Security and Risk Management
Instructions:
Select an organization with which you are familiar and obtain faculty approval for your choice.
Write a 1,400- to 1,750-word paper that includes the following:
The organizational overview.
Prioritized assessment of the strengths, weaknesses, threats and vulnerabilities of your selected organization’s security system(s), including facilities, people, information systems, and other appropriate assets.
The influence of crime and criminology in your assessment, as well as applicable national and global issues.
Solution
Security and Risk Management
Contents
Assessment of the Organizational Security Systems, Facilities, People, and Information Systems. 3
Persistent Investment in Security Systems such as Site Key. 3
Distributed Denial-of-Service Attack. 4
Introduction
Present technology has given rise to opportunities for banks such as Bank of America (BOA) to meet the needs for fast and efficient banking transactions. Accordingly, the information systems in the present environment used in the banking sector are both for B2C, Business to Consumer, and B2B, Business to Business, transactions. Therefore, with the communication and information access a facet of concern, it has become imperative to put in place effective security systems to safeguard organizational transactions. Accordingly, an intrusion is an aspect of concern for the banking sector, with BOA investing significantly in initiatives to safeguard their information systems. Therefore, this paper aims towards analyzing BOA’s security systems through evaluating the competencies and potential threats to their operational dynamics.
Bank of America is a multinational organization that offers both banking and financial services. As such, the organization, headquarters in Charlotte North Carolina, is the second largest in America. The organization has been steadfast in revenue with an emphasis on financial services to its various customers across the US. As of 2016, BOA was ranked 11th in regards to revenue yields (Naudet, Mayer & Feltus, 2016). Further, the company maintains a top four position with companies such as Wells Fargo, JP Morgan Chase, and Citigroup being its main competitors. Across the US market, the organization operates in all the States, with more than 15,900 ATMs in the nation. Further, the company maintains effective financial service and product delivery in over 4,600 retail centers. Therefore, in its financial service provision, the it has been successful through constant investment in innovative ways to tackling competition and investing in various innovative ways to ensure the protection of their information systems (Naudet, Mayer & Feltus, 2016).
Assessment of the Organizational Security Systems, Facilities, People, and Information Systems
Persistent Investment in Security Systems such as Site Key
BOA maintains a steadfast path towards ensuring security systems are up to the industry standards. Accordingly, the organization embarks in extensive research in contemporary ways in which safeguards to the information systems can prevail (Duncan, Zhao & Whittington, 2017). It is in line with the need to protect information systems that the company has maintained competency in security system protection investments. Therefore, from the analysis of the organization, the persistence of phishing attacks has led to it investing in new and innovative cyber security tools. One of the most prominent is the Site Key. In reference to Oh, Kim & Cho, (2016) Site Key entails an anti-phishing system recently inculcated in the operating environment by the bank. As a product of the Pass Mark Security, the tool is effective in ensuring that the organization can foil any form of phishing. The tool operates based on the premise that there is need to prove the authenticity of a given computer. Further, the Site Key ensures that there is no prevailing form of unauthorized access to a given account. Through the use of websites equipped in the Site Key, there is extensive communication and firewalls that necessitate comprehensive safeguards against any form of data breach.
One of the most persistent weaknesses of BOA is its ineffectiveness in handling the key logger threat. As such, the company has been grappling with increasing instances in which hacking and use of their systems in a malicious manner prevail. From the research undertaken by Oh, Kim & Cho, (2016), key logger, as a form of surveillance system, has been a persistent weakness of the organization. Despite the contemporary use of the key logger approach by employers as surveillance approaches to ensure that the employees work within their mandate, at BOA, key logger intrusion has been used as spyware. As at 2015, there were more than 1,000 reported instances in the organization in which the spyware intrusion system was used, and sensitive information was obtained (Naudet, Mayer & Feltus, 2016).
Distributed Denial-of-Service Attack
Denial of Service (DoS), in reference to Peltier, (2016) is one of the top three threats to financial institutions. As such, financial institutions in the present environment are facing DoS attacks that are causing loss of money due to the evident loss of customers. According to Peltier, (2016) DoS is one of the most common attacks that happen in the banking sector. DoS comprises of many “Zombie” computers that launch a specific attack to a given system. Through the attack, there is the construction of a computer network that self-propagates and launches more attacks. The attacks are mainly focused on the customer service process (Naudet, Mayer & Feltus, 2016). As such, the packets sent to a given system by the “Zombie” computers translate into extensive intrusion and significant impact on the continuity of the service delivery process. The intrusion translates into a significantly impeded service delivery process. From the analysis of BOA, the intrusion may lead to failure to transact with the customers and business partners. In reference to Peltier, (2016) after espionage and terrorism, FBI ranks DoS as the third most dangerous form of threat to the banking sector.
Intrusion is one of the vulnerabilities of Bank of America. As such, intrusion denotes the illegal and unwarranted entry of individuals or organizations into a secured environment. As vulnerability, intrusion denotes the violation of the given security of the system with a focus on obtaining data, money, and sabotaging operations. In the banking sector, the intrusion has led to an environment that for extensive investment in security systems geared towards management of data and ensuring that no outside organizations or individuals can enter the secure organizational systems (Oh, Kim & Cho, 2016).
Influence of Crime and Criminology and Applicable National and Global Issues
It is evident that there are significant threats and vulnerabilities that influence the operations of BOA. As such, from the national and global perspective, the increase in cybercrime has been attributed to the heightened level of investment in secure systems. In reference to Naudet, Mayer & Feltus, (2016) cybercrime has become the second most persistent and impactful economic crime within the financial sector. As a banking and financial institution, BOA has had to acknowledge the increasing threat and vulnerability since it forms a prime target. Therefore, as the cyber criminals focus on finding innovative ways to attack or breach, the threat patterns of spear phishing, intrusion, and social engineering have become contemporary facets of concern. Financial organizations such as BOA have become increasingly aware of the need to find solutions that offer effective avenues to assess the different vulnerabilities in a real-time manner to ensure comprehensive safeguards are implemented.
In the present environment, cybercrime is the most persistent form of criminal activity that is translating into the need for BOA to adopt effective measures. As a clear example, BOA has its cybercrime department whose responsibility is to ensure that compliance and comprehensive research and development prevail to obtain information on the industry standards in tackling the crime. From the perspectives of BOA’s cyber security department, it is clear that the threats of cybercrime have led to the heightened level of research and development to maintain relevance and implement safety measures that counter any threat (Duncan, Zhao & Whittington, 2017). In a world where there is a constant development of malicious ware, it is paramount for the cyber security departments to implement effective safeguards.
One of the most effective initiatives by the organizational cyber security department has been the investment in patch management. As such, patching entails the implementation of software to ensure constant update and fix any form of vulnerability and bugs in a security system. In the banking system, the investment in patch management has become the most applicable initiative to ensure success in offsetting any vulnerability (Duncan, Zhao & Whittington, 2017). From the analysis of BOA, the organization appreciates the notion that any unpatched system is a fundamental threat and a leading cause of vulnerabilities. Cyber criminals have leverage in the instance that there is the unpatched system. Accordingly, in the criminal world, cyber criminals embark on constant testing of the network parameter to exploit any form of weakness in the organization (Duncan, Zhao & Whittington, 2017). In the instance that weakness is evident, there is exploitation and infiltration which translates into data breach or loss of money. Therefore, emphasis on addressing any contemporary form of cybercrime is paramount for organizational success in the banking and finance sector.
Data security is paramount for
organizations in the banking sector. From the above analysis of BOA, the
investment in an extensive analysis of the security systems is necessary to
mitigate any form of threat or vulnerability. With the increasing prospect of
cybercrime, it is necessary to adopt effective initiatives to ensuring above
par security systems. Therefore, adoption of approaches such as patch
management should heighten the level of information system security at BOA.
Duncan, B., Zhao, Y., & Whittington, M. (2017). Corporate Governance, Risk Appetite and Cloud Security Risk: A Little Known Paradox. How Do We Square the Circle? Cloud Computing 2017, 149.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: Guidelines for effective information security management. CRC Press.
Naudet, Y., Mayer, N., & Feltus, C. (2016, August). Towards a Systemic Approach for Information Security Risk Management. In Availability, Reliability, and Security (ARES), 2016 11th International Conference on (pp. 177-186). IEEE.
Oh, E., Kim, T. S., & Cho, T. H. (2016, August). Development of Information Security Management Assessment Model for the Financial Sector. In International Workshop on Information Security Applications (pp. 186-197). Springer, Cham.
