Paper Example on Security of the Customers in the University Bank

Introduction

The security of the customers in the University Bank is one of the key priorities by the management in the bank. The customers expect the bank to maintain a high-level security to ensure that all consumers are satisfied with the services they get and they feel secure in the bank. The bank has its headquarters in Arbor, Michigan, and has over 370 employees and over 110,000 customers. Since it was founded in the 1980's, it has served many customers and has experienced some instances of a security breach that have led to increased concern over the security of their customers. The security details of the bank include protecting the physical properties, the database that has all confidential information about the bank and their customers and employees and against online attacks. To ensure the existing security measures are effective, the bank needs to have a security response plan that can give guidelines on how to meet the different security needs.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

University Bank's Security Issue

After working for nine weeks as the Director of Security for University Bank, it is easy to identify the security issues in the bank. The threats that face the university bank are numerous and they keep changing with time. The first threat to deal with will be manipulation of data by hackers. In some cases, the hackers will access the data in the bank and manipulate it to reflect their desires. The threat may be hard to detect and the security response plan will involve a specific process to analyze data and determine if it has been manipulated. The other threat is fraud which is common in most parts of the world. Fraud can be caused by internal or external stakeholders. Fraud is related to financial crime and the two have caused banks a lot of losses across the world (Norton & Walker, 2014). The response plan proposes that all operations be done with a high level of transparency to reduce the chances of fraud happening.

Malware attacks, distributed denial of service (DDOS), and other related online attacks are expected to affect the bank and to cause a delay in services delivery, loss of data and reduced efficiency in the operations of the bank. The threat is related to the online banking services which have been adopted by the bank for the last few years. The benefits of online banking are numerous and they have to be guided by ensuring the services are secure. Even though the bank has resolved to use encrypted data, it also a threat that some of the data may be left unencrypted and this may be used by hackers. Physical security will be ensured through the employment of adequate measures to make sure all intruders do not get access to the bank premises and the server rooms. The response plan will include all parts of the bank that need to be guarded and how to ensure they are safe. Crime prediction will be done through the analysis of the historical crime records to determine the possibility of having a crime. The prediction can also be done using the records held by the bank and the police departments. The response plan will include methods and techniques for analyzing the rate of crime and determining its possibility of occurring.

Possible Measurements of Risks and Loss

In determining the level of risks and the loss they cause, the first step will be to define their characteristics and magnitude. They will be grouped into major, medium and low risks and the losses associated with each will be quantified according to the financial losses they cause. The other step will be to analyze the ways to mitigate the losses and how to reduce the chances of having the risks occurring. The risks and losses can also be measured using the financial impacts that they have on the bank. If the bank experiences a reduction in the number of customers who open accounts as a result of fear for the loss of confidential data, the benefits that they could have brought to the bank can be used to quantify the risk of losing data. The response plan will include formulas to calculate the exact loss associated with the risks the bank will have.

Potential Weaknesses in Security

The security plan in the bank has its weak points which may increase the risks and cause losses. The first one is poor coordination among the departments. The finance department, for instance, has poor coordination with the Information Technology department and this reduces the joint security measures. According to Khan et al. (2016), one of the causes of failure in risk management is ignorance of the potential risks facing the organization. The bank will require to train the employees on the dangers that face the bank and how to detect when the security of the bank has been compromised. The training will start with the top management and the department managers. An observation on the online banking services shows that most of the customers have shifted and use their mobile phones to the bank and transfer their money. The risks are that their security measures may not be effective enough to avoid attacks. Some of them log in to their accounts and leave them without logging out. In some recent cases, most of the customers share their confidential details with malicious people online and others are victims of cookies and malware created by hackers to steal their credentials.

The observation also shows that the physical security can be compromised easily because of the inadequate personnel that is employed. The response plan suggests a higher number of security personnel to increase their efficiency. Access to data in the bank is also restricted up to a certain level, depending on the ranking that employees have. However, it is possible for the restriction to be breached because it is based on the passwords that people have. The firewalls used should be more reliable. For example, biometric identification can be used to determine the authenticity of the people who have access to data.

Various Courses of Action to Address the Security Concerns

The first course of action is to analyze the security measure and how they reduce the risks. The first one is the passwords. The plan will require all passwords to be hard to crack or guess. For instance, people should not use their dates of birth and their spouses' names as passwords. The process will start with the analysis of the current state of security and how it can be improved. The other one will be to ensure there are audit logs which can be reviewed regularly to identify the people who access data. The response plan will also ensure the bank has back up data storage which can be used to restore the data if deleted by hackers. The objectives of the management security audits should also be made clear to all stakeholders to increase the chances of its success. When all stakeholders know about the objectives, it is possible for them to cooperate and give their views.

The compliance audits should also be analyzed to ensure that all measures meet the legal and social regulations. The organization should comply with all laws set about the security of the bank in the region. The employees should be motivated to have a positive attitude towards the compliance (Safa, Von Solms, & Furnell, 2016). The other course of action is the analysis of the security policy used in the company and the processes used to meet the security requirements of the bank. The response plan will ensure that all policy is known by all stakeholders and that there is a copy of the policy in each department for reference. The other one is to ensure that auditors rely on facts and valid procedures rather than any data. The security management audit process should be done by experienced people who can provide the bank with reliable and valid information. All threats should also be addressed individually and the solutions for each should be made clear to the bank. The process of identifying these risks should also be clear and known to the management and should be documented for future reference.

Recommendation for a Security Plan

The security plan will start by assessing the security challenges and allocating roles to the people who are to undertake them. The details of the assessment done during the security management audit can be used to decide on the number of roles that need to be allocated to the employees to address the existing challenges. The other one will be to analyze the resources required to achieve the objectives of the security plan. The relevant departments should be identified before the roles are allocated. For example, the risk associated with malware attacks will be allocated to the IT department while that of manipulated financial data will be allocated to the finance department. The other one is to have Key Performance Indicators which will be used to identify the employees who achieve the set targets. Rewards and punishments can be used to motivate the stakeholders to comply.

The other recommendation is to have a clear and simplified method of responding to security challenges. According to Grispos, Glisson, and Storer (2014), the integration of different agile principles, both modern and traditional, can help in meeting the goals of the security response. The proposed response plan should be a combination of the possible principles to increase their success. The structure of the security plan will ensure the bank has mitigated all possible risks by having several layers of security experts offering their services. For example, a suspected fraud should be analyzed by several experts and departments. There should be a reliable communications strategy to ensure all information is relayed to the relevant people on time. Emails, written media, and social media can be used to pass messages on new threats and ways to contain the situation. Lastly, the bank should have frequent reviews of the security condition instead of reacting to a threat when it occurs. The reviews can be done monthly by the departments.

Priorities in Dealing with Risks, Threats, Emergencies, and Crises

The priority in the security response plan will be decided by the department heads depending on the risks that affect their departments. In the IT department, the manager will give priority to malware attacks or loss of data, depending on the risk that occurs more frequently. The same will be done in the finance department where the manager will give priority to fraudulent transactions or data manipulation. The issues that receive priority will be reviewed more frequently than the others. The history of the security challenges in the university bank will help to analyze the risks that affect it and how frequently they occur. The priority will change, however, if the attacks change. The other priority will be put into the analysis of the costs of maintaining the security required. The bank is in business and all costs should be monitored to identify when they are too high for it. The responses will also prioritize on the effectiveness of different methods used.

The Effectiveness of the Security Plan

The security plan will address the needs of the bank through analysis, planning, and implementation of the security plans discussed above. The analysis will involve identifying all risks and threats and then come up with the possible solutions that can be implemented at the lowest cost possible. The analysis will also identify the exact threats that affect the bank in different departments. The response plan will give guidelines on how to meet the different requirements and how the risks will be minimized. The response plan will help to detect fraud and theft and to reduce the chances of it happening. It will also act as a pool of knowledge that can be used by the bank in the future to deal with a similar security challenge. It will give estimates of the magnitude and frequency of certain crimes and help in making decisions that can minimize...