City Bank Security: Case Study - Part 3A & 3B Analysis
VerifiedAdded on 2022/09/06
|21
|4141
|16
Case Study
AI Summary
This assignment analyzes City Bank's IT security, addressing network issues, and proposing solutions. It begins by identifying reported network problems, including router CPU utilization, delays in accessing servers, and slow email delivery. The assignment then details steps to reduce the impact of cyberattacks, including risk assessment, investigation, impact assessment, recovery, communication, and evaluation. Further steps to stop incidents involve responding as if the network has been breached, implementing security policies, and enforcing them. The assignment recommends a GPON network design, outlining its benefits over the current hierarchical structure. Finally, it presents an incident response plan, defining terms, identifying security incident indicators, and outlining roles and responsibilities for the security incident response team. The plan covers incident detection, containment, eradication, recovery, and post-incident activities, ensuring the bank's ability to respond effectively to security threats.
Running head: ASSESSMENT 3
ASSESSMENT 3: CASE STUDY: PART 3A AND 3B
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)
ASSESSMENT 3: CASE STUDY: PART 3A AND 3B
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2
Contents
Executive summary.........................................................................................................................3
Introduction......................................................................................................................................3
Reported network issues for city bank.........................................................................................4
Assessment 3: Part 3a task...............................................................................................................6
Steps to take to reduce the impact of attack on the business.......................................................6
Further steps to take to completely stop the incident and get network back to a stable position 7
Communication strategy..............................................................................................................7
Assessment 3: part 3b task...............................................................................................................7
Technical design changes.............................................................................................................7
Description of the design..........................................................................................................8
Why GPON design...................................................................................................................9
Incident response plan................................................................................................................10
Possible issues that may face when improving overall IT security posture...............................17
References......................................................................................................................................19
Contents
Executive summary.........................................................................................................................3
Introduction......................................................................................................................................3
Reported network issues for city bank.........................................................................................4
Assessment 3: Part 3a task...............................................................................................................6
Steps to take to reduce the impact of attack on the business.......................................................6
Further steps to take to completely stop the incident and get network back to a stable position 7
Communication strategy..............................................................................................................7
Assessment 3: part 3b task...............................................................................................................7
Technical design changes.............................................................................................................7
Description of the design..........................................................................................................8
Why GPON design...................................................................................................................9
Incident response plan................................................................................................................10
Possible issues that may face when improving overall IT security posture...............................17
References......................................................................................................................................19
3
Executive summary
Most organizations continue to employ technology to perform their day-to-day activities.
Information technology is highly employed in the banking sector for capturing, communication,
modification, and storage of client data and information. This means that the security of IT assets
and services remains one of the important assets by all banking platform. According to computer
scientists, the IT security team ought to work with other sections within an organization and
stakeholders such compliance team to ensure IS resources are readily available and secure. This
report is divided into two major parts. The first part presents steps that one needs to follow to
reduce the impact of an attack and communication strategy that one needs to follow. The second
part presents an incident response plan in case of a data breach or an attack. In the banking
sector, a firewall is majorly employed and in between internal and external computing
environment. Some of the activities performed by a firewall are validating access, controlling
and managing network traffic entering or leaving computer nodes, and reporting and recording
on the identified issues in a network.
Introduction
There are various IT security mechanisms that one can employ to protect the IT
infrastructure of an organization; the major mechanism includes anti-virus programs, and trusted
firewalls. A firewall has been highly utilized to monitor the flow of packets in and out of an
organization network.
As an IT security Manager for a city bank, one is mandated to perform two major
functions. First establishing a security stance through training processes, policy, and architecture.
Second is overseeing all bank operations and all security solutions via management of the IT
bank team.
Executive summary
Most organizations continue to employ technology to perform their day-to-day activities.
Information technology is highly employed in the banking sector for capturing, communication,
modification, and storage of client data and information. This means that the security of IT assets
and services remains one of the important assets by all banking platform. According to computer
scientists, the IT security team ought to work with other sections within an organization and
stakeholders such compliance team to ensure IS resources are readily available and secure. This
report is divided into two major parts. The first part presents steps that one needs to follow to
reduce the impact of an attack and communication strategy that one needs to follow. The second
part presents an incident response plan in case of a data breach or an attack. In the banking
sector, a firewall is majorly employed and in between internal and external computing
environment. Some of the activities performed by a firewall are validating access, controlling
and managing network traffic entering or leaving computer nodes, and reporting and recording
on the identified issues in a network.
Introduction
There are various IT security mechanisms that one can employ to protect the IT
infrastructure of an organization; the major mechanism includes anti-virus programs, and trusted
firewalls. A firewall has been highly utilized to monitor the flow of packets in and out of an
organization network.
As an IT security Manager for a city bank, one is mandated to perform two major
functions. First establishing a security stance through training processes, policy, and architecture.
Second is overseeing all bank operations and all security solutions via management of the IT
bank team.
You're viewing a preview
Unlock full access by subscribing today!
4
Reported network issues for city bank
First, through the discussion with the bank management, the bank has no documented
DCP/DR plan. Neither does the bank have a formal incident response plan. Minimal
documentation of the current system which includes a network diagram as presented by figure
one and two; which is said to provide the general overview of the bank network architecture.
Documented network diagrams
Figure 1
Reported network issues for city bank
First, through the discussion with the bank management, the bank has no documented
DCP/DR plan. Neither does the bank have a formal incident response plan. Minimal
documentation of the current system which includes a network diagram as presented by figure
one and two; which is said to provide the general overview of the bank network architecture.
Documented network diagrams
Figure 1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5
Figure 2
The second issue which has been put across is that CPU utilization of the router is higher
than expected; meaning that that the bank router is handling more traffic, and processes. Also,
external operations have been negatively affected, where the network team associates with
firewall cluster and banking routers. Third, the banking security team has listed some issues
regarding corporate servers. One is that there is a delay in accessing the bank proxy server and a
corporate server. Also, there was a reported case of a delay in receiving an inbound e-mail of up
to ninety minutes. The security team also reported that there was some delay in accessing
Figure 2
The second issue which has been put across is that CPU utilization of the router is higher
than expected; meaning that that the bank router is handling more traffic, and processes. Also,
external operations have been negatively affected, where the network team associates with
firewall cluster and banking routers. Third, the banking security team has listed some issues
regarding corporate servers. One is that there is a delay in accessing the bank proxy server and a
corporate server. Also, there was a reported case of a delay in receiving an inbound e-mail of up
to ninety minutes. The security team also reported that there was some delay in accessing
6
banking partner sites but access with the DMZ was reported to have no issue. According to the
security team, there is higher traffic coming to the organization application server from the wide-
area network. Also email delivery from all the directions appears to very slow but no issue which
has been reported with the e-mail server.
Assessment 3: Part 3a task
Steps to take to reduce the impact of an attack on the business
Attacks have become a fact of business life. Most banks are suffering from cyber-related
attacks, for example, the Tesco bank suffered an attack where about nine thousand customers
were affected. This caused the bank to lose over 2.5 million dollars (Hewitt, n.d). By city bank
taking the necessary steps to stop cyber-related attacks; it will save the bank reputation. Before
the bank takes the necessary steps to prevent an attack; the bank needs to first understand what it
is exposed to do; the more the bank understands its information assets and data which needs
protection, the easier the prevention of breaches. This ought to be done using a formal risk
assessment process. The first step to take to minimize the effect of an attack; is to first identify
the breach; one needs to know whether the attack is data leakage, phishing or an online attack.
The second step is to do carry out an investigation to know it is an internal or external threat. The
third step is to access the impact by assessing the risks caused to both the bank and the
individuals (DeVoe, 2015). Forth step is recovery; here one needs to repair the systems and data
so that the bank can continue to operate as the norm. Firth step is communication and
notification; here one needs to have a communication strategy in place. Lastly, is evaluation and
improvement; after an attack, the bank needs to evaluate its response to the attack and identify
lessons learned and improve its security response plan (Johnson, 2013).
banking partner sites but access with the DMZ was reported to have no issue. According to the
security team, there is higher traffic coming to the organization application server from the wide-
area network. Also email delivery from all the directions appears to very slow but no issue which
has been reported with the e-mail server.
Assessment 3: Part 3a task
Steps to take to reduce the impact of an attack on the business
Attacks have become a fact of business life. Most banks are suffering from cyber-related
attacks, for example, the Tesco bank suffered an attack where about nine thousand customers
were affected. This caused the bank to lose over 2.5 million dollars (Hewitt, n.d). By city bank
taking the necessary steps to stop cyber-related attacks; it will save the bank reputation. Before
the bank takes the necessary steps to prevent an attack; the bank needs to first understand what it
is exposed to do; the more the bank understands its information assets and data which needs
protection, the easier the prevention of breaches. This ought to be done using a formal risk
assessment process. The first step to take to minimize the effect of an attack; is to first identify
the breach; one needs to know whether the attack is data leakage, phishing or an online attack.
The second step is to do carry out an investigation to know it is an internal or external threat. The
third step is to access the impact by assessing the risks caused to both the bank and the
individuals (DeVoe, 2015). Forth step is recovery; here one needs to repair the systems and data
so that the bank can continue to operate as the norm. Firth step is communication and
notification; here one needs to have a communication strategy in place. Lastly, is evaluation and
improvement; after an attack, the bank needs to evaluate its response to the attack and identify
lessons learned and improve its security response plan (Johnson, 2013).
You're viewing a preview
Unlock full access by subscribing today!
7
Further steps to take to completely stop the incident and get the network back to a stable
position
As indicated by Microsoft, most banking institutions are uniquely challenged when it
comes to cyber security. Besides the listed above steps, the city banks need to carry three further
steps to stop an attack. First, the bank needs to respond as if the network has already been
breached. By adopting this step it forces the banking IT team to prioritize in the most bank-
critical IT assets. This is done using network segmentation. Second, the bank needs to implement
a wide range of security policies. The policies need to be well defined as it serves a crucial road
map for the bank IT team (Mepham, 2014). Also, the policies need to take into consideration all
compliance and regulatory requirements and how one can apply timely patches to maintain
compliance. The last step is to enforce a security policy. In line with this, the bank must
constantly monitor its network to comply with the laid regulations and ensuring that changes are
compliant and approved (Voeller, 2014).
Communication strategy
In case of an attack, the first team to be informed via face to face communication strategy
is the SIRT team. They major purpose of this communication is to put in place emergency
actions thus it should be done immediately. Later they are supposed to inform the IRT via email
communication strategy who then informs the CIO, this ought to be done after emergency
actions have been put place that is after 24 hours. The major aim of communication to the IRT
team is for them to update the organization security policy (Kenneth, 2012). Communication
strategy to the CIO is done via email Communication strategy or through phone call; this done to
update the CIO the current status of security incidents and pre-cautions carried put in place. This
Further steps to take to completely stop the incident and get the network back to a stable
position
As indicated by Microsoft, most banking institutions are uniquely challenged when it
comes to cyber security. Besides the listed above steps, the city banks need to carry three further
steps to stop an attack. First, the bank needs to respond as if the network has already been
breached. By adopting this step it forces the banking IT team to prioritize in the most bank-
critical IT assets. This is done using network segmentation. Second, the bank needs to implement
a wide range of security policies. The policies need to be well defined as it serves a crucial road
map for the bank IT team (Mepham, 2014). Also, the policies need to take into consideration all
compliance and regulatory requirements and how one can apply timely patches to maintain
compliance. The last step is to enforce a security policy. In line with this, the bank must
constantly monitor its network to comply with the laid regulations and ensuring that changes are
compliant and approved (Voeller, 2014).
Communication strategy
In case of an attack, the first team to be informed via face to face communication strategy
is the SIRT team. They major purpose of this communication is to put in place emergency
actions thus it should be done immediately. Later they are supposed to inform the IRT via email
communication strategy who then informs the CIO, this ought to be done after emergency
actions have been put place that is after 24 hours. The major aim of communication to the IRT
team is for them to update the organization security policy (Kenneth, 2012). Communication
strategy to the CIO is done via email Communication strategy or through phone call; this done to
update the CIO the current status of security incidents and pre-cautions carried put in place. This
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8
has not changed part 2a and 2b since these are the same stakeholders who are involved in same
activities (Alsmadi, 2019).
Assessment 3: part 3b task
Technical design changes
The current network design is a hierarchical type of design. One of the major reason as to
why the network designers could have implemented this type of design is due to its scalability
nature. Besides, it allows specific functions and bank features to be implemented (Farhat, 2013).
As shown from the documented diagram the structure is similar to that of a three-tier hierarchical
model with three specific layers which are core, access, and distribution layer. Each of the layers
serves a specific role and also provides a backbone for every layer. Even though this hierarchical
design is applied by lots of banking institutions, this report would recommend the city bank to
move a GPON design (Mishra, 2018). This is as shown by figure three below
Figure 3: GPON technical design
has not changed part 2a and 2b since these are the same stakeholders who are involved in same
activities (Alsmadi, 2019).
Assessment 3: part 3b task
Technical design changes
The current network design is a hierarchical type of design. One of the major reason as to
why the network designers could have implemented this type of design is due to its scalability
nature. Besides, it allows specific functions and bank features to be implemented (Farhat, 2013).
As shown from the documented diagram the structure is similar to that of a three-tier hierarchical
model with three specific layers which are core, access, and distribution layer. Each of the layers
serves a specific role and also provides a backbone for every layer. Even though this hierarchical
design is applied by lots of banking institutions, this report would recommend the city bank to
move a GPON design (Mishra, 2018). This is as shown by figure three below
Figure 3: GPON technical design
9
Description of the design
Usually, a GPON design involves a shared bandwidth of about 2.5 GB downstream and
1.25 GB upstream per every OLT. Every OLT port is sub-divided by an optical splitter so that
the bandwidth is shared between the various ONU routers. Network traffic is broadcasted
downstream and it uses multiplexing upstream (McCarthy, 2013). By taking the current design
consideration of the bank, one can pass one fiber from an Optical Line Terminal port to every
banking rook and then split off using a 1:40 splitter into 40 different connections. Each of the
connection i.e. the 40 connections has an endpoint device on it, an ONU router from which one
can offer Power of Ethernet (PoE) or Ethernet connectivity to the various users (Chaki,
Meghanathan, & Nagamalai, 2013).
It is important to note that rather than the normal routers which have been implemented,
the technical design changes have utilized ONU routers which implements passive optical
network protocol. Here it serves as a single subscriber. Second, Optical Line Terminals have
been implemented. As shown in figure three; this is terminal equipment connected to a fiber
Description of the design
Usually, a GPON design involves a shared bandwidth of about 2.5 GB downstream and
1.25 GB upstream per every OLT. Every OLT port is sub-divided by an optical splitter so that
the bandwidth is shared between the various ONU routers. Network traffic is broadcasted
downstream and it uses multiplexing upstream (McCarthy, 2013). By taking the current design
consideration of the bank, one can pass one fiber from an Optical Line Terminal port to every
banking rook and then split off using a 1:40 splitter into 40 different connections. Each of the
connection i.e. the 40 connections has an endpoint device on it, an ONU router from which one
can offer Power of Ethernet (PoE) or Ethernet connectivity to the various users (Chaki,
Meghanathan, & Nagamalai, 2013).
It is important to note that rather than the normal routers which have been implemented,
the technical design changes have utilized ONU routers which implements passive optical
network protocol. Here it serves as a single subscriber. Second, Optical Line Terminals have
been implemented. As shown in figure three; this is terminal equipment connected to a fiber
You're viewing a preview
Unlock full access by subscribing today!
10
backbone. In this case, it is used to send Ethernet data to the ONU. It is also used to control and
initiate the ranging process and records the ranging information. It is specifically used to allocate
bandwidth to the ONU and controlling the staring time and the transmission windows size of the
Optical Line Terminal. Also, the technical design change has utilized optical cables instead of
the normal Coaxial Cable) CAT 6. The whole design is designed into three major parts which are
fiber terminal systems, fiber optic subsystems, and feeder fiber optic subsystems (Kazovsky,
2011)
Why GPON design
As compared to a hierarchical design a GPON network design offers high availability as
it uses fiber cables that offer a high speed of connection. Second less equipment is required;
GPON reduces the reliance on cost and cost of physical equipment. Here the bank needs not to
constantly change switch device in case there are worn out, as a single fibre has the ability to
split into various signals (Angelini, 2016). From scenario, a lot of maintenance is required but
with GPON lower maintenance is required which means that the network is less susceptible to
physical equipment failure. Third, a GPON offers a higher bandwidth as compared to
hierarchical design; a GPON has 2.4 Gbps downstream capacity. Forth it offers easier network
management as compared to hierarchical network design (Burridge, 2015).
Incident response plan
Purpose
City bank is one of the trusted banks in the provision of banking services. This IRP
outlines the processes and procedures that the bank uses to respond and detect any form of attack
(Thompson, 2016).
Definitions of terms
backbone. In this case, it is used to send Ethernet data to the ONU. It is also used to control and
initiate the ranging process and records the ranging information. It is specifically used to allocate
bandwidth to the ONU and controlling the staring time and the transmission windows size of the
Optical Line Terminal. Also, the technical design change has utilized optical cables instead of
the normal Coaxial Cable) CAT 6. The whole design is designed into three major parts which are
fiber terminal systems, fiber optic subsystems, and feeder fiber optic subsystems (Kazovsky,
2011)
Why GPON design
As compared to a hierarchical design a GPON network design offers high availability as
it uses fiber cables that offer a high speed of connection. Second less equipment is required;
GPON reduces the reliance on cost and cost of physical equipment. Here the bank needs not to
constantly change switch device in case there are worn out, as a single fibre has the ability to
split into various signals (Angelini, 2016). From scenario, a lot of maintenance is required but
with GPON lower maintenance is required which means that the network is less susceptible to
physical equipment failure. Third, a GPON offers a higher bandwidth as compared to
hierarchical design; a GPON has 2.4 Gbps downstream capacity. Forth it offers easier network
management as compared to hierarchical network design (Burridge, 2015).
Incident response plan
Purpose
City bank is one of the trusted banks in the provision of banking services. This IRP
outlines the processes and procedures that the bank uses to respond and detect any form of attack
(Thompson, 2016).
Definitions of terms
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
11
Cybersecurity incident
A cybersecurity incident is an event which threatens the availability, integrity, or confidentiality
of organization information resources (Gurkok, 2013).
Security incident
A security incident is an incident that occurs deliberately or by accident and it impacts
organizations' communication and information systems. A security incident threatens the
integrity, or confidentiality of information (Abrams, 2008).
How can one recognize a security incident; here are some of the indicators of a security incident
at the city bank;
Unauthorized activity within the organization server,
The abnormal event identified on firewall and router logs
Sign of misuse of the organization resources
Unusual login into the banking application server
Unusual remote access of any banking system or resource
Visible Wireless network within the organization premise
Software key-loggers found installed in banking systems
Misplace bank computer or laptop either within the organization premises or outside
(Boyd & Mao, 2017)
Roles and responsibilities
Table one below shows the composition of the security incident response team
Officer Roles
IT Security Manager Overseeing the protection of bank computers
and the overall organization computer.
Cybersecurity incident
A cybersecurity incident is an event which threatens the availability, integrity, or confidentiality
of organization information resources (Gurkok, 2013).
Security incident
A security incident is an incident that occurs deliberately or by accident and it impacts
organizations' communication and information systems. A security incident threatens the
integrity, or confidentiality of information (Abrams, 2008).
How can one recognize a security incident; here are some of the indicators of a security incident
at the city bank;
Unauthorized activity within the organization server,
The abnormal event identified on firewall and router logs
Sign of misuse of the organization resources
Unusual login into the banking application server
Unusual remote access of any banking system or resource
Visible Wireless network within the organization premise
Software key-loggers found installed in banking systems
Misplace bank computer or laptop either within the organization premises or outside
(Boyd & Mao, 2017)
Roles and responsibilities
Table one below shows the composition of the security incident response team
Officer Roles
IT Security Manager Overseeing the protection of bank computers
and the overall organization computer.
12
Overseeing protection of organization data
against computer viruses and attacks
Manage the IT team and personnel
Analytically assessing an information situation
and mobilizing the IT team in reacting to a
certain IT situation (Onwubiko, 2015)
Maintaining and creating information security
procedures and policies.
Implementing new emerging technologies and
creating an information security training
program (McQuade, 2016)
Network Manager Installing and maintain bank’s computer
networks
Network managers are required to participate
in the up-gradation of the company IT
strategies
Preparing in the design of short and long term
methods to enhance infrastructure capacity
Performing of reviews and providing support
to new network strategies before they are
implemented (Golandsky, 2016)
They are also required in coordinating with the
various banking departments in the
Overseeing protection of organization data
against computer viruses and attacks
Manage the IT team and personnel
Analytically assessing an information situation
and mobilizing the IT team in reacting to a
certain IT situation (Onwubiko, 2015)
Maintaining and creating information security
procedures and policies.
Implementing new emerging technologies and
creating an information security training
program (McQuade, 2016)
Network Manager Installing and maintain bank’s computer
networks
Network managers are required to participate
in the up-gradation of the company IT
strategies
Preparing in the design of short and long term
methods to enhance infrastructure capacity
Performing of reviews and providing support
to new network strategies before they are
implemented (Golandsky, 2016)
They are also required in coordinating with the
various banking departments in the
You're viewing a preview
Unlock full access by subscribing today!
13
development of policies and processes
Implementing and collaborating all network
hardware and software up-gradation
They are also required to troubleshoot and
resolve the various problems and evaluating
WAN and LAN functionality to administer all
network shortcomings.
Installing and maintaining WAN and LAN and
other technological back-ups
They are also required to prepare design plans
that are applicable to assist in disaster recovery
expeditions.
Evaluate important banking activities through
analysis and determination of network scope
(Bishop, 2014)
Application developer
manager
Collaboration with other bank managers in
developing banking strategy
Planning, implementing, and developing new
systems
Ensuring proper functioning of the application
server
Resolve any issues related with banking
applications
development of policies and processes
Implementing and collaborating all network
hardware and software up-gradation
They are also required to troubleshoot and
resolve the various problems and evaluating
WAN and LAN functionality to administer all
network shortcomings.
Installing and maintaining WAN and LAN and
other technological back-ups
They are also required to prepare design plans
that are applicable to assist in disaster recovery
expeditions.
Evaluate important banking activities through
analysis and determination of network scope
(Bishop, 2014)
Application developer
manager
Collaboration with other bank managers in
developing banking strategy
Planning, implementing, and developing new
systems
Ensuring proper functioning of the application
server
Resolve any issues related with banking
applications
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
14
Coordinating with the banking management in
the development of long term plans for
application development
Working with other IT managers to ensure
application compatibility across all banking
system
Providing maintenance support for bank
applications
Leading in all phases of application
development life cycle
Managing quality and cost by implementing
new effective processes
Creating progressive environment
Communicating with banking customers to
build a strong relationship
Managing escalations and providing a better
customer support services (Simpson, 2015).
Contact center manager They are responsible of all bank call centers
Telephony manager Responsible for the configuration of telephony
systems
Maintenance and configuration of telephone
systems when needed
Maintaining records of telephony equipment
Coordinating with the banking management in
the development of long term plans for
application development
Working with other IT managers to ensure
application compatibility across all banking
system
Providing maintenance support for bank
applications
Leading in all phases of application
development life cycle
Managing quality and cost by implementing
new effective processes
Creating progressive environment
Communicating with banking customers to
build a strong relationship
Managing escalations and providing a better
customer support services (Simpson, 2015).
Contact center manager They are responsible of all bank call centers
Telephony manager Responsible for the configuration of telephony
systems
Maintenance and configuration of telephone
systems when needed
Maintaining records of telephony equipment
15
Assessing and identifying any issues related to
telephony system and reporting directly to the
CIO
Facilities manager Management of IT physical facilities
Ensuring physical security of IT resources
such as locking up of banking data center
(Lucas & Moeller, 2014)
Security engineers Monitoring of organization systems
Implementing new changes as spelt out by IT
security manager
Responding to level one alert
Carrying out day to day security maintenance
tasks such as updating desktop anti-viruses.
Screening and testing security software
Monitoring banking network systems for
intrusions and security breaches
Test for network vulnerabilities
Conducting periodic network scans to find any
form of intrusion or unwanted tasks
Monitoring any form of security breaches
Configuring network devices such as firewalls
Investigating security breaches by leading
incident response activities (Gupta, 2017)
Assessing and identifying any issues related to
telephony system and reporting directly to the
CIO
Facilities manager Management of IT physical facilities
Ensuring physical security of IT resources
such as locking up of banking data center
(Lucas & Moeller, 2014)
Security engineers Monitoring of organization systems
Implementing new changes as spelt out by IT
security manager
Responding to level one alert
Carrying out day to day security maintenance
tasks such as updating desktop anti-viruses.
Screening and testing security software
Monitoring banking network systems for
intrusions and security breaches
Test for network vulnerabilities
Conducting periodic network scans to find any
form of intrusion or unwanted tasks
Monitoring any form of security breaches
Configuring network devices such as firewalls
Investigating security breaches by leading
incident response activities (Gupta, 2017)
You're viewing a preview
Unlock full access by subscribing today!
16
Incident response team
The IRT team will include:
Chief Information Officer
IT security manager
Application manager
Network manager
Facility manager
One security engineer
Roles played by an Incident response team
Authorizing on-site investigations
Liaising with external parties on any form of data breach
Defining IT policies and making it known to all staff members
Issues that one may face when improving the overall security posture (Anson, 2018)
Security Incident Response team
Members of SIRT include;
IT security engineers
Network engineers
Telecommunication engineers
Roles of SIRT team
Reviewing of event logs of all network devices
Reporting all security incidents to the relevant parties
Incident response team
The IRT team will include:
Chief Information Officer
IT security manager
Application manager
Network manager
Facility manager
One security engineer
Roles played by an Incident response team
Authorizing on-site investigations
Liaising with external parties on any form of data breach
Defining IT policies and making it known to all staff members
Issues that one may face when improving the overall security posture (Anson, 2018)
Security Incident Response team
Members of SIRT include;
IT security engineers
Network engineers
Telecommunication engineers
Roles of SIRT team
Reviewing of event logs of all network devices
Reporting all security incidents to the relevant parties
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
17
Examining and determining whether policies, technologies, processes, or controls need to
be updated
Resolving every security incident to the satisfaction of the user department
Investigate every incident
Advising the Incident response lead (Wyk & Forno, 2014)
Principles of data breach communication
The bank should consider the breach likely and prepare accordingly: here the bank ought
to take three days to establish relationships and processes which could have been in place
The bank needs to accurate and fast: Here the bank need to inform its customers of any
form of a data breach and at the same time acknowledge that every measure is in place to
ensure that the breach is eliminated
Be honest by avoiding misleading statements. The bank needs not to hold any key details
related to a data breach (Dhillon, 2013).
Incident response steps
Six steps are followed in case of an incident
1. Report: Any form of security incident or attack is reported directly to the Incident
response team or to a member of SIRT
2. Investigation: The SIRT members immediately begin the investigating process and the
same time determining the appropriate emergency actions which need to be taken
3. The SIRT team needs to ensure that no one including the internal staff can access the
comprised systems by isolating the system from the network or unplugging all network
cables. Also, the SIRT needs to first perform back-up before going ahead with the
investigation process
Examining and determining whether policies, technologies, processes, or controls need to
be updated
Resolving every security incident to the satisfaction of the user department
Investigate every incident
Advising the Incident response lead (Wyk & Forno, 2014)
Principles of data breach communication
The bank should consider the breach likely and prepare accordingly: here the bank ought
to take three days to establish relationships and processes which could have been in place
The bank needs to accurate and fast: Here the bank need to inform its customers of any
form of a data breach and at the same time acknowledge that every measure is in place to
ensure that the breach is eliminated
Be honest by avoiding misleading statements. The bank needs not to hold any key details
related to a data breach (Dhillon, 2013).
Incident response steps
Six steps are followed in case of an incident
1. Report: Any form of security incident or attack is reported directly to the Incident
response team or to a member of SIRT
2. Investigation: The SIRT members immediately begin the investigating process and the
same time determining the appropriate emergency actions which need to be taken
3. The SIRT team needs to ensure that no one including the internal staff can access the
comprised systems by isolating the system from the network or unplugging all network
cables. Also, the SIRT needs to first perform back-up before going ahead with the
investigation process
18
4. Keeping all records of every action that the SIRT takes
5. Inform: After the initial investigation, the senior management needs to be informed
6. Maintaining bank continuity by engaging with the bank operation team
7. Resolving: This done by liaising with every bank stakeholder including the law
enforcement agencies
8. Review: This will entail reviewing of the security incident to find out how it occurred and
the major root causes. Here all changes are documented and updates to the IUT security
policy is done (Darren, 2017).
Possible issues that may face when improving overall IT security posture
One of the issues that one may face in this case is are many priorities. The IT team, in
this case, seems to be on the same boat but they are being pulled in various directions due to
overwhelmed responsibilities. The second issue is that there is very limited visibility into the IT
infrastructure, third-party, and user. This results in only fixing what one can see and not
managing what they are not aware of. Third, most attacks are growing in sophistication and size.
Most of the current attacks do not have an immediate solution. Forth, there is a huge skill gap in
the organization IT department. According to Global knowledge (2020), the IT skills gap in the
current market has increased by over 100 percent in the last three years. This skills gap has cost
employers up to 416 hours and over 22,000 dollars (Geer, 2020).
Another top problem that one may face when improving the security posture any
organization; is during the development of an effective information security strategy that offers
IS objectives and goals. Here an IT security manager is faced with the issue of making the
information strategy flexible in relation to the developing IS security problems and the ever
changing compliance requirements (Sheward, 2018).
4. Keeping all records of every action that the SIRT takes
5. Inform: After the initial investigation, the senior management needs to be informed
6. Maintaining bank continuity by engaging with the bank operation team
7. Resolving: This done by liaising with every bank stakeholder including the law
enforcement agencies
8. Review: This will entail reviewing of the security incident to find out how it occurred and
the major root causes. Here all changes are documented and updates to the IUT security
policy is done (Darren, 2017).
Possible issues that may face when improving overall IT security posture
One of the issues that one may face in this case is are many priorities. The IT team, in
this case, seems to be on the same boat but they are being pulled in various directions due to
overwhelmed responsibilities. The second issue is that there is very limited visibility into the IT
infrastructure, third-party, and user. This results in only fixing what one can see and not
managing what they are not aware of. Third, most attacks are growing in sophistication and size.
Most of the current attacks do not have an immediate solution. Forth, there is a huge skill gap in
the organization IT department. According to Global knowledge (2020), the IT skills gap in the
current market has increased by over 100 percent in the last three years. This skills gap has cost
employers up to 416 hours and over 22,000 dollars (Geer, 2020).
Another top problem that one may face when improving the security posture any
organization; is during the development of an effective information security strategy that offers
IS objectives and goals. Here an IT security manager is faced with the issue of making the
information strategy flexible in relation to the developing IS security problems and the ever
changing compliance requirements (Sheward, 2018).
You're viewing a preview
Unlock full access by subscribing today!
19
References
Abrams, M. a. (2008). Malicious control system cyber security attack case study–Maroochy
Water Services, Australia. The MITRE Corporation.
Alsmadi, I. (2019). The NICE cyber security framework : cyber security... by Izzat Alsmadi .
Cham: Springer Press.
Angelini, M. N. (2016). proactive and reactive attack and response assessment for cyber
incidents using visual analytics.
Anson, S. (2018). Applied Incident Response . New York: Wiley Press.
Bishop, M. (2014). Information security. Chicago: Springer Press.
Boyd, C., & Mao, W. (2017). Information Security. Chicago: Springer Press.
Burridge, A. (2015). Campus LAN Design – A Different Approach. Retrieved from Packet
pushers: https://packetpushers.net/campus-lan-design-a-different-approach/
Chaki, N., Meghanathan, N., & Nagamalai, D. (2013). Computer Networks & Communications
(NetCom) : Proceedings of the Fourth International Conference on Networks &
Communications. New York,: Springer Press.
Darren. (2017). Information security handbook : develop a threat... by Darren Death. Chicago:
Packt publishing.
References
Abrams, M. a. (2008). Malicious control system cyber security attack case study–Maroochy
Water Services, Australia. The MITRE Corporation.
Alsmadi, I. (2019). The NICE cyber security framework : cyber security... by Izzat Alsmadi .
Cham: Springer Press.
Angelini, M. N. (2016). proactive and reactive attack and response assessment for cyber
incidents using visual analytics.
Anson, S. (2018). Applied Incident Response . New York: Wiley Press.
Bishop, M. (2014). Information security. Chicago: Springer Press.
Boyd, C., & Mao, W. (2017). Information Security. Chicago: Springer Press.
Burridge, A. (2015). Campus LAN Design – A Different Approach. Retrieved from Packet
pushers: https://packetpushers.net/campus-lan-design-a-different-approach/
Chaki, N., Meghanathan, N., & Nagamalai, D. (2013). Computer Networks & Communications
(NetCom) : Proceedings of the Fourth International Conference on Networks &
Communications. New York,: Springer Press.
Darren. (2017). Information security handbook : develop a threat... by Darren Death. Chicago:
Packt publishing.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
20
DeVoe, C. &. (2015). Incident Response Plan for a Small to Medium Sized Hospital. New York:
Springer Press.
Dhillon, G. (2013). Information security. New York: Thomson Business Press.
Farhat, V. B. (2013). Cyber attacks: prevention and proactive responses.
Geer, D. (2020). Malicious bots threaten network security. Information Security, 18-20.
Golandsky, Y. (2016). Cyber crisis management, survival or extinction? In 2016 International
Conference On Cyber Situational Awareness, Data Analytics And Assessment , 1-4.
Gupta, S. K. (2017). Information security. New York: Springer Press.
Gurkok, C. (2013). Cyber forensics and incident response. In Managing Information Security.
Syngress Press.
Hewitt, S. (n.d). Six-step plan for dealing with a cyber security breach. Retrieved from Airmic:
https://www.airmic.com/news/six-step-plan-dealing-cyber-security-breach
Johnson, L. (2013). Computer Incident Response and Forensics Team Management. New York:
Springer Press.
Kazovsky, L. G. (2011). Broadband optical access networks. Chicago: Wiley Press.
Kenneth. (2012). Incident Response. Cambridge: John & Wiley Press.
Lucas, J., & Moeller, B. (2014). The effective incident response team. Chicago: Wiley Press.
McCarthy, N. K. (2013). The Computer Incident Response Planning Handbook: Executable
Plans for Protecting Information at Risk. Amsterdam: Springer Press.
McQuade, S. C. (2016). Understanding and managing cybercrime. New York: Springer Press.
DeVoe, C. &. (2015). Incident Response Plan for a Small to Medium Sized Hospital. New York:
Springer Press.
Dhillon, G. (2013). Information security. New York: Thomson Business Press.
Farhat, V. B. (2013). Cyber attacks: prevention and proactive responses.
Geer, D. (2020). Malicious bots threaten network security. Information Security, 18-20.
Golandsky, Y. (2016). Cyber crisis management, survival or extinction? In 2016 International
Conference On Cyber Situational Awareness, Data Analytics And Assessment , 1-4.
Gupta, S. K. (2017). Information security. New York: Springer Press.
Gurkok, C. (2013). Cyber forensics and incident response. In Managing Information Security.
Syngress Press.
Hewitt, S. (n.d). Six-step plan for dealing with a cyber security breach. Retrieved from Airmic:
https://www.airmic.com/news/six-step-plan-dealing-cyber-security-breach
Johnson, L. (2013). Computer Incident Response and Forensics Team Management. New York:
Springer Press.
Kazovsky, L. G. (2011). Broadband optical access networks. Chicago: Wiley Press.
Kenneth. (2012). Incident Response. Cambridge: John & Wiley Press.
Lucas, J., & Moeller, B. (2014). The effective incident response team. Chicago: Wiley Press.
McCarthy, N. K. (2013). The Computer Incident Response Planning Handbook: Executable
Plans for Protecting Information at Risk. Amsterdam: Springer Press.
McQuade, S. C. (2016). Understanding and managing cybercrime. New York: Springer Press.
21
Mepham, K. P. (2014). Dynamic cyber-incident response. Chicago: Wiley Press.
Mishra, A. R. (2018). Fundamentals of network planning and optimisation 2G/3G/4G :
evolution to 5G. Amsterdam: Elsevier Press.
Onwubiko. (2015). Cyber security operations centre: Security monitoring for protecting business
and supporting cyber defense strategy. In 2015 International Conference on Cyber
Situational Awareness, Data Analytics and Assessment, 1-10.
Sheward, M. (2018). Hands-on incident response and digital forensics. Swindon: BCS Learning
& Development Press.
Simpson. (2015). Information security and privacy : 18th Australasian Conference, ACISP
2013, Brisbane, Australia, July 1-3, 2013. Proceedings. Chicago: Springer Press.
Thompson, E. C. (2016). Cybersecurity incident response : how to contain, eradicate, and
recover from incidents. Chicago: Springer Press.
Voeller, J. G. (2014). Cyber Security. New York: Wiley Press.
Wyk, K. R., & Forno, R. (2014). Incident Response . New York: Springer Press.
Mepham, K. P. (2014). Dynamic cyber-incident response. Chicago: Wiley Press.
Mishra, A. R. (2018). Fundamentals of network planning and optimisation 2G/3G/4G :
evolution to 5G. Amsterdam: Elsevier Press.
Onwubiko. (2015). Cyber security operations centre: Security monitoring for protecting business
and supporting cyber defense strategy. In 2015 International Conference on Cyber
Situational Awareness, Data Analytics and Assessment, 1-10.
Sheward, M. (2018). Hands-on incident response and digital forensics. Swindon: BCS Learning
& Development Press.
Simpson. (2015). Information security and privacy : 18th Australasian Conference, ACISP
2013, Brisbane, Australia, July 1-3, 2013. Proceedings. Chicago: Springer Press.
Thompson, E. C. (2016). Cybersecurity incident response : how to contain, eradicate, and
recover from incidents. Chicago: Springer Press.
Voeller, J. G. (2014). Cyber Security. New York: Wiley Press.
Wyk, K. R., & Forno, R. (2014). Incident Response . New York: Springer Press.
You're viewing a preview
Unlock full access by subscribing today!
1 out of 21
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.