City Bank Security: Case Study - Part 3A & 3B Analysis

Verified

Added on 2022/09/06

AI Summary

This assignment analyzes City Bank's IT security, addressing network issues, and proposing solutions. It begins by identifying reported network problems, including router CPU utilization, delays in accessing servers, and slow email delivery. The assignment then details steps to reduce the impact of cyberattacks, including risk assessment, investigation, impact assessment, recovery, communication, and evaluation. Further steps to stop incidents involve responding as if the network has been breached, implementing security policies, and enforcing them. The assignment recommends a GPON network design, outlining its benefits over the current hierarchical structure. Finally, it presents an incident response plan, defining terms, identifying security incident indicators, and outlining roles and responsibilities for the security incident response team. The plan covers incident detection, containment, eradication, recovery, and post-incident activities, ensuring the bank's ability to respond effectively to security threats.

Running head: ASSESSMENT 3
ASSESSMENT 3: CASE STUDY: PART 3A AND 3B
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

2
Contents
Executive summary.........................................................................................................................3
Introduction......................................................................................................................................3
Reported network issues for city bank.........................................................................................4
Assessment 3: Part 3a task...............................................................................................................6
Steps to take to reduce the impact of attack on the business.......................................................6
Further steps to take to completely stop the incident and get network back to a stable position 7
Communication strategy..............................................................................................................7
Assessment 3: part 3b task...............................................................................................................7
Technical design changes.............................................................................................................7
Description of the design..........................................................................................................8
Why GPON design...................................................................................................................9
Incident response plan................................................................................................................10
Possible issues that may face when improving overall IT security posture...............................17
References......................................................................................................................................19

3
Executive summary
Most organizations continue to employ technology to perform their day-to-day activities.
Information technology is highly employed in the banking sector for capturing, communication,
modification, and storage of client data and information. This means that the security of IT assets
and services remains one of the important assets by all banking platform. According to computer
scientists, the IT security team ought to work with other sections within an organization and
stakeholders such compliance team to ensure IS resources are readily available and secure. This
report is divided into two major parts. The first part presents steps that one needs to follow to
reduce the impact of an attack and communication strategy that one needs to follow. The second
part presents an incident response plan in case of a data breach or an attack. In the banking
sector, a firewall is majorly employed and in between internal and external computing
environment. Some of the activities performed by a firewall are validating access, controlling
and managing network traffic entering or leaving computer nodes, and reporting and recording
on the identified issues in a network.
Introduction
There are various IT security mechanisms that one can employ to protect the IT
infrastructure of an organization; the major mechanism includes anti-virus programs, and trusted
firewalls. A firewall has been highly utilized to monitor the flow of packets in and out of an
organization network.
As an IT security Manager for a city bank, one is mandated to perform two major
functions. First establishing a security stance through training processes, policy, and architecture.
Second is overseeing all bank operations and all security solutions via management of the IT
bank team.

4
Reported network issues for city bank
First, through the discussion with the bank management, the bank has no documented
DCP/DR plan. Neither does the bank have a formal incident response plan. Minimal
documentation of the current system which includes a network diagram as presented by figure
one and two; which is said to provide the general overview of the bank network architecture.
Documented network diagrams
Figure 1

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

5
Figure 2
The second issue which has been put across is that CPU utilization of the router is higher
than expected; meaning that that the bank router is handling more traffic, and processes. Also,
external operations have been negatively affected, where the network team associates with
firewall cluster and banking routers. Third, the banking security team has listed some issues
regarding corporate servers. One is that there is a delay in accessing the bank proxy server and a
corporate server. Also, there was a reported case of a delay in receiving an inbound e-mail of up
to ninety minutes. The security team also reported that there was some delay in accessing

6
banking partner sites but access with the DMZ was reported to have no issue. According to the
security team, there is higher traffic coming to the organization application server from the wide-
area network. Also email delivery from all the directions appears to very slow but no issue which
has been reported with the e-mail server.
Assessment 3: Part 3a task
Steps to take to reduce the impact of an attack on the business
Attacks have become a fact of business life. Most banks are suffering from cyber-related
attacks, for example, the Tesco bank suffered an attack where about nine thousand customers
were affected. This caused the bank to lose over 2.5 million dollars (Hewitt, n.d). By city bank
taking the necessary steps to stop cyber-related attacks; it will save the bank reputation. Before
the bank takes the necessary steps to prevent an attack; the bank needs to first understand what it
is exposed to do; the more the bank understands its information assets and data which needs
protection, the easier the prevention of breaches. This ought to be done using a formal risk
assessment process. The first step to take to minimize the effect of an attack; is to first identify
the breach; one needs to know whether the attack is data leakage, phishing or an online attack.
The second step is to do carry out an investigation to know it is an internal or external threat. The
third step is to access the impact by assessing the risks caused to both the bank and the
individuals (DeVoe, 2015). Forth step is recovery; here one needs to repair the systems and data
so that the bank can continue to operate as the norm. Firth step is communication and
notification; here one needs to have a communication strategy in place. Lastly, is evaluation and
improvement; after an attack, the bank needs to evaluate its response to the attack and identify
lessons learned and improve its security response plan (Johnson, 2013).

7
Further steps to take to completely stop the incident and get the network back to a stable
position
As indicated by Microsoft, most banking institutions are uniquely challenged when it
comes to cyber security. Besides the listed above steps, the city banks need to carry three further
steps to stop an attack. First, the bank needs to respond as if the network has already been
breached. By adopting this step it forces the banking IT team to prioritize in the most bank-
critical IT assets. This is done using network segmentation. Second, the bank needs to implement
a wide range of security policies. The policies need to be well defined as it serves a crucial road
map for the bank IT team (Mepham, 2014). Also, the policies need to take into consideration all
compliance and regulatory requirements and how one can apply timely patches to maintain
compliance. The last step is to enforce a security policy. In line with this, the bank must
constantly monitor its network to comply with the laid regulations and ensuring that changes are
compliant and approved (Voeller, 2014).
Communication strategy
In case of an attack, the first team to be informed via face to face communication strategy
is the SIRT team. They major purpose of this communication is to put in place emergency
actions thus it should be done immediately. Later they are supposed to inform the IRT via email
communication strategy who then informs the CIO, this ought to be done after emergency
actions have been put place that is after 24 hours. The major aim of communication to the IRT
team is for them to update the organization security policy (Kenneth, 2012). Communication
strategy to the CIO is done via email Communication strategy or through phone call; this done to
update the CIO the current status of security incidents and pre-cautions carried put in place. This

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

8
has not changed part 2a and 2b since these are the same stakeholders who are involved in same
activities (Alsmadi, 2019).
Assessment 3: part 3b task
Technical design changes
The current network design is a hierarchical type of design. One of the major reason as to
why the network designers could have implemented this type of design is due to its scalability
nature. Besides, it allows specific functions and bank features to be implemented (Farhat, 2013).
As shown from the documented diagram the structure is similar to that of a three-tier hierarchical
model with three specific layers which are core, access, and distribution layer. Each of the layers
serves a specific role and also provides a backbone for every layer. Even though this hierarchical
design is applied by lots of banking institutions, this report would recommend the city bank to
move a GPON design (Mishra, 2018). This is as shown by figure three below
Figure 3: GPON technical design

9
Description of the design
Usually, a GPON design involves a shared bandwidth of about 2.5 GB downstream and
1.25 GB upstream per every OLT. Every OLT port is sub-divided by an optical splitter so that
the bandwidth is shared between the various ONU routers. Network traffic is broadcasted
downstream and it uses multiplexing upstream (McCarthy, 2013). By taking the current design
consideration of the bank, one can pass one fiber from an Optical Line Terminal port to every
banking rook and then split off using a 1:40 splitter into 40 different connections. Each of the
connection i.e. the 40 connections has an endpoint device on it, an ONU router from which one
can offer Power of Ethernet (PoE) or Ethernet connectivity to the various users (Chaki,
Meghanathan, & Nagamalai, 2013).
It is important to note that rather than the normal routers which have been implemented,
the technical design changes have utilized ONU routers which implements passive optical
network protocol. Here it serves as a single subscriber. Second, Optical Line Terminals have
been implemented. As shown in figure three; this is terminal equipment connected to a fiber

10
backbone. In this case, it is used to send Ethernet data to the ONU. It is also used to control and
initiate the ranging process and records the ranging information. It is specifically used to allocate
bandwidth to the ONU and controlling the staring time and the transmission windows size of the
Optical Line Terminal. Also, the technical design change has utilized optical cables instead of
the normal Coaxial Cable) CAT 6. The whole design is designed into three major parts which are
fiber terminal systems, fiber optic subsystems, and feeder fiber optic subsystems (Kazovsky,
2011)
Why GPON design
As compared to a hierarchical design a GPON network design offers high availability as
it uses fiber cables that offer a high speed of connection. Second less equipment is required;
GPON reduces the reliance on cost and cost of physical equipment. Here the bank needs not to
constantly change switch device in case there are worn out, as a single fibre has the ability to
split into various signals (Angelini, 2016). From scenario, a lot of maintenance is required but
with GPON lower maintenance is required which means that the network is less susceptible to
physical equipment failure. Third, a GPON offers a higher bandwidth as compared to
hierarchical design; a GPON has 2.4 Gbps downstream capacity. Forth it offers easier network
management as compared to hierarchical network design (Burridge, 2015).
Incident response plan
Purpose
City bank is one of the trusted banks in the provision of banking services. This IRP
outlines the processes and procedures that the bank uses to respond and detect any form of attack
(Thompson, 2016).
Definitions of terms

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

11
 Cybersecurity incident
A cybersecurity incident is an event which threatens the availability, integrity, or confidentiality
of organization information resources (Gurkok, 2013).
 Security incident
A security incident is an incident that occurs deliberately or by accident and it impacts
organizations' communication and information systems. A security incident threatens the
integrity, or confidentiality of information (Abrams, 2008).
How can one recognize a security incident; here are some of the indicators of a security incident
at the city bank;
 Unauthorized activity within the organization server,
 The abnormal event identified on firewall and router logs
 Sign of misuse of the organization resources
 Unusual login into the banking application server
 Unusual remote access of any banking system or resource
 Visible Wireless network within the organization premise
 Software key-loggers found installed in banking systems
 Misplace bank computer or laptop either within the organization premises or outside
(Boyd & Mao, 2017)
Roles and responsibilities
Table one below shows the composition of the security incident response team
Officer Roles
IT Security Manager  Overseeing the protection of bank computers
and the overall organization computer.

12
 Overseeing protection of organization data
against computer viruses and attacks
 Manage the IT team and personnel
 Analytically assessing an information situation
and mobilizing the IT team in reacting to a
certain IT situation (Onwubiko, 2015)
 Maintaining and creating information security
procedures and policies.
 Implementing new emerging technologies and
creating an information security training
program (McQuade, 2016)
Network Manager  Installing and maintain bank’s computer
networks
 Network managers are required to participate
in the up-gradation of the company IT
strategies
 Preparing in the design of short and long term
methods to enhance infrastructure capacity
 Performing of reviews and providing support
to new network strategies before they are
implemented (Golandsky, 2016)
 They are also required in coordinating with the
various banking departments in the