Technology Evaluation

User Generated

uxvz921

Computer Science

Description

Select one of the security technologies you identified in either P1 or P2. Research and evaluate its capabilities, costs, maintenance requirements, flexibility, and feasibility for implementation. The analysis should include pros and cons, potential barriers to success, vulnerabilities eliminated or reduced, convergence issues, first adopters (if the technology is new), and any other issues you deem important to consider. Use the technical evaluation methodology information obtained and discussed in previous courses such as CSIA 303 or 459.

The deliverable for this assignment will be a minimum 5 page, double-spaced paper using Times New Roman 12 font and APA style formatting for citations and references. It will also include a minimum of 5 references. The Title/Cover page, illustrations, and references are not part of the page count but are required for the assignment. The grading rubric provides additional details as to what should be included in the paper. Your instructor may provide an APA style template to use for this paper.


LOOK AT THE TWO ATTACHMENTS FOR P1 and P2

Unformatted Attachment Preview

Running head: CASE STUDY- GAP ANALYSIS Case Study-Gap Analysis P1 1 CASE STUDY- GAP ANALYSIS 2 Introduction As the use of computers and other digital devices have become very important for businesses like Bank solutions Inc, they have also become targets for attacks. It is therefore very important for businesses to ensure that they all the devices and systems that are used are not compromised in any way. Farooq et al. (2015) note that information security is all about protecting information and all the systems that are related to information from unauthorized access. The information security triad is made up of three aspects i.e. confidentiality, integrity and availability (CIA). Confidentiality is about ensuring that the information is not accessed or made available to people who do not have the authorization. Integrity is the surety that the information has not been compromised in any way. According to Farooq et al., (2015), availability means that the information can be accessed easily by those who have authorization Key Issues There are several issues that come out of the case study for Bank Solutions Inc. Failures in the backup process at one item processing center have not been solved and that means there could be irregularities in the backups. There is also the issue of there not being a clear policy on how the backups should be stored with some being stored in areas where they could easily be accessed or lost for example some are stored in safety deposit box, in a shed at the back of the building or in a safe at home. There has also not been any training that has been done for the critical participants on the use of DRBCPs. Power users in the organization have access and write passwords to the event logs. There is also no documentation regarding responsibilities of backup facilities. Key participants do not have a copy of the DRBP plan even though it is stored on the network. CASE STUDY- GAP ANALYSIS 3 Challenges One of the challenges that were faced by Bank Solutions Inc. was the inability for it to grow despite the fact that there was the opportunity for it to do so. For close to 15 years they enjoyed modest growth but were unable to expand outside the Northwestern region of the United States. They were also unable to compete with other service providers who had developed software that was proprietary and “top of the line”. The fact that the software was better than what was being offered by Bank Solutions meant that they could not compete effectively. Their customer base that was made up of loans and saving associations was also affected by the loans and saving crisis. Risks from the Case Study There were several risks that the Bank Solutions Inc. system. One of the risks was that it was operating on software that had been last updated 2009 and there was a risk that it could fail at any time. The testing activities on the DRBCP was last done in 2007 and the item processing of the BRBCP has not been done so one cannot tell how effective it is. Since not all the key participants have a copy of the plan, it is possible that they would not know what to do in the event that something failed in the system. The use of DRBCPs is not being done as it should since critical participants have not been trained and they are therefore not using it as it should be. Recommended Security Strategy It is important for any organizations to ensure that its data is always protected. The process of creating the security strategy should be followed and the strategy should include a detailed look at the environment the system is existing in. the first step in the creation of the security strategy will involve the completion of a security inventory that will take stock of all the programs and people that will need to be accounted. A review of the security current CASE STUDY- GAP ANALYSIS 4 security goals and policies will also be done and finally, the security framework will be created (Knapp et al., 2009). The security strategy to be implemented will need to focus on the elements of people, process, and technology equally in order for it to be successful. The people employed will need to be highly experienced and capable of handling the roles assigned to them. The processes used in the organization will need to be well defined, flexible and easily adaptable. The technology that is used will also need to be advanced, very innovative and very secure so as to protect the information of the organization. The security strategy will involve making changes to the current staff in order to make sure that the correct staffs are the ones who have been engaged in the organization. A review of all the processes used within the organization will also be done and ensure that they are standardized across all the item processing facilities. The technology in use will also be tested and updated so that the most recent and secure version of the applications is what will be in use. The technology will also need to be updated on a regular basis to take advantage of the new features (Kuusk et al., 2015). Proposed Security Solutions It is important for the management of Bank Solutions to ensure that the security of the system is well maintained. Based on the key security issues in the case study, the first thing that should be done is to ensure that all the software that is in use is tested to check for any faults that could make it vulnerable. The software should also be updated so that the latest version should be the one in use. The backup process should be standardized across all the branches and should be done on a regular basis and the backups should be stored in safer locations as opposed to the current ones being used and managers at the various item processing facilities should not be tasked with contracting storage for offsite backups. Power CASE STUDY- GAP ANALYSIS 5 users who have access to the event longs should also not have write access to the logs in order to prevent them from also making the changes to the logs. Proposed Timeline In order for the security strategy to be effective, it is important to understand the importance of the key elements of the organization and which threats can affect the business. There will be the need to define the responsibilities and roles of the staff that works within the organization. The top management will also need to identify staff or hire staff who possess the relevant skills to work with the system effectively. Those who not possess the skills will be trained on the concepts of a secure system and other concepts like integrity, confidentiality, and privacy. The efforts will have to be extended to ensure that the entire workforce has been fully trained and are also aware of what their duties and responsibilities are when using the system. All the processes of the item processing cycle will be assessed for effectiveness and any areas that need improvement will be identified and taken care of. Since also the organization also interacts with the external environment, a procedure of checking their security and compliance will be created. It will also be important for the documents that have the policies of the organization, procedures, contracts and any other key documents should be examined and the necessary changes should be made. Recommendations In order to mitigate the risks that have been identified, the following recommendations can be considered. The organization should seek to review and make the necessary changes to its policies regarding how regular backups should be done, how they should be done and where they should be stored. A company that provides backup services can be contracted to store the backups. The management needs to come up with measures and CASE STUDY- GAP ANALYSIS 6 effective supervision in order to make sure that the new backup policies are properly implemented. In order to make sure that the software applications that are in use are updated, it is recommended that a policy should be put in place that will indicate how the updates will be done. This will enable uniformity of updates and also reduce errors done by staff when updating. The management should also ensure that all the key staff have a copy of the DRPCB plan and also are aware of what it contains. This will provide the staff with a reference note and also help them to own the plan. The contracting of offsite storage facilities should be done by the top management through a process that will allow them to get the best backup storage service provider, this will help in ensuring that the security of the backups is guaranteed. The process should not only focus on costs but also take special keen on the efficiency, capacity, and durability of the backup storage. The people who have passwords for event logging should also not be the same ones who have the write access passwords so as to prevent any manipulation of the event logs (Stallings et al, 2012). Conclusion The successful implementation will ensure that the security of the data is guaranteed. The creations of a security strategy is not a one-time activity and the management of Bank Solutions Inc. should do assessments on a regular basis for example quarterly in order to be able to measure how effective the measures that were implemented are. All the staffs that are assigned various roles and responsibilities should be held reliable for the success or failure in their assigned areas. In the case of any changes within the organization, the strategy should be revised to reflect those changes (Peltier, 2016). CASE STUDY- GAP ANALYSIS 7 References Farooq, M. U., Waseem, M., Khairi, A., & Mazhar, S. (2015). A critical analysis of the security concerns of the internet of things (IoT). International Journal of Computer Applications, 111(7). Knapp, K. J., Morris, R. F., Marshall, T. E., & Byrd, T. A. (2009). Information security policy: An organizational-level process model. Computers & Security, 28(7), 493508. Kuusk, A. G., & Gao, J. (2015). Consolidating People, Process, and Technology to Bridge the Great Wall of Operational and Information Technologies. In Engineering Asset Management-Systems, Professional Practices and Certification (pp. 1715-1726). Springer, Cham. Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. Stallings, W., & Brown, L. (2012). Computer security. Principles and practice (2 nd ed). Edinburgh Gate: Pearson education limited. BANK SOLUTIONS DISASTER RECOVERY AND BUSINESS CONTINUITY P2 Bank solutions disaster recovery and business continuity plan need review this is because of the risks that the business exposed to at the current status of operations. Considering that its growth and success has attracted a leveraged buyout, there is the need for the Chief information officer and its team of experts to implement far-reaching controls to mitigate risks that Bank solutions may face or reduce their attractiveness to investors. Bank solutions core business is disaster recovery and business continuity this is only achievable with above operations that mitigate possible risks. Several risks identified by interviewing personnel and management of Bank Solutions. The risks identified include; the first potential risk is that majority of the senior executives are almost retiring there is not session plan in Bank Solutions to ensure business continuity. To mitigate this Bank solution, need to review its in-house human capital and identify the second generation of executives that can take over leadership even in the event of the buyout to ensure business continuity. The second-generation leaders of Bank Solutions need to be trained, mentored and supervised delegation program instituted to gauge their competence in business continuity. Secondly, the backup facilities servers are shared resources this is a risk. Mitigating the risk, there is need to have dedicated servers for backup services that are regularly updated and have adequate security features. Thirdly, the list of individuals with access to servers is a risk. There need to be different levels of access to the servers that gives final administrative authorization to a few people captured through a request process (Stallings et al., 2012). Fourthly, the manual maintenance of an incident tracks is a risk because there is exposure to human error. To mitigate this, there is need to generate the episode tracks with manual records as backup automatically. Fifth, the data centers processes have not been tested recently. Bank Solutions have no records of any lapses in their security systems. Operationally there is need to routinely test operations and security procedures with the aim of improving processes and security. Sixth, the customization of the item processes facility not completed. The customization needs to be fast-tracked to generate information that the management can use for improvement. Seventh, the persons that are critical to the disaster recovery and business continuity plan (DRBCP) all need to be trained on the procedures to prepare them for any eventuality. Some participants have not been taught and are not aware of their responsibilities. Eighth, all participants need to be knowledgeable and capable of implementing DRBCP to reduce the risk of exposure. Ninth, it has been reported that power users have access to the backup facilities in addition to having access to logs routinely. The power users are a threat to Bank solutions data and storage systems. There is need to control this access by having procedures of requesting access, and when temporary access issued, it is under supervision. Tenth, there is no policy on Bank solutions in the storage of backup tapes. Bank solutions need an elaborate system of backup data storage that all data centers, backup facilities, and all operations need to adhere. Room in a bank vault of all information is a possible policy that can be installed and implemented to reduce the risk of exposure to clients' data. Bank solutions have active contracts with clients that need to be profiled and customized according to client's needs and volume of business to Bank solutions. Prioritization will help Bank solutions to allocate its scarce resources are serving their valued customers. The workflow processes are not transparent. Bank Solutions has a pool of human resources capital in the form of system engineers, network architects, and data center managers that it can use to improve the workflow to improve operations, security, and systems operability. The system needs to be simple, secure and have the capacity for upgrading according to the changing needs. Security is a fast-changing business due to technological changes. Bank solutions have proprietary assets that they need to register with relevant authorities to safeguard possible infringement by workers and business partners. Bank solutions need to incorporate nondisclosure agreements with their partners to protect their security systems and technologies. The workers (human capital) can be a source of risk. Business solutions need to have contracts with employees to safeguard copyrights and patents (Farooq et al., 2015). There are several governments security regulations that Bank Solutions need to comply. The Federal information security and management act (FISMA), this law was enacted in 2002 and guides the management and security of information. This bill is part of the E-government act of 2002 that enables the government to operate in the information technology space protecting citizens and businesses. The need for certification and accreditation will help Bank solutions recognized in the financial sector. The act includes provisions for plans for security, responsibility of officials and authorization of their actions to manage and secure information. There are other acts standards for security categorization of federal data and information system (FIPS publication 199). The government additionally provides guidelines through Security certification and accreditation of national information system (NIST special publication 80037). Bank Solutions have overcome over-reliance on one business segment in the past which was a significant risk. Bank solutions need to diversify in the significant financial sector services with its experience and reputation in the market. The location risks in its operations that hampered Business Solutions expansion into the Northwestern United States need to pursue continued growth. The new technologies that Bank Solutions are developing are essential both for business continuity and business growth. This report has addressed the operational risks, security risks, technological risks and human capital risks and suggested the risk mitigation measures that Bank Solutions need to implement to overcome disaster and guarantee business continuity. The implementation of increased controls, improved operational efficiencies that are secure and efficient will increase Bank Solutions market value to the potential investors and also better security and services to its valued clients. Mr. Douglas Smith the CIO need to constitute a team that will spearhead operational and safety changes that will make Bank solutions secure, highly efficient and with systems that can be operationally supportive of the business. Lastly, for remote access, Bank Solutions need to have levels of access to the request for access provided by the managed system administrator that records during of access provided and for what purpose. There is additional need for a redundancy system in case there are delays or operational challenges that can support continuation of operations at Bank Solutions. Diversified business operations at bank Solution which add value to current clients’ calls for joint solutions development aimed at customer needs in the fast-changing technology space. The future of Bank Solutions tied to how fast it responds to business challenges and developing effective operational procedures that are simple, secure and trusted. The functional system as much as they are automated there is the need for administrative control of access especially to servers and backup centers. A leveraged buyout is a possible avenue for Bank Solutions to realize gains on the equity, but it should not come at the expense of business continuity with current client contracts. In conclusion, bank solutions disaster recovery and business continuity plan need review this is because of the risks that the business exposed to at the current status of operations. Several risks identified by interviewing personnel and management of Bank Solutions. The risks identified include; the first potential risk is that majority of the senior executives are almost retiring there is not session plan in Bank Solutions to ensure business continuity. Bank solutions have active contracts with clients that need to be profiled and customized according to client's needs and volume of business to Bank solutions. Prioritization will help Bank solutions to allocate its scarce resources are serving their valued customers. Security is a fast-changing business due to technological changes. Bank solutions have proprietary assets that they need to register with relevant authorities to safeguard possible infringement by workers and business partners. The need for certification and accreditation will help Bank solutions recognized in the financial sector. The act includes provisions for plans for security, responsibility of officials and authorization of their actions to manage and secure information. The implementation of increased controls, improved operational efficiencies that are secure and efficient will increase Bank Solutions market value to the potential investors and also better security and services to its valued clients. Bank solutions core business is disaster recovery and business continuity this is only achievable with above operations that mitigate possible risks. References Burke, Trevor. (2003). United States IT security laws: A guide to IT security legislation and contractor responsibilities. https://www.sans.org/reading-room/whitepapers/legal/us- government-security-laws-1306 Farooq, M. U., Waseem, M., Khairi, A., &Mazhar, S. (2015). A critical analysis of the security concerns of the internet of things (IoT). International Journal of Computer Applications, 111(7). Stallings, W., & Brown, L. (2012). Computer security. Principles and practice (2 nd). Edinburgh Gate: Pearson education limited.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

please find the attached file. i look forward to working with you again. good bye

Running head: DISASTER RECOVERY AND BUSINESS CONTINUITY

Bank Solutions Disaster Recovery and Business Continuity
Name
Institution
Course
Tutor
Date

1

DISASTER RECOVERY AND BUSINESS CONTINUITY
Bank Solutions Disaster Recovery and Business Continuity
Introduction
Financial institutions require advanced and streamlined technology systems that will
guarantee them security from any conflicting issues. Global crises such as cyber terrorism,
financial recession, and natural occurrences such as tsunami have shown that banks and micro
finance entities can easily be compromised (Brandon, 2011). Therefore, majority of bank
stakeholders are demanding that businesses should have business continuity and disaster
recovery plan in their risk management to prevent organizations from being interfered with
disasters. There are numerous advantages that are associated with an office business continuity
and disaster recovery plan. Some of these advantages include but not limited to: protection of
organizational assets, minimization of legal liabilities, enhancement of trust and confidence
among customers and other important company stakeholders (Drennan et al. 2014). Despite of
notable problems that are associated with bank solutions disaster recovery and business
continuity plan, it is prudent embracing high level technology to ensure that business security is
fully attained for realization of a unique competitive advantage in a particular industry.
Capabilities, Costs and Maintenance Requirements
Capabilities
Disaster recovery and business continuity technology involve a range of policies, tools
and procedures of essential technology to ensure that human and natural catastrophes are fully
addressed. This will focus on information technology systems having capabilities to support
critical business functions such as prevention of cyber security threats, unauthorized access to
crucial financial information and gaining illegal access into financial systems of organizations
(Hurley, 2015). Business continuity plan entails use of technology to keep aspects of a business

2

DISASTER RECOVERY AND BUSINESS CONTINUITY

3

in a functional mode even if disruptive events have been realized. Disaster recovery technology
enables businesses to have data backup computer centers so that there is easy retrieval of
financial information should there be any technological and techni...


Anonymous
Great content here. Definitely a returning customer.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags