Aligning Security with Business Objectives of the Banking Industry

Verified

Added on 2022/11/30

AI Summary

This report examines the critical alignment of security policies with the business objectives of a banking industry undergoing digital transformation and international expansion. The analysis begins with a discussion of privacy regulation laws, including the Right to Financial Privacy Act, Safeguards Rule, and Electronic Funds Transfer Act, emphasizing their importance in protecting customer financial information within the context of online banking. The report identifies key concerns associated with incorporating e-banking, such as hacker attacks, fraudulent merchant sites, and data confidentiality. It then outlines Key Goal Indicators (KGIs) for addressing these concerns, including perimeter and endpoint security, and proposes security controls to mitigate identified risks. The report suggests London as an ideal location for the bank's international branch, and concludes by emphasizing the necessity of security standards to maintain the integrity, availability, assurance, and confidentiality of financial information. The report highlights the role of KGIs in meeting business objectives such as return on investment, improved performance management, reduced IT risks, and customer attraction.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: Aligning Security with Business Objectives of Banking Industry
ALIGNING SECURITY
WITH
BUSINESS OBJECTIVES OF BANKING INDUSTRY
Name of the Student
Name of the University
Author Note:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Introduction:
The primary objective of this paper is to discuss about the security policies as well as
the methods by which the security of a banking industries can be enhanced. Followed by this
the paper is based on a banking industry as the bank authorities has expressed their interest
towards incorporating an online system into their banking services. Along with these the bank
authorities has expressed their interest to expand their business by opening an international
bank office thus, this paper will effectively suggest the most appropriate location which may
enhance the effectiveness of the banking services. Followed by these, the paper will also
include a detail elaboration of industrial standards as well as the detail of the implementation
of the security policies in the business structure. Lastly, this paper will conclude by staying
that how the above findings are effective for the mentioned scenario and how these findings
will help the bank authorities to achieve their goals.
Privacy Regulation Laws in Banking Industry:
Considering the mentioned case scenario it has been noticed that in the banking
industry the security of the customer’s funds are very essential. Thus, as mentioned by the
United States Financial Privacy laws, there are several regulations which needs to be
followed in any banking industry. Those regulations are listed below:
According to the federal laws of United States Right to financial Privacy Act is a rule
which is passed by the Supreme Court of US. Which has mentioned that it is very essential to
have any document representing the relationship with the bank with their service consumers.
Along with that it also states that the financial institution must require any justified notice in
order to access the financial information of the customers. On the other hand according to the
regulations of this Act customer’s holds the ability to cross check or issue a legal notice

against the government if their personal information are used for any other purpose without
concerning with the information holder.
The Safeguards Rule is also one of the significant act developed by the government of the
United States in order to provide protections to the financial information of the customers
present in the financial institution. This law has been developed with the purpose to protect
the customer information from the unauthorized access.
Along with the above laws the Electronic Funds Transfer Act has been also introduced in
the year 1978 with the purpose to regulate the electronic fund transfer process. In this rule it
is clearly mentioned that the bank will be responsible in case of any fund damage and if any
unauthorized access takes place.
Apart from that the Economic Growth, Regulatory Relief, and Consumer Protection Act
(EGRRCPA) also holds a significant impact towards the online banking system.
Since, the current scenario is based on the online transaction procedure thus it is very
important to provide high security to the network and servers. Considering this scenario it is
very significant that in order to incorporate this feature into the business structure the cyber
security law is very essential. The United States federal banking agencies has also introduced
several controls for the approached procedure.
Concerned Areas:
Considering the aspect that the targeted bank has expressed their interest towards
expanding their banking services by incorporating the online banking procedure into their
services as there are several benefits present behind the incorporation of e-banking into the
banking system. However, there are several concerned areas present in the banking industry
while incorporating the e-banking into the organizational structure. Those areas are
mentioned below:

 Considering the aspect of incorporating the internet banking into the banking services
one of the major concerned area is the hacker’s attack as in the current scenario
phishing, spoofing are one of the most impactful attacks present in the hacking world.
 Along with that the incorporation of online banking also holds limitations like the
fraud merchant site by which the customers can get distracted by the harmful
websites.
 Along with that one of the major concern about the e-banking is the data
confidentiality of the customer information as due to this the confidentiality of the
consumers can be effected.
Key Goal Indicators:
In case of the first concern which is the hacker’s attack some key indicators which can be
developed are the perimeter and the endpoint. The perimeter is nothing but the firewall. It has
been observed that some of the applications are seen to be highly exposed for use externally
and utilization in a private way. At this particular point, all the indicators of compromise will
be needing some analysis and they are the application traffic which are mismatched,
increment in the traffic which is outbound and all the irregularities which are geographical.
On the other hand, the recent endpoint s are nothing but a part of a particular network which
are seen to be accessible constantly outside of the perimeter and all the indicators of
compromise on the endpoints will be involving some deep comparison round what is actually
normal for both the configurations as well as the activity for a particular endpoint which has
been given and some of these indicators will be involving all the several rogue procedures
and the persistence.
In case of the second concern which is the fraud merchant site due to which all the customers
become very much distracted, card-present transactions may be contributing a lot to the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

majority of the fraud in the card payment. However, it has also been observed that with the
adoption of the EMV standard and more and more frequent breaches of data and payments
through mobile, CNP transactions will be becoming a huge component of the fraud in case of
payment. For the fraud of CNP, merchants have to be bearing the liability which will be
leading to an incrementing burden of the losses in case of fraud. This will be directly
impacting the bottom line of the merchant.
In case of third case which is the data confidentiality, Logons are considered to be a
necessary first step for gaining access a particular endpoint with the data which are very
much valuable. Some of the indicators will be involving all the abnormalities of logons like
the used endpoint, time when it is used, frequency and the concurrency.
Security Controls for Key Goal Indicators:
All the various risks in the banking sector and several international rules and regulations have
literally made all the banks incorporate as the particular business processes the specific aspect
of the security of the information. Like all the procedures, it is very much required to get all
the resources which will be assigned and the budget as well which will be ensuring an
appropriate implementation. This is mainly because the actual aim of the process of security
is to basically minimize the great exposure to the risk and it is very much essential for
determining the effectiveness of all the controls which are to be implemented. It is very much
essential to show the bank that all the needed funds will be properly invested for the
prevention of several issues which can be able to materialize the risk of an information
against any kind of the core processes of the business.
How the KGI’s meets the business objectives?
KGI’s will be meeting all the objectives of the business if they will be able to properly point
out what is actually required to be done so that the banking sector will be considered as a

successful one. They must be vague and instead of that they must be measurable very much
easily. All the KGI’s will be helping to meet the objectives of business by achieving a return
on investment which will be targeted, an improved management of the performance,
reduction of IT risks, improvements in the productivity, attraction of several new customers
and several standardized processes.
Necessity to security standards for Banking Industries:
There is a high necessity for security standards for the industries of bank and this is mainly
because of the incrementing risks related to security and all the several kinds of threats which
are being faced by the financial sector. A highly level of the security of information in the
sector of banking can be easily attained by directly striving for the achievement of integrity,
availability, assurance and confidentiality.
Suggested location
As per the above discussion, it can be recommended that London is an ideal place for
expanding the branch of the targeted bank as it is a quite crowded area with a huge
requirement of financial services.
Conclusion:
After the completion of this paper it can be concluded that in the mentioned banking
sector online banking holds a significant impact on their services. Followed by these as
aspect a detail explanation of the laws and regulations of banking industries has mentioned
below which offers significant impact towards the development of the approached service.
Along with that this paper has effectively discussed about the major concerned related to the
approached application and has also mentioned the key goal indicator relating with the
current scenario. Along with that the mentioned security controls are also effective as due to

this the mentioned bank can be effectively incorporate the online banking system as well as
these controls will help the organization to expand their business internationally.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Bibliography:
Brangetto, P., & Aubyn, M. K. S. (2015). Economic aspects of national cyber security
strategies. Brangetto P., Aubyn MK-S. Economic Aspects of National Cyber Security
Strategies: project report. Annex, 1(9-16), 86.
Chen, Y., & Zahedi, F. M. (2016). Individuals' Internet Security Perceptions and Behaviors:
Polycontextual Contrasts Between the United States and China. Mis Quarterly, 40(1),
205-222.
Cole, G.A. (2010). Table of laws and regulations: Consumer protection law…and more.
Columbia, SC: Compliance Risk Management Consulting
Gringras, C., & Lambert, P. (2015). The laws of the Internet. Bloomsbury Publishing.
Immergluck, D. (2016). Credit to the Community: Community Reinvestment and Fair
Lending Policy in the United States: Community Reinvestment and Fair Lending
Policy in the United States. Routledge.
Scully, T. (2014). The cyber security threat stops in the boardroom. Journal of business
continuity & emergency planning, 7(2), 138-148.
Villa-Real, A. E. C. (2014). U.S. Patent No. 8,831,677. Washington, DC: U.S. Patent and
Trademark Office.
Yuen, Y. Y., Yeow, P. H., & Lim, N. (2015). Internet banking acceptance in the United
States and Malaysia: a cross-cultural examination. Marketing Intelligence &
Planning, 33(3), 292-308.