Security Policies and Controls to Overcome Business Challenges

Since their introduction, banks have owned vast amounts of customers’ personal and financial information. In the current generation, a significant portion of this data has become easily accessible to anyone with permission to access it. The growth and development of financial technology have resulted in many innovations over the past few decades, including but not limited to credit/debit cards, online banking, and wire transfers, together with mobile payments (Johnson & Easttom, 2020). These innovations have prompted banks to upgrade their systems to accommodate these transitions and transform their processes to guarantee better security. The XYZ bank is legally responsible for keeping customers’ data safe and protecting it from hackers’ access. This paper examines four possible IT security controls that may be implemented by XYZ Bank to safeguard confidential information belonging to customers.

One of the IT security controls that XYZ bank may adopt to protect customers’ confidential information is authentication. Under this security approach, every transaction in the bank occurs only after the identity of the person initiating the transaction has been confirmed. Authentication may also be applied to customers logging in to mobile banking systems, using credit/debit cards at ATMs, and visiting the bank in person (Johnson & Easttom, 2020). The authentication mechanism can also apply to bank employees who have been provided with access keys to customers’ and banks’ data. At the onset of implementing this security measure, authentication only required the users to key in an ID, password, or PIN (Wazid et al., 2019). However, in the contemporary business environment, banks have adopted two-factor and multi-factor authentication to verify a person’s identity (Johnson & Easttom, 2020). In this regard, XYZ Bank should adopt a biometric authentication technique to verify customers’ identities. An example of a technique that can be adopted is IVR.

Secondly, audit trails are the IT security controls that XYZ Bank can implement while conducting its operations. During the ancient period, banks relied on passbooks to trace the history of their transactions. In modern times, banks maintain an audit trail for every event when the customer interacts with the system (Vinoth et al., 2022). When the customer uses their hand-held gadgets to execute Internet banking, XYZ bank should ensure that it records the interaction time alongside customer interaction details. The bank should ensure this data is backed up daily and archived at defined intervals. The third IT security control that can be used is secure processes. Banks have developed a set of processes directed toward implementing and testing security measures (Vinoth et al., 2022). Some of these processes include Know Your Customer (KYC) updates for customers, NDA (Non-disclosure agreement) for vendors and employees, and Data Loss Prevention (DLP) solutions. Securing these processes is important because it aids organizations in complying with the requirements of data protection regulations such as GDPR.

The last IT security control that can be implemented by XYZ bank is securing its infrastructure. An organization’s infrastructure refers to the database system, which serves as the location where the data is stored and the boundaries established for proper security measures to be implemented (Wazid et al., 2019). The XYZ bank should ensure that its production data is encrypted. The encryption of this data restricts access to production systems. Some examples of production data that should be masked include bank account number, customer name, and address. Furthermore, the bank’s infrastructure can be kept safe by ensuring its employees access its network through a VPN if they use public Wi-Fi.

References

Johnson, R., & Easttom, C. (2020). Security policies and implementation issues. Jones & Bartlett Learning.

Vinoth, S., Vemula, H. L., Haralayya, B., Mamgain, P., Hasan, M. F., & Naved, M. (2022). Application of cloud computing in banking and e-commerce and related security threats. Materials Today: Proceedings, 51, 2172-2175.

Wazid, M., Zeadally, S., & Das, A. K. (2019). Mobile banking: evolution and threats: malware threats and security solutions. IEEE Consumer Electronics Magazine, 8(2), 56-60.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question

Learning Objectives and Outcomes

Understand the importance of information security policies and the role they play in business activities to ensure sound, secure information.

Identify four IT security controls for a given scenario.

Security Policies and Controls to Overcome Business Challenges

Assignment Requirements

Scenario

The organization is a regional XYZ Credit Union/Bank that has multiple branches and locations throughout the region.

Online banking and use of the Internet are the bank’s strengths, given its limited human resources.

The customer service department is the organization’s most critical business function.

The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.

The organization wants to monitor and control use of the Internet by implementing content filtering.

The organization wants to eliminate personal use of organization-owned IT assets and systems.

The organization wants to monitor and control the use of the email system by implementing email security controls.

The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into an annual security awareness training program.

Using the scenario, identify four possible IT security controls for the bank and provide a rationale for your choices.