Question

In: Computer Science

Regional Bank has been growing rapidly. In the past two years, it has acquired six smaller...

Regional Bank has been growing rapidly. In the past two years, it has acquired six smaller financial institutions. The long-term strategic plan is for the bank to keep growing and to “go public” within the next three to five years. FDIC regulators have told management that they will not approve any additional acquisitions until the bank strengthens its information security program. The regulators commented that Regional Bank’s information security policy is confusing, lacking in structure, and filled with discrepancies.

Should the bank work toward ISO certification?

Which ISO 27002:2013 domains and sections should be included?

Would you use NIST’s Cybersecurity Framework (CIA security model) and related tools?

Which methods of communication would be best for sending the policy?

What other criteria should be considered?

Which methods of communication would be best for sending the policy?

What other criteria should be considered?

Solutions

Expert Solution

1) Answer:-
The bank work towards iso certification because it satisfy some requirements.
they are:-
1) Need for fulfilling regulatory requirements
2) Need for sustaining and improving market faith
3) sustaining customer confidence
4) improving service level
5) Reducing transaction time
6) differentiation from other banks
7) efficiency improvement.
8) Greater customer satisfaction
9) Higher profitability and increased market share

!0 reasons for accquiring ISO certification:-

1) Meet customer requiremetns
2) Get more revenue and bussiness suggestions for new customers
3) Improve company and product quality
4) Increase customer satisfaction with the products
5) Describe,understand and communicate the company processes
6) Develop a professional culture and better emplloy relationship
7) Improve the consistency of operations
8) Focus management of employees
9) Improve efficiency,reduce waste and save money for the company
10) Achieve international quality recognition


2) Answer:-

ISO/IEC 27002 is a popular, internationally-recognized standard of good practice for information security.It is a massive monolithic standard cover a broad range of information with security controls.


The controls are divided into
1) Organizational controls:- controls involving management and the organization.
2) Technical controls :- controls involve or relate to technologies(cybersecurity)
3) People controls :- controls involve or relate to activities,behaviors,roles and their responsibilities
4) Physical controls:- touchable controls such as locks, and other types of environmental protection and controls such as fire and intruder alarms and uninterruptible power supplies(U.P.S) etc
5) External party controls :- controls involve or related to parties which is outside the scope of an ISMS (examples:- contracted cloud services, service level agreements,legal and regulatory obligations, privacy policies and other obligations to customers etc).
And some other alternative suppliers/sources of necessary information services, as well as data backups(example:- online or offline).


3) Answer
Yes we can use the NIST Cybersecurity model and any other tools related to that working of organization properly.
The five elements of NIST cybersecurity framework:-
1) Identify
2) Protect
3) Detect
4) Respond
5) Recover
these above 5 elements are related to the functions of the core framework.

3 parts of NIST cybersecurity framework:-
1) Functions
2) Categories and 3) Subcategories

Top 4 cybersecurity frameworks:-
1) PCI DSS (47%)
2) ISO 27001/27002 (35%)
3) CIS Critical Security Controls (32%)
4) NIST Framework for Improving Critical Infrastructure Security (29%)

NIST framework also follows CIA triad For better security concepts.
1) CIA means Confidentiality,Integrity and Availability
#Confidentiality:- It is a set of rules that limits the access to the secured information
# Integrity :- It is the assurance that the information is trustworthy,reliable and accurate.
#Availability:- It is a guarantee of reliable access to the information for the only authorized people not for unauthorized people.

Framework implemented in 5 steps:-
1) Select target goals
2) Create detailed profile
3) Assess current position
4) Analyze gaps and identify necessary actions
5) Implement action plan

Elements of cybersecurity:-
1) Information security
2) Application security
3) Disaster recovery
4) Network security
5) End user education
6) Operational security


4) Answer
By accepting this policy, you also agree that the Company can use your personal information to contact you for the marketing and marketing purposes.
By sending the emails
By the help of cookies and log files
By the help of third party cookies
Links and external websites
By the help of advertisements
By the help of social media links


5) Answer
Other criteria should be followed to maintain the security policy of the regional banks:-
1) Completed and assured transaction
2) proper notifications
3) A well managed password :- Should be well defined with strongness
4) Browser requirements and proper interfaces.
5) Cookies information:- Erase it in internal storage for security purposes.
6) Install the security upgrades for your system or device and keep them up to date.
7) Install recognised third party antivirus softwares.
8) Daily make backups of your important files.
9) Never leave your computer unattended or without lock.
10) Install a personal firewall or proper system security requirements.
11) Make sure the hard disk and the printer of your personal system components are not in shared mode.
12) Avoid unnecessary links or images (to avoid phishing attacks).
13) Use backup devices and other power supplies for your data privacy.
14) Don't connect to the internet unnecessarily.
15) Every time you should logout of every login session.

I hope you,you will like the answer.



Related Solutions

Regional Bank has been growing rapidly. In the past two years, it has acquired six smaller...
Regional Bank has been growing rapidly. In the past two years, it has acquired six smaller financial institutions. The long-term strategic plan is for the bank to keep growing and to “go public” within the next three to five years. FDIC regulators have told management that they will not approve any additional acquisitions until the bank strengthens its information security program. The regulators commented that Regional Bank’s information security policy is confusing, lacking in structure, and filled with discrepancies. What...
Suppose it is mid-2007 and the stock market has been growing rapidly for the past 5...
Suppose it is mid-2007 and the stock market has been growing rapidly for the past 5 years. Some economists argue that the stock market has become “overvalued” and thus a “crash” is imminent How does a rising stock market affect Aggregate Demand? Show this in an AD/AS diagram. For a central bank that is trying to keep real GDP close to Potential explain what challenges are posed by a rapidly rising stock market Suppose the stock market crashes how does...
The company has been growing steadily over the past 5 years, and the financials and future...
The company has been growing steadily over the past 5 years, and the financials and future prospects look good. Your CEO has asked you to run the numbers. After doing some digging into the business, you have gathered information on the following: • The estimated purchase price for the equipment required to move the operation in-house would be $750,000. Additional net working capital to support production (in the form of cash used in Inventory, AR net of AP) would be...
The company has been growing steadily over the past 5 years, and the financials and future...
The company has been growing steadily over the past 5 years, and the financials and future prospects look good. Your CEO has asked you to run the numbers. After doing some digging into the business, you have gathered information on the following: The estimated purchase price for the equipment required to move the operation in-house would be $750,000. Additional net working capital to support production (in the form of cash used in Inventory, AR net of AP) would be needed...
The company has been growing steadily over the past 5 years, and the financials and future...
The company has been growing steadily over the past 5 years, and the financials and future prospects look good. Your CEO has asked you to run the numbers. After doing some digging into the business, you have gathered information on the following: The estimated purchase price for the equipment required to move the operation in-house would be $750,000. Additional net working capital to support production (in the form of cash used in Inventory, AR net of AP) would be needed...
The Howland Carpet Company has grown rapidly during the past 5 years. Recently, its commercial bank...
The Howland Carpet Company has grown rapidly during the past 5 years. Recently, its commercial bank urged the company to consider increasing its permanent financing. Its bank loan under a line of credit has risen to $200,000, carrying a 8% interest rate. Howland has been 30 to 60 days late in paying trade creditors. Discussions with an investment banker have resulted in the decision to raise $400,000 at this time. Investment bankers have assured the firm that the following alternatives...
The Howland Carpet Company has grown rapidly during the past 5 years. Recently, its commercial bank...
The Howland Carpet Company has grown rapidly during the past 5 years. Recently, its commercial bank urged the company to consider increasing its permanent financing. Its bank loan under a line of credit has risen to $250,000, carrying an 8% interest rate. Howland has been 30 to 60 days late in paying trade creditors. Discussions with an investment banker have resulted in the decision to raise $500,000 at this time. Investment bankers have assured the firm that the following alternatives...
QUESTION SIX “Riverbend is a rapidly growing biotech company that has a required rate of return...
QUESTION SIX “Riverbend is a rapidly growing biotech company that has a required rate of return of 12%. It plans to build a new facility. The building will take two years to complete. The building contractor offered Riverbend a choice of three payment plans, as follows:                                                                                                                                                  Plan I Payment of £100,000 at the time of signing the contract and £5,000,000 upon completion of the building. The end of the second year is the completion date.                                                                                                                                              ...
Though the industry of Islamic banking and Finance has been growing for the past 30-40 years,...
Though the industry of Islamic banking and Finance has been growing for the past 30-40 years, some Shariah scholars have openly refused to accept its role on both levels: a)         Macro level (there can be no Islamic banking and finance under a Conventional Central Bank) b)         Micro level (products such as Bay’ Einah, Tawarruq etc are nothing but legal tricks and a backdoor for Riba). Based on your knowledge, provide four arguments (two on Macro and two on Micro...
Though the industry of Islamic banking and Finance has been growing for the past 30-40 years,...
Though the industry of Islamic banking and Finance has been growing for the past 30-40 years, some Shariah scholars have openly refused to accept its role on both levels: a) Macro level (there can be no Islamic banking and finance under a Conventional Central Bank) b) Micro level (products such as Bay’ Einah, Tawarruq etc are nothing but legal tricks and a backdoor for Riba). Based on your knowledge, provide four arguments (two on Macro and two on Micro levels)...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT