Posted on

Information Security Risk Assessment paper on a Global Finance Company_Answer

Information Security Risk Assessment paper on a Global Finance Company_Answer

Information Security Risk Assessment paper on a Global Finance Company_Answer

Information Security Risk Assessment paper on a Global Finance Company_Answer

Information Security Risk Assessment paper on a Global Finance Company_Answer

Information Security Risk Assessment paper on a Global Finance Company_Answer

Information Security Risk Assessment paper on a Global Finance Company.

ASSIGNMENTS

 Identify and describe the organizational authentication technology and network security issues.
 Make a list of access points internal and external (remote).
 Design a secure authentication technology and network security for GFI.
 Make assumptions for any unknown facts.
 List all known vulnerabilities you can identify in this environment and address them by proposing
a new design. You may use any combination of technologies to harden authentication process and
network security measures.
 Address the CEO’s concern over the mobility security and design a secure mobile computing
(smart phones, tablets, laptops, etc.) in terms of authentication technologies and data protection.
 Identify wireless vulnerabilities and recommend what safeguards, authentication technologies, and
network security to protect data should be implemented.
 Design a cloud computing environment for the company with a secure means of data protection at
rest, in motion and in process.

GLOBAL FINANCE, INC. (GFI)
Global Finance, Inc. (GFI) is a financial company that manages thousands of accounts across Canada, the United
States, and Mexico. A public company traded on the NYSE, GFI specializes in financial management, loan
application approval, wholesale loan processing, and investment of money management for their customers.
GFI employs over 1,600 employees and has been experiencing consistent growth keeping pace with S&P averages
(approximately 8%) for nearly six years. A well-honed management strategy built on scaling operational
performance through automation and technological innovation has propelled the company into the big leagues; GFI
was only recently profiled in Fortune Magazine.
The executive management team of GFI:
Figure 1 GFI Management Organizational Chart
BACKGROUND AND YOUR ROLE
You are the Computer Security Manager educated, trained, and hired to protect the physical and operational
security of GFI’s corporate information system.
You were hired by COO Mike Willy and currently report to the COO. You are responsible for a $5.25m
annual budget, a staff of 11, and a sprawling and expansive data center located on the 5
floor of the
corporate tower. This position is the pinnacle of your career – you are counting on your performance here
to pave the way into a more strategic leadership position in IT, filling a vacancy that you feel is so
significantly lacking from the executive team.
There is actually a reason for this. CEO John Thompson believes that the IT problem is a known quantity –
that is, she feels the IT function can be nearly entirely outsourced at fractions of the cost associated with
creating and maintaining an established internal IT department; the CEO’s strategy has been to prevent IT
from becoming a core competency since so many services can be obtained from 3
rd
parties. Since the CEO
has taken the reigns two years ago, the CEO has made significant headway in cutting your department’s
budget by 30% and reducing half of your staff through outsourcing. This has been a political fight for you:
maintaining and reinforcing the relevance of an internal IT department is a constant struggle. COO Willy’s
act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology
combined with a diminishing IT footprint gravely concerned Jacobson, and he begged to at least bring in a
manager to whom these obligations could be delegated to. Jacobson’s worst nightmare is a situation where
the Confidentiality, Integrity, and Availability of the information system was compromised – bringing the
company to its knees – then having to rely on vendors to pull him out of the mess.

GFI has experienced several cyber-attacks from outsiders over the past a few years. In 2012, the Oracle
database server was attacked and its customer database lost its confidentiality, integrity, and availability for
several days. Although the company restored the Oracle database server back online, its lost confidentiality
damaged the company reputations. GFI ended up paying its customers a large sum of settlement for their
loss of data confidentiality. Another security attack was carried out by a malicious virus that infected the
entire network for several days. While infected the Oracle and e-mail servers had to be shut down to
quarantine these servers. In the meantime, the company lost $1.700, 000 in revenue and intangible
customer confidence.
There’s no question that the company’s CEO sees the strategic importance of technology in executing her
business plan, and in this way you share a common basis of principle with her: that IT is a competitive
differentiator. However, you believe that diminishing internal IT services risks security and strategic
capability, whereas the CEO feels she can acquire that capability immediately and on the cheap through the
open market. You’re told that CEO Thompson reluctantly agreed to your position if only to pacify COO
Willy’s concerns.

You are responsible for a corporate WAN spanning 10 remote facilities and interconnecting those facilities
to the central data processing environment. Data is transmitted from a remote site through a VPN
appliance situated in the border layer of the routing topology; the remote VPN connects to the internal
Oracle database to update the customer data tables. Data transaction from the remote access to the
corporate internal databases is not encrypted.
A bulk of the data processing for your company is handled by Oracle database on a high end super
computer. The trusted computing based (TCB) internal network is situated in a physically separated subnet.
This is where all corporate data processing is completed and internal support team has its own intranet web
server, a SUS server, an internal DNS, an e-mail system, and other support personnel workstations. Each
corporate department is segregated physically on a different subnet and shares the corporate data in the
TCB network.

ASSIGNMENTS

 Identify and describe the organizational authentication technology and network security issues.
 Make a list of access points internal and external (remote).
 Design a secure authentication technology and network security for GFI.
 Make assumptions for any unknown facts.
 List all known vulnerabilities you can identify in this environment and address them by proposing
a new design. You may use any combination of technologies to harden authentication process and
network security measures.
 Address the CEO’s concern over the mobility security and design a secure mobile computing
(smart phones, tablets, laptops, etc.) in terms of authentication technologies and data protection.
 Identify wireless vulnerabilities and recommend what safeguards, authentication technologies, and
network security to protect data should be implemented.
 Design a cloud computing environment for the company with a secure means of data protection at
rest, in motion and in process.

For instant digital download of the above solution, Please click on the “PURCHASE” link below to get the tutorial for Information Security Risk Assessment paper on a Global Finance Company_Answer

For instant digital download of the above solution or tutorial, please click on the below link and make an instant purchase. You will be guided to the PAYPAL Standard payment page wherein you can pay and you will receive an email immediately with a download link.

In case you find any problem in getting the download link or downloading the tutorial, please send us an email on mail@genietutorial.com