Mini Case ( Belmont Bank)

Mini Case ( Belmont Bank)

Our text book define the Risk assessment as “The process by which one identifies threats, uses a methodology to determine the tangible or intangible exposures, and develops a sequenced list of the threats from the one having the highest risk to the one having the lowest risk”.

Belmont State Bank is dealing with financial accounts and transactions that are distributed over hundreds of branches through a central processing system in the headquarters. Data security is the ultimate goal in this case and all efforts should be concentrated on protecting the connectivity, integrity, and the availability. The critical elements here are :

a) Customer’s and Bank’s data.

b) The network.

My risk assessment will be based on this fact and the possible threats that may endanger one or more of the ‘CIA’ requirements. Threats can be of natural causes that will affect continuity, or intentional to gain unauthorized access to the bank’s vital data, accordingly the controls will be relative to the type and severity of those threats.

The vulnerable areas in the bank’s network that can be the target of any security breach are:

1- Branches Connections circuits (Dedicated or dialup)

2- Client’s computers

3- Teller’s computers

4- The ATM connections.

5- The Bank’s central server and network.

With reference to the statistical information in ch-11 of our text book (1) that summarizes the average frequency of the common threats and the average dollar loss value we can build our risk assessment matrix as shown below.

The controls are meant to help to prevent the threat if possible, and /or to minimize loss and provide alternatives that will guarantee continuous service.

Regarding the safety of vital data, the Bank needs to give more attention to its security systems, strong Authentications, secure and encrypted communications. Teller’s terminals need strong passwords (long alphanumeric) with frequent forced password change. on the other hand to...