Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Unauthorized Information Systems Access
Scan the Internet for articles or evidence of Bank of America being a victim of hacking. Based on the results of your search, if the bank has been hacked, assess the circumstances around the hacking and the resulting impact to the bank's customers and operations. If the bank has not reported hacking incidents, assess the most likely security measures that the bank has implemented to protect the business from hackers.
Bank of America has experienced many data breaches in the past, yet the most troublesome are the ones where customers' data is stolen and immediately resold on the black market by employees. There are also those instances where employees and subcontractors gain unauthorized access to ATMs and steal money. These are two of the recent incidences of how the Bank of America security systems and processes have been hacked by employees and those operating in the trust of their business (Adams, 2011). The first instance involved a Bank of America employee who gained access to a wealth of customer data that included names, addresses, Social Security numbers, driver's license numbers, birth dates, e-mail addresses, mother's maiden names, account passwords and PINs, even account balances (Adams, 2011). In the second instance a series of seven Bank of America ATMs were broken into by a former contractor with Diebold Inc. (Adams, 2011). Clearly in both of these situations Bank of America had failed to put into place a series of controls that would mitigate the ability of their employees to gain access to customer data. They had also failed to define a process for revoking access to their ATMs to former contractors. This could have potentially been disastrous if the Diebold employee taught a gang or group how to steal the cash out of ATMs. Bank of America was fortunate to have only a $200,000...
In order to protect itself from the potential breach by their own support and customer service staff, Bank of America needs to complete an access audit periodically and seek to define a suitable strategy for managing this risk. There also needs to be more role-based approach to defining who, why and for what purpose a given employee can gain access to the customer data, as this is the essential aspect of security governance (Twum, Ahenkora, 2012). Bank of America also needs to randomly audit the overall security levels for its entire ATM network, ensuring subcontractors cannot get access to systems they are not scheduled to replenish with cash or provide maintenance on. The use of role-based and maintenance service request authorizations as part of a broader enterprise security strategy is essential in diverse operating networks and service organizations (Coppotelli, 1982).
As an IT auditor of Bank of America, create an information security strategy for the bank indicating how implementing this strategy will minimize the risk of the business systems being hacked.
Beginning with a role-based access framework, the proposed information security strategy would center on the need for greater real-time metrics of access, periodic and often unannounced audit of security level performance and monitoring, and a continual re-evaluation of how the system's metrics could be used for deterring fraud. All these of these aspects of an information security strategy are critical to creating a scalable, secure enterprise deterrence and monitoring security platform (Coppotelli, 1982).
In conjunction with these strategies, Bank of America needs to create a security strategy that spans the scope of their value chain as well. In studies of online banking it has been found that using enterprise security…
References
Adams, J. (2011). Bank of America copes with two alleged insider breaches. Cardline, 11(22), 4.
Coppotelli, D.J. (1982). Information security strategy. Security Management, 26(5), 86-86.
Hulme, T. (2012). Information governance: Sharing the IBM approach. Business Information Review, 29(2), 99-104.
Twum, F., & Ahenkora, K. (2012). Internet banking security strategy: Securing customer trust. Journal of Management and Strategy, 3(4), 78-n/a.
Information System MIS stands for "Management Information System." It is one of the computer-based tools to manage organizational operations efficiently. It consists of software that managers' use in making decision, for data storage, in project management applications, for records and procedures for making customers relations etc. Nowadays most of the organizations have separate MIS department which is basically responsible for computer systems. MIS is also called "Information System" or "Information Technology."
Moreover, client management tools enable companies/organizations to manage better their computer systems, ensuring that the system is secure, and that all servers are functioning properly and are securely connected to its network. An example of an organization that has utilized client management tools is Microsoft Corporation, which specifically subscribed to FullArmor and DesktopStandard so that administrators of computer systems (i.e., users) can "manage, customize and lock down desktop and server
Accounting Information Systems have emerged as very famous components of modern businesses mainly because they offer beneficial and timely information to management in addition to being cost-effective. Generally, these systems are helpful in book account payables, cash transactions, receivables, and every other accounting function in an orderly manner. The need for an effective accounting information system in an organization is attributed to the huge volume of data handled by accounting
Components of an Accounting Information System Accounting Information Systems An accounting information system is a vital tool for any organization. The system will support the organization in making critical strategic and business decisions. Having a system that captures, records, processes, and records financial data for an organization will also reduce errors in billing and shipping. This paper analyzes the six main components of an accounting information system. An accounting information system is a
The greater availability of patient records can make it easier to create false claims, through electronic tampering. This is yet another risk of telemedicine, which must be guarded against through encryption and proper security infrastructure. Selling patient information to external entities? People with long-term diseases like diabetes, or even those only genetically predisposed to genetic conditions, could be denied job opportunities or refused health insurance "if information stolen from data banks
International Information System Security of a Global Enterprise IT Network Managing the security for an international network that supports key enterprise applications including marketing, sales, human resources, finance and administration across four continents must be coordinated with a strategic security information systems plan. The intent of this analysis is to show what some of the potential security threats are to managing a diverse IT network across diverse geographic locations, and what strategies