, all security personnel at the bank, interested parties and stakeholders, contractors and finally the guests who venture into the bank and access various facilities in the banks to name a few. The assets that the bank has and that can be accessed by individuals outside will be included in the implementation the action plan PROJECTED EXPENSES: time Activity first quarter Phase one Abide by the security regulations and policies Initiating SLDC plan second quarter Phase two Extending SDLC agenda in SDLC process Increasing awareness internally third quarter Phase three fourth quarter Phase four Including security in the systems Including security in the company needs System development life cycle Introduction The various infrastructure that will be involved various technologies and equipment obtained by the business to protect it. The different techniques will help banking solutions to enhance its security as a whole for the information that is critical to the banking operations. The various infrastructures will use the technologies to prevent any attacks and loopholes that could lead to sensitive data being accessed by unauthorized people. OWNERSHIP The managing and control of the technology will be in the hands of the system analyst and other staff below him or her. Scope The information security plan is going to be applied to the users of IT services and systems used by banking solutions. The users are the banking solution’s employees and the users who access the business solutions premises. The security plan will apply to the developers of the software or any person that has interests in the software development for business solutions. Security applications The banking solutions have a lot of use for the computers. Therefore, the incorporation of various technologies to boost information security is crucial. The various security measures put in place need offset each other. The different technologies enable information to be secured at different levels where they act in different capacities to ensure that the information is obtained. One of the objectives of using the security technologies is to prevent intrusion into the systems of banking solutions. Therefore, various technologies have applications that safeguard information. Ownership System Manager Alternate information analyst General information security standards The primary function of the implementation is it to protect the availability of data, integrity and confidentiality of the information. The designing of the various systems needs to consider critical security concepts. There are various technologies are going to be used for safeguarding the information. The different technologies will focus on: Strong encryption or authentication The logins by programs of the various access carried out by employees Right input authentication Various tests to determine the effectiveness of security of information The aspect of security is enshrined in every activity concerning the company Controlling internal processing Various formal procedures to ensure controls are applied to identify corruption of data. The below control systems need to be included in the various technologies used. Put in place various mechanisms to govern the storage of programs with their data altering users Ensuring that programs execute in the correct sequence Checks and controls Implement various integrity and monitoring power through prescribed procedures. The different technologies will need to cover Authentication of data formed by the system Confirmation software or data reliability in network systems Confirmation of security of files and records Confirmation that the applications run without being damaged Confirmation that the system functions smoothly Data output reliability Using formal procedures ensure suitable validation, substantiation and examining is implemented in the production of various technologies. The technologies should considered the following methods. Reasonableness tests Validation and reconciliation tests on output Controls to determine the precision of output, accuracy and completeness; Classifying security output display Operating systems Operating systems provide a medium in which the other applications work and ensure that they carry out their various functions smoothly. Any tempering of the operating systems affects the programs and may stall them changing the information stored or being stored. The breach in the operating system can lead to loss of system control and integrity and may require an overhaul of the operating system or a new operating system. Therefore, there should be control on accessing system files. Ownership System Manager Control of functioning software Through laid down procedures, make certain that the operation of software on functional systems. The control objectives below are important in the various technologies to use. Updates of functional software libraries are allowed; The operational systems do not keep the source codes for programs that are compiled; Store of previous varieties of software offline Examining the risk in safe keeping posed by software releases Login of physical access is allowed Monitor vendor activities Update security patches Securing of system trial data Using prescribed procedures, control and secure access to acceptance and system test data. The control objectives below should be included in the technologies for securing system data. Functional access measures are used in testing system applications Any operational data copied to other applications will require authorization The data is deleted to prevent any unauthorized peeking into the information. This is the case where the user level of the employees is different on several computers. Elimination of sensitive data from emulated functional information. Control access to source of program Access to program sources inhibited Other staff have controlled access to the source of program Access to program inventory is controlled Logs access is taken from all the computers at every level and different departments Separation of software under maintenance or development on operations The security support and development procedures are in important in ensuring that the whole system of securing data is safeguarded to prevent any breach as much as possible. Implementation The company, having the security system technologies in place, will ensure that confidentiality is prioritized and maintained to protect the information of users and interested parties. The IPS will help in ensuring that there is no intrusion into the system and thus protect the information concerning users of the system. The pen testing software will further enhance confidentiality and integrity in that it will seek to find out loopholes that hackers or other people can use to have access to information at the bank. The availability of the information will be stored in the Amazon S3, which has measures in place to prevent unauthorized access. The IPS, Pen-Testing technology will Ensure that the vulnerabilities and threats that may affect the confidentiality, integrity and availability of data. The techniques will ensure that the system is impenetrable from unauthorized access and ensure that people inside have only authorized access according to their authority in the company. Thus, the technologies will ensure that the integrity, confidentiality and availability of the information are secured. Operations and maintenance The system manager will follow up on the various activities of the security technologies put in place to ensure that they perform their functions smoothly. The different systems installed will undergo maintenance to ensure that their functions are not stalled and that the information or data collected is dealt with appropriately. IT department employees under the system manager will thus monitor the IPS, Pen-Testing software and the Amazon S3 storage. Any intrusion will be directed to them where they will take the necessary action. The Amazon S3 will help in the storage of the information collected daily for security purposes and ensure that confidentiality and integrity are maintained. The pen testing software will be used to look for loopholes in the computer systems and networks and deal with them. Updating of the software will take place weekly to ensure that any new threats do not go unnoticed. The users will have an acclimatization time with the new system for safeguarding information security. 1. Cisco IPS 4520-Xl Network Security/Firewall Appliance- Confidentiality of information in banking solutions should maintained at all costs. The different software puts in place to block any intrusion, like the IPS, will help ensure that information is secured, and only unauthorized access is allowed. The pen testing technology will also prevent any unauthorized access by looking for loopholes that expose the company to intruders (Brown et al., 2013). ASSUMPTIONS: The government will chip in to assist in establishing systems that deal with cyber security especially making use of the cyber security division The government to ensure that a cyber-security officer is in every state to follow up on issues regarding cyber security as most of the systems in banks is online. CONSTRAINTS: Project constraints The project had to make an assumption on most things due to the limited time and vast scope of the project in covering many systems in the bank. The implementation strategies need to analyze assessed and evaluated in phase spread over a longer period. The limited period and vastness of the banks resources were a limitation that and not all of them could be analyzed in a short time. Barriers The implementation of the various restrictions, as addressed by Technology Evaluations, is few. The technologies are easy to set up, and one does not need to have prior knowledge to set up the systems. Manuals are provided which are easy to follow should any issues arise. Amazon S3 and Pen testing are not hard to implement. The bank is remaining with the option of purchasing the service and putting it into use. Therefore, the barriers to the implementation are reduced considerably. Critical project barriers The risk related to technology and information security is rapidly changing. Security needs for companies are quite dynamic hence changing frequently. Diminishing resources as other areas need resources, and therefore they need to share with other departments that may not ultimately establish the solutions put in place Network Diagram References Brown, G. M., Wood, M. D., Hogan, N. A., & Practicing Law Institute,. (2013). Understanding the securities laws, Fall 2013. Basin, D., Schaller, P., & Schläpfer, M. (2011). Applied information security: A hands-on approach. Berlin: Springer. Peltier, T. R. (2010). Information security risk analysis. Boca Raton, Fla: Auerbach Publications. Whitman, M. E., & Mattord, H. J. (2014). Management of information security. Stamford: Cengage Learning. ISPEC 2011, Bao, F., & Weng, J. (2011). Information security practice and experience: 7th International Conference, ISPEC 2011, Guangzhou, China, May 30 - June 1, 2011 : proceedings. Berlin: Springer. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(The Implementation of the Security Plan Case Study Example | Topics and Well Written Essays - 1750 words, n.d.)
The Implementation of the Security Plan Case Study Example | Topics and Well Written Essays - 1750 words. https://studentshare.org/information-technology/1873781-implementation-plan
(The Implementation of the Security Plan Case Study Example | Topics and Well Written Essays - 1750 Words)
The Implementation of the Security Plan Case Study Example | Topics and Well Written Essays - 1750 Words. https://studentshare.org/information-technology/1873781-implementation-plan.
“The Implementation of the Security Plan Case Study Example | Topics and Well Written Essays - 1750 Words”. https://studentshare.org/information-technology/1873781-implementation-plan.
  • Cited: 0 times

CHECK THESE SAMPLES OF The Implementation of the Security Plan

The Security Plan Development and Implementation for a Medical Records SAN

This paper ''the security plan Development and Implementation for a Medical Records SAN'' tells that this security policy, development and supervision report can be a helpful aspect in implementing a secure and responsive database security plan and requirements for protecting and defending Medical Records SAN system.... This report is based on the security plan development and implementation for a Medical Records SAN (Storage Area Network).... Part 1: Project Identification and Business Environment Major responsibilities for database security management For the development of an information security plan we generally require a comprehensive hierarchy of security management staff....
9 Pages (2250 words) Report

Network Security

Therefore, it is paramount to implement a comprehensive security plan urgently.... Using up-to-date equipment and technology and enforcing a comprehensive security plan, attacks such as those mentioned above can be prevented and denied.... The Internet has become a staple of the business world today It is because of this that a company should remain continually up to date with the latest security measures.... ulnerabilities due to designs flaws,poor security management can contribute to the loss of company assets… With the dramatic growth in network reliance also comes the opportunity for illegal and malicious activity....
3 Pages (750 words) Case Study

Information Security Program Survey

hellip; As per 2011 NASA strategic plan, NASA's mission is to “drive advances in science, technology, and exploration to enhance knowledge, education, innovation, economic vitality, and stewardship of Earth”.... Information security Program Survey (Name) (University) (Date) Information security Program Survey Introduction The National Aeronautics and Space Administration (NASA) is the United States' agency to manage the nation's aerospace research, aeronautics, and other civilian space programs....
4 Pages (1000 words) Essay

Social Marketing, Sustainability and Racism in Australia

The security management can involve the handling and implementation of the security measures for the securing of network and corporate business information.... This report is a security plan for the business of the Batteries+.... In this security plan based report I will outline main security initiative which we will apply for the management and handling of the Batteries+ business and IT security.... Therefore, it is imperative that organization takes account of their network for security threats and for this hire a security expert who guides the management on how to secure organization's network and… In addition, it is yet vital and significant to maintain exceptional security in a networked structure....
15 Pages (3750 words) Essay

The Role of the Information Security Officer

In the paper “The Role of the Information Security Officer” the author looks at the field of information security, which deals with the security of information against threats like illegal access, leakage of confidential information, interference between flows of information between organizations.... Impact of Information security ThreatsAccording to (Williams, 2007; Pesante, 2008; Turban et al.... 2005), there are some information security risks those can be faced by the users such as • They must be able to trust on the information which they are using....
12 Pages (3000 words) Dissertation

Security Plan: Mecklenburg County Courthouse

Security Coordinator will be responsible for The Implementation of the Security Plan designed for the Mecklenburg County Courthouse.... This essay discusses the security plan: Mecklenburg County Courthouse.... For instance, the external risk factor, high occurrence areas as well as grievous risk areas will get the first priority in making the security plan.... he main office in the security plan is the Security Coordinator whose responsibilities will include; ensuring security program is followed strictly, evaluate security measures, formulate remedies to security threats, linking the security department with state security personnel, organizing hiring and training of security staff, ensuring internal security standards are updated and ensure efficiency in delivery of services and security intelligence at the Mecklenburg County Courthouse....
6 Pages (1500 words) Research Paper

Control Systems Security - Resilience Capability Plan

As the paper "Control Systems Security - Resilience Capability plan" tells, the performance of creating resilient security systems is to enable the development of new defense architecture that offers an in-depth defense and which employs interoperable, extensible as well as fail-safe systems.... nbsp;           The road map to providing a sound resilient plan entails several scopes.... nbsp;           The performance of creating resilient security systems is to achieve several objectives aimed at mitigating challenges that come about with energy sector security risks....
8 Pages (2000 words) Essay

Issues Related to Security Interoperability and Operations

Other included processes and requirements within the DRBCP include critical business process including process owners, alternative processing facility addresses as well as directions, notification listing, critical plan participant roles, responsibilities, vendor contact listing, core business forms, recovery procedures for core systems, as well as procedures initiated to manage public relations and communication.... e) Not all the plan participants have been issued with the process plan as seen in the review of DRBCP distribution lists....
8 Pages (2000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us