This security plan is derived from the organization’s security policy, which is a principle that guides and defines the organization’s requirements towards achieving an appropriate computer and network usage, and involves procedures for detecting, preventing, and responding to all types of security incidents (Craig, 2016). Therefore, this Security Plan constitutes the “Standard Operating Procedures” relating to physical, cyber, and procedural security for all the systems of the organizations. A Bank, in this case Citigroup Bank is a commercial entity, therefore, the two security models: Biba’s Strict Integrity Policy and Clark-Wilson Security Models are more practical and more applicable for installation of enterprise security, because most of the applications hold commercial data. When the Security Plan will revolve around (but not limited to) these areas: Local Network, Remote network, Public network, and Partner access.
Data Security Accountability
The Security Plan has a framework that ensures that all the IT staff, other staff and management know their responsibilities, whereby each one knows which data is classified to which categories and who has access to which type of data. These categorization includes: internal data, general data, confidential data, and data that should be sent outside the organization.
The bank holds lots and lots of valuable and sensitive data including: account records for customers, bank statements, transaction accountability, contact information, purchasing history, social security numbers, phone numbers, addresses, and email addresses. All these will be secured through allocation of privileges and right to access and modify (Federal Communications Commission, 2016).
Security and Network Policies
Since the bank handles multiple data across different spheres across the network of the bank, data security policies regarding remote access of data and configuration of IP addresses. This is critical because data handled should be traceable through network components like switches and routers. This level also houses policies that define detection of any kind of intrusion of the network.
Scanning for Vulnerabilities
No network is 100% resistant to vulnerabilities. Therefore, the IT infrastructures should have capacity to scan for any form of vulnerabilities, prior to hackers exploit that in case they exist and expose the bank to risk. A daily routine application will be installed to check the bank’s network at scheduled intervals to detect any vulnerabilities.
The Process of Patches Management
System threats have been so frequent, therefore, regular implementation of codes will be done to eliminate any risks, vulnerabilities or threats to the system.
System Data Security Policies
As a global banking institution, servers and operating systems are the frameworks onto which all data is stored or moves around. This system data is very critical to data security. All servers running on the bank’s network must have rules related to management of access accounts, passwords, database access, firewalls and antivirus must have a guiding policy (Basani, 2016).
Staff Sense of Responsibility
While there will sufficient safeguard of all systems in terms of security, there is no doubt that breaches are likely to occur. In the event that they occur, there should be a policy that defines how it should be handled in terms of reporting and resolving the breach, and prevention from a reoccurrence. Therefore, the staff should be ready and willing to volunteer information in the event of a breach and provide their participation in an attempt to resolve the problems associated to the breach.
Central to succeeding in evaluating compliance with the security policy, the best method is to perform regular audits on all transactions performed by the staff and management. Trails will indicate whether there were attempts by users to access prohibited levels or illegal transactions were done that compromise data security. The more frequent the audits, the lesser the risks. For this Security Plan, an application that is capable of automation of audit and compliance workflow will be installed to help in the keep logs of audit trail and generating scheduled reports. Monitoring is not surveillance per se, but it is about detecting whether compliance is being met or violated (Ferry, 2015).
Account Monitoring and Control
It is not a coincidence that some or most of the security compromises constitute legitimate or inactive users within the systems. This occurs when for example some staff members are no longer working with the banks, but their accounts still exist and their might still have valid access to the same systems either remotely or via online platforms. The same people can exploit this loophole and continue to access the company’s systems and compromise the system. Therefore, there should be specific personnel within the IT department to monitor and control user accounts diligently, hence preventing illegal activity.
Security policies have capacities to include a variety of features and issues, like how the interrelated networks can be segments to hold different types of data, like the for the case of the bank: ATM servers, verses other transactions’ server. However, the most critical aspect of a security plan is that it has to clearly stipulate how the entire security of the organization, including monitoring all activities across the Information Technology Infrastructure, with the capability to detect any strange or suspicious activities. Secondly, this security plan will continue to be reviewed after every six (6) months, and it will undergo appropriate upgrades as soon as it is required by the changing organization’s software and infrastructure. In sum, preventing cyber-attacks can be achieved through a creation of a custom policy that links data security and data privacy.
Basani, V. (2016). Elements to Corporate Data Security Policies that Protect Data Privacy. Available at: https://www.securitymagazine.com/articles/87113-important-elements-to-corporate-data-security-policies-that-protect-data-privacy
Citi (2018). About Citi: Mission and Vision. Available at: https://www.citigroup.com/citi/about/mission-and-value-proposition.html
Craig, A. (2016). Developing a Security Plan. Retrieved at: https://slideplayer.com/slide/5859280/
Federal Communications Commission (n.d.). Cyber Security and Planning Guide. Available at: https://transition.fcc.gov/cyber/cyberplanner.pdf
Federal Trade Commission (2015). Careful Connections: Building Security in the Internet of Things. Available at: https://www.ftc.gov/system/files/documents/plain-language/pdf0199-carefulconnections-buildingsecurityinternetofthings.pdf
Ferry, P. (2015). Essential Elements of Continuous Monitoring (and why it matters). Available at: https://www.metacompliance.com/blog/the-5-essential-elements-of-continuous-monitoring-and-why-it-matters/
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more