Financial Service Security Engagement – Security Analysis
Introduction
The recent migration of account managers to a cloud-based Customer Relationship Management (CRM) at my workplace has created security and integration concerns. However, the move is incredibly impressive as it blends the CRM with onsite investing, which has excited the account managers due to its prowess to support access by mobile device. The organization intends to generate more leads, increase sales, enhance customer service, and increase revenue. Therefore, my team has been tasked by the Chief Security Information Officer (CISO) to address the security and integration issues by creating a plan that guides the secure use of mobile devices, recommending physical security and environmental control to the data center, and analyzing cryptography and Public Key Infrastructure (PKI) as stringent measures to boost security.
A Plan for Secure Use of Mobile Devices by Employees
A well-structured plan will ensure that internal and external employees use mobile devices securely. The first step is enforcing authentication measures by ascertaining that the default passwords in the machines are changed and updated frequently. The workers should also be advised to reduce app downloads and avoid interacting with suspicious emails to evade social engineering. Periodical companywide mobile security audits must be encouraged to assess loopholes in employees’ use of the devices. In addition, the organization must emphasize employee training as a strategic way of equipping them with the necessary security knowledge. Integrating encryption policies is also essential in ensuring that critical data is not stored without being encrypted (Brodnax, 2019). Such bold security actions are necessary for protecting mobile devices amidst their daily use.
It is also vital to secure the traffic between the devices and the data center and within the data center. This can be attained through strategic steps such as the installation of antimalware software. Just like other operating systems, including Linux and Windows, IoS and Android are equally vulnerable to attacks. Besides, there ought to be secure mobile communications to avoid data tapping by middlemen. VPNs should be applied while using the devices to access cloud-based systems to minimize interceptions. In addition, third-party software deserves to be closely monitored as it can potentially threaten data traffic. Untrusted developers may exploit backdoors to siphon data maliciously. Finally, the establishment of separate, secured mobile gateways to channel data on transit should be instituted.
Physical Security and Environmental Controls
The protection of the data center that holds the onsite software can be realized through strategic physical security and environment control. It is imperative to ensure there is adequate video surveillance, both indoors and outdoors. They should run 24/7 to detect and capture suspicious threats. Fostering redundant utilities is also advisable such that electricity failure does not have profound impacts in the long run. The facility should also have a one-way entry to prohibit invasions from many unmanageable access points. Biometric security techniques such as retinal recognition and fingerprinting should be put in place to determine who enters. Further options, such as access cards, might also work in the best interest of security control.
There are other underrated options that can be instituted to strengthen wavy security. For instance, the institution of motion-activated security lighting will ensure that unsolicited moves are controlled, especially during the night (Shailaja, 2020). Deployment of security officers is also essential to ensure that the entire environment is manned. Nevertheless, locks must be prioritized to make it hard for unintended persons to enter the data center. All doors and cabinets deserve to be latched, especially when not in use. This mechanism is relevant not only for external intrusion but also for insider threats. Physical security stretches to clear job allocation so that people are accountable within their areas of jurisdiction. As such, it becomes more practical for employees to safeguard their workplace to avoid the potential repercussions. The presence of fire prevention systems, humidity sensors, and backup plans ought to be considered. Most of these controls might be expensive, but they are worth it.
The Use of Cryptographic and PKI to Increase System Security
Symmetric encryption is a type of cryptographic security measure that can strengthen a system’s security. It is typically a form of encryption where a single key is used to encrypt and decrypt electronic messages. A complex algorithm is usually used to convert plaintext to ciphertext that the unintended audience can hardly read. Therefore, the sender and the recipient keep the common key private from others to maintain communication integrity. The secret key could be a random string of numbers/letters or a password. Symmetric encryption is branched into two types, namely, block algorithm and stream algorithm. The blocking algorithm breaks down the plaintext to a specific fixed-size block before encryption, while the stream algorithm encrypts information bit-by-bit. Common examples of symmetric encryption include DES, AES, and IDEA (Crane, 2020). This method is preferred for its speed and efficiency when handling huge chunks of data.
Unlike the symmetric approach, asymmetric encryption is quite advanced as it incorporates private and public keys. The public key is referenced during encryption, while the private key is applied in decipherment. As the name suggests, the private key should only be known by the recipient. The two keys are usually connected mathematically, but their relationship differs amongst algorithms. When sending a message, one refers to the public directory to obtain the receiver’s public key for encryption reasons. The recipient, on the other end, employs the related private key for encryption. In instances where the sender wants to be authenticated, they use their private key to encrypt the message, implying that decipherment can only be done using their public key. Some of the protocols that rely on this mechanism include SSL, TSL, and RSA. It is the most secure method with nonrepudiation measures and is thus highly prevalent in organizations (Brush, 2021).
PKI is a well-structured encryption framework that secures communication between the server and the clients. Its operation relies on three components: digital certificates, certificate authority, and registration authority. Digital certificates are the fundamental component that uniquely recognizes the user’s/machine’s identity making it convenient to establish the integrity of communication in the organization. The communication traverses through certificate authority, which verifies the user’s digital identity as a strategic way of eliminating falsified entities. The registration authority authorizes digital certificates based on a case-by-case approach. Public key certificates encompass both private and public keys, where the latter is readily available for anyone who wishes to authenticate the certificate’s identity (Venafi, 2021). Generally, PKI employs the concepts of both symmetric and asymmetric encryptions.
Conclusion
The CISO does not have to worry about security and integration concerns of the recent blending of onsite software applications and the cloud-based CRM. There is a wide array of security measures to protect devices and traffic while reinforcing environment controls. The effectiveness and comprehensiveness of PKI would be of great relevance to the company. Therefore, the firm is capable of running flawless operations in financial services by integrating the discussed concepts.
References
Brush, K. (2021). Asymmetric Cryptography (Public Key Cryptography). Tech Target. Retrieved
on 8th Nov 2021 from: https://searchsecurity.techtarget.com/definition/asymmetric-cryptography
Brodnax, J. (2019). Mobile Device Security in the Workplace: Dangers and Best Practices.
Hancock Whitney. Retrieved on 8th Nov 2021 from: https://www.hancockwhitney.com/insights/mobile-device-security-in-the-workplace-dangers-and-best-practices
Crane, C. (2020). Symmetrical Encryption 101: Definition, How it Works & When it’s Used.
Hashed Out. Retrieved on 8th Nov 2021 from: https://www.thesslstore.com/blog/symmetric-encryption-101-definition-how-it-works-when-its-used/
Shailaja, C. (2020). Physical Security of Data Centers. International Society of Automation.
Retrieved on 8th Nov 2021 from: https://www.isa.org/intech-home/2020/march-april/departments/physical-security-of-a-data-center
Venafi, (2021). How does PKI work? Retrieved on 8th Nov 2021 from:
https://www.venafi.com/education-center/pki/how-does-pki-work
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Assignment Content
Imagine this scenario: Your Learning Team is a cybersecurity engineering team for a financial services company that sells investments to and manages investment portfolios for high-net-worth individuals.
Financial Service Security Engagement – Security Analysis
Your organization just completed the migration of the account managers to a cloud-based customer relationship management (CRM) software application. Your organization has integrated the cloud-based CRM with on-site investing and account-management systems to improve investment-product sales to existing and potential customers and to manage customer accounts and investment portfolios. Account managers are excited to use the new system, especially since it supports mobile device access.
Management hopes the new cloud-based CRM, integrated with the on-site software applications that manage customer accounts and investment portfolios, will help the organization generate more leads, increase sales, improve customer service, reduce the cost of sales for the organization, and increase revenue.
Your organization’s chief information security officer (CISO) is concerned about the new system’s security and its integration into existing systems.
As a team, write a 4- to 6-page security analysis for the CISO in which you:
Create a plan that addresses the secure use of mobile devices by internal employees and external employees as they use mobile devices to access these applications. This includes protecting the devices, the traffic between the devices and the data center, and within the data center.
Recommend physical security and environmental controls to protect the data center that runs the on-site applications.
Analyze cryptography and public key infrastructure (PKI) uses that could be used to increase security for these systems. This includes symmetric encryption, asymmetric encryption, and how PKI works. (PKI is a framework, not a specific solution.)
Complete the order form and upload all of your files, including any instructions, rubrics, or other materials provided by your instructor. 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.