Design a Custom Security Plan

Introduction

The Organization under study is Citigroup. The Mission of Citi is to provide innovative and cost-effective solutions that enable clients to succeed in their missions, while their vision is to be “a preferred Information Technology solution provider while promoting and maintaining the most qualified and diverse professional staff available in the industry (Citi, 2018). Therefore, the Security plan proposed will be aligned to these two critical facets of Citigroup Bank. 

Security Plan

This security plan is derived from the organization’s security policy, which is a principle that guides and defines the organization’s requirements towards achieving an appropriate computer and network usage, and involves procedures for detecting, preventing, and responding to all types of security incidents (Craig, 2016). Therefore, this Security Plan constitutes the “Standard Operating Procedures” relating to physical, cyber, and procedural security for all the systems of the organizations. A Bank, in this case Citigroup Bank is a commercial entity, therefore, the two security models: Biba’s Strict Integrity Policy and Clark-Wilson Security Models are more practical and more applicable for installation of enterprise security, because most of the applications hold commercial data. When the Security Plan will revolve around (but not limited to) these areas: Local Network, Remote network, Public network, and Partner access.

Don't use plagiarized sources. Get Your Custom Essay on
Design a Custom Security Plan
Just from $13/Page
Order Essay

Data Security Accountability

The Security Plan has a framework that ensures that all the IT staff, other staff and management know their responsibilities, whereby each one knows which data is classified to which categories and who has access to which type of data. These categorization includes: internal data, general data, confidential data, and data that should be sent outside the organization. 

The bank holds lots and lots of valuable and sensitive data including: account records for customers, bank statements, transaction accountability, contact information, purchasing history, social security numbers, phone numbers, addresses, and email addresses. All these will be secured through allocation of privileges and right to access and modify (Federal Communications Commission, 2016). 

Security and Network Policies

Since the bank handles multiple data across different spheres across the network of the bank, data security policies regarding remote access of data and configuration of IP addresses. This is critical because data handled should be traceable through network components like switches and routers. This level also houses policies that define detection of any kind of intrusion of the network.

Scanning for Vulnerabilities

No network is 100% resistant to vulnerabilities. Therefore, the IT infrastructures should have capacity to scan for any form of vulnerabilities, prior to hackers exploit that in case they exist and expose the bank to risk. A daily routine application will be installed to check the bank’s network at scheduled intervals to detect any vulnerabilities. 

The Process of Patches Management

System threats have been so frequent, therefore, regular implementation of codes will be done to eliminate any risks, vulnerabilities or threats to the system.

System Data Security Policies

As a global banking institution, servers and operating systems are the frameworks onto which all data is stored or moves around. This system data is very critical to data security. All servers running on the bank’s network must have rules related to management of access accounts, passwords, database access, firewalls and antivirus must have a guiding policy (Basani, 2016). 

Staff Sense of Responsibility

While there will sufficient safeguard of all systems in terms of security, there is no doubt that breaches are likely to occur. In the event that they occur, there should be a policy that defines how it should be handled in terms of reporting and resolving the breach, and prevention from a reoccurrence. Therefore, the staff should be ready and willing to volunteer information in the event of a breach and provide their participation in an attempt to resolve the problems associated to the breach. 

Terms of Use for Staff

At the point of employment or entry into the organization, staff ought to be sufficiently trained on terms of use of data and systems within the bank and defining clearly what constitutes acceptable use. Furthermore, it is critical that they are subjected to signing a policy document to be used for disciplinary measures should they deviate from what is stipulated in the policy (Federal Trade Commission, 2015). This means that the staff should know their responsibilities, roles, and what the organization expects of them. Communication to employees in writing should include: what is acceptable and what is not regarding use of company equipment and network resources; the penalties for violation, that their performance reviews will include the security aspect, and that all their activities are being monitored. 

Compliance Monitoring

Central to succeeding in evaluating compliance with the security policy, the best method is to perform regular audits on all transactions performed by the staff and management. Trails will indicate whether there were attempts by users to access prohibited levels or illegal transactions were done that compromise data security. The more frequent the audits, the lesser the risks. For this Security Plan, an application that is capable of automation of audit and compliance workflow will be installed to help in the keep logs of audit trail and generating scheduled reports. Monitoring is not surveillance per se, but it is about detecting whether compliance is being met or violated (Ferry, 2015). 

Account Monitoring and Control

It is not a coincidence that some or most of the security compromises constitute legitimate or inactive users within the systems. This occurs when for example some staff members are no longer working with the banks, but their accounts still exist and their might still have valid access to the same systems either remotely or via online platforms. The same people can exploit this loophole and continue to access the company’s systems and compromise the system. Therefore, there should be specific personnel within the IT department to monitor and control user accounts diligently, hence preventing illegal activity.

Conclusion

Security policies have capacities to include a variety of features and issues, like how the interrelated networks can be segments to hold different types of data, like the for the case of the bank: ATM servers, verses other transactions’ server. However, the most critical aspect of a security plan is that it has to clearly stipulate how the entire security of the organization, including monitoring all activities across the Information Technology Infrastructure, with the capability to detect any strange or suspicious activities. Secondly, this security plan will continue to be reviewed after every six (6) months, and it will undergo appropriate upgrades as soon as it is required by the changing organization’s software and infrastructure. In sum, preventing cyber-attacks can be achieved through a creation of a custom policy that links data security and data privacy.

Reference

Basani, V. (2016). Elements to Corporate Data Security Policies that Protect Data Privacy. Available at: https://www.securitymagazine.com/articles/87113-important-elements-to-corporate-data-security-policies-that-protect-data-privacy

Citi (2018). About Citi: Mission and Vision. Available at: https://www.citigroup.com/citi/about/mission-and-value-proposition.html

Craig, A. (2016). Developing a Security Plan. Retrieved at: https://slideplayer.com/slide/5859280/

Federal Communications Commission (n.d.). Cyber Security and Planning Guide. Available at: https://transition.fcc.gov/cyber/cyberplanner.pdf

Federal Trade Commission (2015). Careful Connections: Building Security in the Internet of Things. Available at: https://www.ftc.gov/system/files/documents/plain-language/pdf0199-carefulconnections-buildingsecurityinternetofthings.pdf

Ferry, P. (2015). Essential Elements of Continuous Monitoring (and why it matters). Available at: https://www.metacompliance.com/blog/the-5-essential-elements-of-continuous-monitoring-and-why-it-matters/

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more
Live Chat+1(978) 822-0999EmailWhatsApp

Order your essay today and save 20% with the discount code LEMONADE