McBride Security Policy Security Policies and Recommendations for McBride Financial Services

McBride Financial Services has experienced increased consumer interest in its innovative and economical loan offerings and terms. With rising competition in the market, McBride is now aggressively working to boost market share through a renewed focus on customer service and simple and speedy loan processing (Fluss, 2009). While many automated processes in the financial sector can be convenient for customers, they can also present unique and significant security risks for companies (Compton, 2004). The following policies are aimed at covering certain critical security areas for the loan department at McBride Financial Services.

General Information Security

Sensitive information can be defined as a customer's full name, address, phone number, credit information, social security number, date of birth, mother's maiden name, employment and salary information, username/passwords combinations, or PIN ids (Bilich, 2000). All such information should be stored securely in order to help ensure confidentiality and thwart misuse, fraud, theft, and customer privacy violations.

All computer networks should receive a comprehensive review for reasonably foreseeable threats. These may include both internal and external threats such as unauthorized disclosure; misappropriation or alteration of customer information or accounts; improper disposal of sensitive information; unauthorized access to systems; work with third party vendors or service providers; and improper destruction of outdated electronic data and storage systems (Garratt & Keister, 2009).

Technical firewalls should be implemented, with consideration given to the many ways in which data systems can potentially...

Proper risk assessments should be conducted to strengthen potential areas of weakness posed by Internet connectivity. Both automated and manual processes should undergo a thorough and routine security audit to identify areas of vulnerability (Garratt & Keister, 2009).
Security Controls

Information security controls should be instituted to address any risks exposed during assessment (Ferreira & Andrade, 2011). Loan processing is primarily a back-office operation. At a fundamental level, back offices repetitively process large volumes of transactions. These processes can be simple steps such as posting payments, or complex, multi-step, multi-touch processes that span lengthy timeframes such as complex mortgages (Fan et al., 2010). The individuals involved in loan processing are many -- data entry clerks, loan agents, loan processors, accounts payable processors, closing agents, and loan officers.

Access controls that include passwords and classification levels should be implemented to allow only authorized individuals to view customer information and file management databases (Menconi & Desmond, 2000). In addition, access history should be recorded to allow the organization to monitor an employee's retrieving, downloading and sharing of sensitive records and other forms of data. Encryption for data in transit over networks will help safeguard sensitive information. All computer systems should feature anti-virus, Trojan detection, and other comparable safety measures to immediately quarantine and delete intrusive software or other attacks upon computer network (Ferreira & Andrade, 2011).

Paper records including loan applications, credit reports, and customer employment records…