You are the information security manager (ISM) of a financial and savings organization (NCU Financial Savings Bank, or NCU-FSB) with a clientele base of 250,000 customers averaging 1.2 million transactions per week. The IT infrastructure consists of 10 servers for each of the three locations: five for local production and five for replication and redundancy. After a recent vulnerability assessment performed by an external firm, specific threats and vulnerabilities were identified and needed to be addressed. The conceptual network diagram for NCU-FSB is shown below: Figure 3. NCU Financial Savings Bank Network Conceptual Diagram Among the findings reported are: • MAC address conflicts that need to be resolved. • Security warnings coming from the proxy and email servers. • Employee collusion in certain processes that can result in a significant financial loss to the organization. • Inconsistencies in data transmissions. • Attacks detected from external international sources caused by multiple critical servers that have been compromised due to vulnerabilities in the operating system, where the presence of additional services, opened ports, additional dynamic link libraries (DLL’s), additional files and scripts added to the system partitions, and critical data missing from the server issues were detected. As the newly hired ISM of the organization, you have been tasked by the board of directors to write a paper about what is involved in performing a security risk assessment. You decided to introduce separation of duties (SOD) to reduce any collusion, but you recognize this could lead to an increase in the number of employees within your team. Budgetary constraints are against the addition of employees in your department. As the ISM, write a paper presenting the results of your analysis and initial data discovery (eDiscovery) in which you will answer the following questions: • What solutions can you employ to reduce or even eliminate the possibility of collusion in the financial organization? • What actions or changes in server setting and configuration must be made to avoid MAC address collision and server compromise? In your paper, you should address the following: 1. An introduction that will address the essence of a security risk assessment. In this introduction, you will explain and defend the importance of having a risk-management program in place, the main elements of a risk program, and the benefits derived from incorporating this strategy as part of the corporate security program. 2. Different regulatory requirements that warrant a security risk analysis. 3. Taxonomy of risk elements for cyber-risk management as part of the security risk analysis. Define the concept of taxonomy and its importance as part of the risk assessment and management process. Develop a table and relation diagram. 4. Information that is needed to initiate a security risk analysis—eDiscovery process flowchart and explanation. Length: 5-7 pages not including the cover page and references References: Include a minimum of 5 scholarly resources Your essay should demonstrate thoughtful consideration of the ideas and concepts that are presented in the course and provide new thoughts and insights relating directly to this topic. Your response should reflect graduate-level writing and APA standards. Be sure to adhere to Northcentral University’s Academic Integrity Policy.
#Sales Offer!| Get upto 25% Off: