Banking System Breach Case Study: Legal & Regulatory Responsibilities

Verified

Added on 2020/10/05

AI Summary

This case study examines a banking system breach at ABCXYZ Bank, where hackers stole confidential client data and proprietary documents, leading to a public relations crisis and regulatory scrutiny. The report focuses on the legal, regulatory, and ethical responsibilities of the bank, including the application of cybersecurity measures like cryptography and firewalls. It explores the roles of different types of hackers (black hat, white hat, and grey hat) and discusses the importance of legal frameworks and regulatory compliance, referencing relevant laws and directives in Oman and globally. The case study highlights the impact of the breach on the bank's reputation and the challenges faced by top management in managing the crisis, including the ethical implications of their response. The conclusion emphasizes the need for robust cybersecurity measures to protect sensitive data and maintain client trust, referencing key literature on cybersecurity and banking regulations.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

BANKING SYSTEM
BREACH CASH STUDY

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

INTRODUCTION
Cyber security is used to refer to security that is offered through online services in
order to protect online information or any confidential data or information which includes
banking account statements, account number, personal information, credit card number and
recent transaction done by any individual number. All wrongful act that committed on
computer system, internet or network are known as cyber-crime. Hackers are those who uses
advance computer technology in order to gain unauthorized access of personal data or
information, business trade secrets and exploit the reputation of banks or business for
revenge. They use their skills for reaching specific goals and objectives which includes
stealing money, gaining fame by bringing down computer system and making network
unavailable. In context with the banking system breach case study, unknown hackers has
broken down the bank’s security system and has stolen confidential data about many clients.
They have published some stolen data in order to gain frame and damage bank’s reputation.
This report is mainly emphasis on the legal and regulatory role and responsibilities of bank.
This report also covers about the ethical and professional responsibilities of bank.
Cyber security is concerned and associated with the security of cyber space that is
somewhere included with both virtual ones as well as physical places. It also involves with
security entities that is used or rely on cyber space. Cyber security main duty is to ensure all
the roles and responsibilities that is legally implemented to provide security. Nothing is crime
unless it is prescribed by law, but most of the crime are beyond the research of laws.
Recently, only the legislative obligations for the cyber security is established under the
section 105A of the Communication Act 2003.
In Oman, there is establishment of general applicable laws and regulation which
includes Oman Commerical law and Commercial Compaines Laws. There are some more
specific laws which includes Banking Law and Capital Market Law that forms basic
foundations for all the banking institution and capital market that is related to institutions.
Banks in Oman deals with univeral banking which includes both commercial and investment
banking business that is subjected to specific licenses and requirement. Banking laws in
Oman provides licensing, regulating and supervising Islamic banking too. There are other

supporting laws like Terrosim Financing and Law on Combating Money Laundering. Now
new laws and legalisation are implemented that is associated Cyber Security (Directive,
Khalfan and Alshawaf, 2004) It will create a legal duty for cyber security for different
market operators, banks as well as various public administrations. This will help them to take
and implement appropriate technical and appropriate measures in order to manage, control
and monitor the risks that is posed to security along with security of the network and
information system. Moreover, new national regulation for cyber security is appointed with
competent enforcement powers to identify the threats, risks and incidents that is associated
with breach or cybercrime. The main motive of the Directive is to ensure about the levels of
network along with network of information security (Singer and Friedman, 2014).
There are many cases found in context with hacking attack on financial firms. One of
the huge cyber-attack was found on JP Morgan Chase, it has touched and damaged around 83
million households and business. The main question after this incident was that who were the
hackers and what was the strategy used by them to attract financial firm. The hackers was
found to be operating through Russia, hackers burrowed into the digital network of bank and
then they went down a path that allows them to illegally access the information and data
about the names, addresses, contact numbers and email- address of the account holders
(Goldstein, Perlroth, and Sanger, 2014) Hackers were having the aim to access critical
financial information by bank security was able to manage it through advance security
technology. There are three types of hackers which mainly involves as black hat hackers,
white hat hackers and grey hat hackers. Black hat hacker are those who uses their skills to
steal money, confidential data or information, put down computer system or even destroy
them. White hat hacker are known as ethical hacker, they generally hacks for any
organisation or company for defensive purposes as they are given special permission with
limits on what to hack and what not to do in network system. Grey hat hackers act as the
blend of both white hat hackers and black hat hackers.
In order to provide proper security to clients, banks should implement cryptography
has it plays crucial role in the banks and other financial service firm. Cryptography
implementation allows to get ensure about various important data transactions that are
processed securely. It makes the message unreadable to any every person except to legitimate
user who is having the encryption and decryption key (Roy and Venkateswaran, 2014).
Cryptosystem deals with encryption and decryption process along with this it is involves with
the methods of hiding confidential data and information with the help of keys. The whole

process of cryptography involves with the encryption and decryption in which encryption is
the process in which plain text data is converted into unreadable text which is termed as
cipher text and then decryption process take place in which unreadable text is transformed
back to its original normal form. Banks uses cryptography methodologies in order to preserve
confidential information about client account along with save and secured online transactions.
Moreover, firewalls are used by the banks in order to provide security to protect and preserve
confidential data and information of the clients. The firewalls is defined as a software or
hardware that allows only external user with specific characteristic or specification to access
information given to users one selective basis such as IP address, domain name, password
and protocol etc. Firewalls works by establishing barrier between the secured network and
external network (Shekhawat and Sharma, 2011).
CONCLUSION
It is found that in order to keep confidential data or information secure from hackers,
cyber security measures should be taken which includes cryptography, firewalls etc. It is also
concluded that cyber security is used to provide security in order to protect online
information or any confidential data or information which includes banking account
statements, account number, personal information and credit card number.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

REFERENCES
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102.
Randazzo, M.R., Keeney, M., Kowalski, E., Cappelli, D. and Moore, A., 2005. Insider threat
study: Illicit cyber activity in the banking and finance sector (No. CMU/SEI-2004-TR-021).
Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst.
Ula, M., Ismail, Z. and Sidek, Z.M., 2011. A Framework for the governance of information
security in banking system. Journal of Information Assurance & Cyber Security, 2011, pp.1-
12.
Singer, P.W. and Friedman, A., 2014. Cybersecurity: What everyone needs to know. Oxford
University Press.
Shekhawat, N.S. and Sharma, D.P., 2011. Cloud Computing Security through Cryptography
for Banking Sector. In Proceedings of the 5th National Conference.
Roy, S. and Venkateswaran, P., 2014, March. Online payment system using steganography
and visual cryptography. In Electrical, Electronics and Computer Science (SCEECS), 2014
IEEE Students' Conference on (pp. 1-5). IEEE.
Goldstein, M., Perlroth, N. and Sanger, D.E., 2014. Hackers’ attach cracked 10 financial
firms in major assault. The New York Times.
Khalfan, A.M. and Alshawaf, A., 2004. Adoption and implementation problems of e-
banking: A study of the managerial perspective of the banking industry in Oman. Journal of
Global Information Technology Management, 7(1), pp.47-64.