MORE MONEY BANK

MORE MONEY BANK

Executive summary

Computer security is a major concern that brings headache to those who are involved in it. It has come to the attention of many Information Technology staff globally. As a result, there is no time when they are bound to rest since there are ever emerging threats in the computer world. In this research paper, I will be focusing on the question that states the potential threats that More Money Bank faces. In addition, recommendations to what can be done to improve the security standard will later be discussed with management.

Table of Content

Introduction ….…………………………………………………………………………4

Attack Tree ……………………………………………………………………………….5

Explanation of the Attack Tree ………………………………………………………….6

Conclusion ……………………………………………………………………………….9

References ……………………………………………………………………………….10

Bibliography…………………………………………………………………………….12

Introduction

If an organisation does not consider systems security as a critical issue in the day – to – day running of the organisational activities, then such an organisation risks being a threat to attacks. This report will start by an illustration of the coded attack tree, which will give an overview of the general security performance of the More Money Bank. After the illustration, there will be an explanation which will state the analysis of the potential threats that are available.

When the threats are identified, the greatest deal of service will be in making key recommendations to the management of the More Money bank in an effort to quickly come up with lasting solutions that will help the organisation from potential threats. I will then draw some conclusive remarks based on my findings of this research as well as the recommendations made. One assumption that would like to make is that the organisation does not have much knowledge about security threats therefore, there are potential insider threats as well that the organisation should be aware of and should not entirely rely on staff to make manage the operations of the firm.

Attack Tree

Key

P – Possibility of a breach

I – Impossible to have a breach

In the More Money Bank, there are quite substantial amounts of security threats, which can be used by unauthorized people to gain information from the systems. The employees (Elm et al., 2008, p. 3) pose the first and the most critical threat. It has been proved repeatedly that employees are the single most dangerous threat that an organisation can ever face (Elm et al., 2008, p. 3). This means that the employees can interfere with the systems and conduct malicious activities without the knowledge of the management while they apparently conduct their day-to-day activities. In the case study of More Money Bank, the fact that all the employees have access to the main server means that the server is not secured at all from the insider threat. The employees can change the security architecture of the Legacy network leading to data breach as well as creating loopholes within the systems where outsiders can gain access to the network systems (What is spoofing, 2010).

Each of the users should be awarded a login address and a password, which restricts the user to whichever locations they are meant to be working on only (Gurbani & McGee, 2007, p. 9). There should be real-time systems monitoring technique that ensures that the system’s incoming threats are seen before they can cause any damage to the systems as well as having better systems restore systems in place.

Systems information has a potential of being a threat if the software and the hardware that was used does not come from an authentic manufacturer as was the case with the U.S intelligence unit where it was discovered that about twenty five percent of the CISCO network telephones were not authentic and this could have been the major cause of a breach that saw about one hundred hard disks unclassified information drained from those hard drives (Clarke & Levis, 2009).

Spoofing is the malicious program modification in such a way that the modified program seems to function in the normal way while in essence the program has been changed (Clark & Levis, 2009). This is more applicable in IP addresses, Caller Ids, Website contents, Emails as well as phishing fraudulent acquisition of sensitive information and Pharming IP Redirection to malicious sites and destinations. Spoofing can be made possible by the application and coding using DHTML (www.blurtit.com).

Hacking is the illegal access into another person’s computer system without that person (s) consent (www.blurtit.com). Hacking is one of the greatest threats that are classified as cyber attacks (Clark & Levis, 2009). In the More Money Bank, there is no software of firewall settings that have been put in place to counter the hackers’ threat and this is a great danger.

An individual with basic computer programming skills can be a potential threat in that such a person can gain access to the system.

Simply because they have been having backup for their data does not mean that they have a more secure backup. DVDs are no good for keeping customer information without the information being encrypted (Schneier, 1999), (Patterson, 2010, p. 1767 +), (Gurbani & McGee, 2007, p. 9), and (Sherstobitoff, 2008, p. 249).

Introduction of authentication systems like the X. 509 Certificate, which verifies the authenticity of the sender of the data to avert malicious softwares and other tracking programs, is not enough as spoofing is possible (Gurbani & McGee, 2007, p. 9). Data that is being backed up should be encrypted first to avoid the chances of having the information leaked into the outside world where such information can be used to gain access and meddle with the affairs of the bank (Patterson, 2010, p. 1768 +) and (Gurbani & McGee, 2007, p. 9).

Introduction of antivirus softwares, which scan the systems environment and ensures that there is no malicious softwares and spywares (Stafford & Urbaczewski, 2004; Luo, 2006, p. 42). It should however be noted that antivirus softwares are not secure enough for the organisation. This is b.............