StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Issues Related to Security Interoperability and Operations - Case Study Example

Cite this document
Summary
This case study "Issues Related to Security Interoperability and Operations" focuses on the issues faced by Banking Solutions Inc, a number of them are related to security, interoperability, and operations. IT controls can be optimized and prioritized, but this would be based on immediate need. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.5% of users find it useful

Extract of sample "Issues Related to Security Interoperability and Operations"

PROJECT 2: CASE STUDY 1 (CON'T) ANALYSIS—IDENTIFY ITS CONTROLS

Issues Related to Security Interoperability, and Operations

Among the issues faced by Banking Solutions Inc, a number of them are related to security, interoperability, and operations. The issues related to these three aspects include the following:

  • The company has not been ensuring frequent update of its data center DRBCP. The last update was done back in the year 2009, two year after it was created in 2007, which shows the inconsistence of maintaining often update as required in data and information management.
  • The latest testing of the data center DRBCP was done in 2007. The testing activities were not even adequately done since it only consisted of a conceptual, table-top walkthrough of the DRBCP. The item processing facility DRBCPs have not even been tested yet.
  • The site-specific DRBCPs have been written for the five largest item processing facilities with some remaining item processing facilities, which have a generic “small center” DRBCP template. This template is seen to have been distributed to and customized by facility management by June 2010, while up to four items processing facilities have not yet completed the customization exercise.
  • Failure to identify Recovery Time Objectives as well as Recovery Point Objectives for the organization’s critical business processes and systems in the DRBCP was still another major issue. The critical systems in the DRBCP included detailed hardware inventories and software inventories. Other included processes and requirements within the DRBCP include critical business process including process owners, alternative processing facility addresses as well as directions, notification listing, critical plan participant roles, responsibilities, vender contact listing, core business forms, recovery procedures for core systems, as well as procedures initiated to manage public relations and communication.
  • Not all the plan participants have been issued with the process plan as seen in the review of DRBCP distribution lists. This is an issue affecting the business process. Besides, storing the plan copies online and having the duplicate they depict the ineffectiveness of the business process. Better and safer ways of storing back information regarding the plan could have been applied.
  • Another process issue is that all the participants of the critical plan have hardly been trained on how to use DRBC.
  • Typically, several power users whose actions are recorded onto event logs have been found to have write access to the logs themselves even without administration approval, which facilitates possible information security risk.
  • Various data centers have been established with each of the data centers acting as a “hot site” processing location for the other. The issue in this case is that, DRBCPs or even any other documentation hardly outline specific processing responsibilities for backup facilities.
  • The other major issue is based on the poor backup storage of information. Full backups of critical data, software programs, as well as configurations are performed only once every week. This could be done even more frequently.
  • At the item processing facilities, the management is tasked with offering contracts to the off-site storage of backup tapes while the management has contracted the bank across the street to offer storage for its backup tapes within a safety deposit box, at one of the item processing facilities. The night Operations Manager on the other hand, for another item processing facility, stores the backup tapes within a safe at his home. Tapes are stored in a shed at the back of a building at a third item processing center.

Prioritization of IT Security Controls

IT controls can be optimized and prioritized, but this would be based on immediate need, security posture, complexity, resource availability, and cost. The choice of security controls would be sensitive and thus intensive care would be necessary. Careful selection is typically important because it can help in securing information systems that are safe and promising (National Institute of Standards and Technology , 2014). The security category is very critical. Determination of the security category regarding information systems requires some intensive analysis. This determination should thus be a priority. This should include the potential values of impact to the respective objectives, such as confidentiality, availability, and integrity. The IT security category also determines the budget required for any specified IT control. In selecting meaningful IT security controls, approaches that are comparable, repeatable, and more consistent should be facilitated (National Institute of Standards and Technology , 2014). Further, recommendations for the minimum security controls for information systems need to be provided.

The security controls in this case have to be in accordance with the FIPS 199, which entails the Standards for Security Categorization of Federal Information and Information Systems (National Institute of Standards and Technology , 2014). In this case, IT security controls will be initiated to achieve confidentiality, integrity, and availability. Regarding confidentiality, the preservation of authority restrictions on information access as well as disclosure would be very critical and the IT controls, which have the capabilities of achieving this objective, should be initiated. Such IT controls should include adequate means for the protection of personal privacy as well as proprietary (National Institute of Standards and Technology , 2014). Focusing of integrity achievement would be based on IT security controls that can guard against improper destruction of information or modification. The controls should ensure that there are no information repudiations and authenticities. When selecting the best IT security controls, availability should be considered a priority. This prioritization would ensure that there is timely access and reliable access to information. The same aspect would be applicable when using the same information. When there is a loss of availability, it would imply that there would be a disruption of access to information as well as problems in using such information.

The security controls to be selected should be within the reach of the organization in terms of cost and timeline specifications. The prioritization process should be able to meet all the required security milestones. The milestones would help the organization protect its data and information from the risk factors as well as escalating information insecurity threats. The IT security controls should thus be able to show a roadmap the Banking Solutions Inc. can use in addressing the possible information risks with respect to their priority. The security controls should also be in a position of depicting the pragmatic approach, which could allow effective action against the specified security threats. The controls will also have to support the financial as well as the operational planning of Banking Solutions Inc. More importantly, the best IT security controls would be the one giving way to the promotion of objectives as well as measurable progress indicators in aspect like information security, item progress, and operations among others. This way, it will enhance the promotion of consistency among future security assessors.

Generally, the selected IT security controls should be stable and flexible for the organization’s information systems. In this regard, the prioritized IT security control would meet the immediate security/protection needs of the organization as well as any demand for its future protection requirements and technology complexities (Dempsey, et al., 2011)). The IT security controls would definitely create a strong foundation for developing assessment methods and the right procedures for determining the effectiveness of security controls. The effectiveness of the selected security control is determined by the implementation correctness and how the implemented controls adequately meet the needs of Banking Solutions Inc. according to its immediate security risk tolerance. This aspect implies that security controls should be implemented in line with the prevailing security plan to address the existing threats as well as the organization’s security plans. Status of the organization’s security could be determined with the use of metrics that are established Banking Solutions Inc. to convey the organization’s information security posture, and its reliance under known information security threats.

Applicable Government Regulations

A number of government regulations and standards are applicable to the identified IT security controls. Such government regulations and standards are meant to govern the way the requirements have to be met, implemented, or even measured. Legislations and executive regulations, usually put emphasis on the management, quantification, and reporting of their security performances (Chew, et al., 2008). The main purpose of such regulations/legislations and standards are to aid in facilitating the streamlining of the US government operations. Through the regulations, it would be easy for Banking Solutions to improve on efficiencies regarding information security controls. The major legislations include the Federal Information Security Management Act (FISMA) and the Government Performance Result Act (GPRA) (Chew, et al., 2008).

Some of the major regulations are based on the Federal Information Security Management Act (FISMA). FISMA requires organizations to provide adequate protection of their information resources by implementing security programs that are comprehensive and commensurate with the security information and data being processed, transmitted, or even being stored. Banking Solutions Inc. is also required through the Act to assess and report its performance regarding the implementation of its information security programs. FISMA is meant to provide comprehensive frameworks to ensure the effectiveness of its IT security controls. Through FISMA, the organization is required to have a clear understanding of the networked nature of the prevailing computing environment (Chew, et al., 2008). FISMA also provides for the information security controls management and ensures that the minimum information security controls are maintained. It provides a meaningful way of improving an oversight of the required standards regarding information security programs. FISMA also acknowledges the best security products in offering good information security to organizations like Banking Solutions Inc.

Generally, FISMA mandates the National Institutes of Standards and Technology to develop standards and guidelines regarding information systems. It requires organizations to make the necessary steps in identifying and assessing security risks that could be facing their respective information systems. Organizations are then required to define and then implement the applicable information security controls in order to protect their respective information resources. Organizations are required to report on their information security status on quarterly and annually basis (Chew, et al., 2008).

The GPRA mainly focuses on the improvement of information security program effectiveness as well as its efficiency through an adequate articulation of the program goals, as well as the provision of information on the performance of the information security program. Organizations are required by the government through GPRA to develop multiyear security control plans. The organizations’ performances are required to be reported against such plans. GPRA mainly mandates organizations to carry out strategic as well as performance planning activities that would always culminate in annual submissions of reports about information security strategic plans and their performance measures. Organizations are generally required to define their long-term goals and objectives, set targets of performance that are measurable, and report their performances against such goals and objectives (Chew, et al., 2008).

Enhancement of Security Posture by Controls

All IT security controls are meant to promote security on information and information system by enhancing the security posture of a given organization. The control considered, under the NIST Special Publication 800-53 is Unsuccessful Logon Attempts (AC-7). This control is with the family of AC- Access Control. The control enforces a limit to a user regarding every invalid logon attempts that are consecutive (National Institute of Standards and Technology , 2014). An information system is required under this control to automatically lock the account or node until it is released by the respective administrator. It delays the next logon attempt after the maximum number of unsuccessful trials is reached.

The requirement that unauthorized users should not access information illegally is securely implemented successfully. The control applies irrespective of whether logon attempts are initiated using local or wide area network connections (NIST Special Publication 800-53 (Rev. 4), 2014). Automatic lockouts are usually initiated by the information system temporarily due to the potentiality for the service denial. The lockouts are released after some predetermined amount of time that has been established by the organization and this happen automatically. The organization can choose initiate different algorithms for use on different information systems with respect to the corresponding capabilities of the different systems’ components. This may happen when delay algorithms are selected. The security posture of the specific organization is thus enhanced through this control also given that responses to unsuccessful attempts to logon can be implemented at the application levels as well as at the operating system (NIST Special Publication 800-53 (Rev. 4), 2014).

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Issues Related to Security Interoperability and Operations Case Study Example | Topics and Well Written Essays - 2000 words, n.d.)
Issues Related to Security Interoperability and Operations Case Study Example | Topics and Well Written Essays - 2000 words. https://studentshare.org/information-technology/2090003-issues-related-to-security-interoperability-and-operations
(Issues Related to Security Interoperability and Operations Case Study Example | Topics and Well Written Essays - 2000 Words)
Issues Related to Security Interoperability and Operations Case Study Example | Topics and Well Written Essays - 2000 Words. https://studentshare.org/information-technology/2090003-issues-related-to-security-interoperability-and-operations.
“Issues Related to Security Interoperability and Operations Case Study Example | Topics and Well Written Essays - 2000 Words”. https://studentshare.org/information-technology/2090003-issues-related-to-security-interoperability-and-operations.
  • Cited: 0 times

CHECK THESE SAMPLES OF Issues Related to Security Interoperability and Operations

Updated Liberty Identity Assurance Framework

pproved cryptographic techniques are used for all operations.... The essay "Updated Liberty Identity Assurance Framework" discusses the implementation of a new set of products and services, Liberty Identity Assurance Framework (LIAF).... nbsp;The vision of the Liberty Alliance is to enable a networked world in which individuals and businesses can more easily conduct transactions....
5 Pages (1250 words) Essay

Health Information Exchange

The sharing of this information is aimed at maintaining individual confidentiality, privacy, and security while providing a faster and more effective way of sharing health-related information for the benefit of both patients and HIOs (AHIMA).... hellip; Health Information Exchange is a process whereby medical information is transmitted between medical institutions, government agencies, and related bodies safely and effectively via electronic methods.... Of these issues, privacy, confidentiality, possible unauthorized access, and misuse of medical records are of primary concern....
5 Pages (1250 words) Essay

Analysis of important issues to consider when choosing a technology to use

Such is the case that software-defined storage offers less problems n matters such as interoperability, storage resource manual oversight and particular storage resources over or under utilization (software-defined storage).... This functionality allows automatic pooling of storage infrastructures found in a software storage environment to suit the application preferences of… The separation of the managing software from the storage hardware in SDS, serves the end user to larger extend, as it opens an avenue for purchase of heterogeneous storage hardware with less fear....
5 Pages (1250 words) Article

Emerging Application of Technology

Different issues, for example, mass era, power transmission, conveyance, and security wont be secured in this report (Xiang, St-Hilaire & Kunz, 2011).... Technology is the making, alteration, use, and information of apparatuses, machines, procedures, specialties, frameworks, and strategies for association, with a specific end goal to tackle an issue, enhance a previous answer for an issue, attain an objective, handle a connected… It can likewise allude to the accumulation of such instruments, including hardware, adjustments, plans and methods....
5 Pages (1250 words) Coursework

Flash Wrapper for ServePDF

Despite its importance, the program experiences a number of security issues.... security has for along time been a major concern in computing.... Considering the recent trends in computing distribution, its applications, and the emergence of the World Wide Web, security issues have become crucial to all computer users.... The common security issues witnessed while using Flash wrapper for ServePDF are observed in its communication paths, captures of Wireshark, during the installation of the program, it's cached in Cache/Squid Proxy, and while acquiring data using Java SDK and Adobe (Perriorellis, 2008)....
5 Pages (1250 words) Essay

Investigation of the Network Related Issues with VoIP Implementation

It, certainly, has drawbacks in conjunction with the many advantages it carries; plus its rising growing global utilization is producing new concerns surrounding its regulations as well as security (Unuth, 2010).... The author of the paper titled the "Investigation of the Network related Issues with VoIP Implementation" presents a comprehensive overview of some of the main areas of the Voice over Internet Protocol implementation options offered by vendors and ISPs....
9 Pages (2250 words) Term Paper

The Importance of Web Services in the Development of Web-Based Solutions

The purpose of this paper is to explore a wide range of issues related to web services including the importance of web services in the development of web based solutions to meet the business needs today, the mechanisms available for discovery of a web service, the key features and principles of Service Oriented Architecture (SOA), the characteristics/features of approaches that can be used for delivering internet applications and finally the platforms for developing web services....
8 Pages (2000 words) Assignment

Cloud Computing Voting Architecture Diagram

It will be important for the designer to consider what data will be sent to the system in order to prevent any security related risk.... Hence the security and confidentiality measures is found to be less secured.... … Question 1Cloud computing voting architecture diagramQuestion twoInfrasture as a service (laaS) deliver computer infraxtures as a service (Tadayoshi and Adam, 2003)....
5 Pages (1250 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us