Scenario: You are the chief information security officer (CISO) for the VL Bank based in Atlanta, Georgia. Recently, a highly sophisticated and cleverly orchestrated crime was brought to your attention by the information security analysts in your department and by a growing number of business customers.
Your company’s commercial customers utilize a digital certificate multifactor authentication process to access wire transfers, cash management, deposit operations, and account management applications common to all business customers. The problem is that several customers have reported that new user accounts have been set up under their names without their authorization and these accounts are initiating.
The main term used in risk analysis Digital certificate multifactor will be defined and will be covered along with risk mitigation . A discussion of acceptable and unacceptable risk and how to follow specific federal best practice standards for securing communications and preventing cybercrime , provide a cybercrime prevention strategy using National Institute of Standards and Technology (NIST) federal guidelines.
Digital Certificate :
The most common method for authentication E-commerce transaction is via the exchange of digital certificates. Its contain digital signature which is unique representation of the certification authority. The digital signature is a distinctive mark that cannot be replicated by another entity. When affixed to a digital certificate, the certificate authority's signature affirms that the registration and issuance process requirements have been satisfactorily met by the applicant, and that the identity of the certificate holder is valid as represented. Per example login to secure bank site involve in following steps:
1- Login :user name , password XXX PIN number
2- Security questions with unique responses containing a minimum of five (5) characters.
3- Download a digital certificate that will uniquely identify your computer.
1-. Discuss how two laws or regulations apply to the case study.
VL Bank has a duty not just in regards XX XXX own reputation but also regarding industry wide safeguards to investigate and report on recent incidents concerning unauthorized money transfers.
While there is a variety of information contained in the report concerning these issues, it is firstly necessary to clarify the current legal position for two laws:
A - Data protection and privacy concerns
Data protection is one of the essential fundamental rights and has to be preserved in a digital world as in the former analogue society. There must be an deep investigation for threats to society, internal and external, but fundamental rights such as privacy must be considered of great value for a democratic society and must be available for all persons on an equal basis. For a better understanding of the concept of privacy I refer to the following dimensions:
* Privacy of personal behaviour. This relates to all aspects of behaviour, but
especially to sensitive matters, such as sexual preferences and habits, political
activities and religious practices, both in private and in public places
* Privacy of personal communications: Individuals claim an interest in being able to
communicate among themselves, using various media, without routine monitoring of
their communications by other persons or organisations
* Privacy of personal data: Individuals claim that data about themselves should not
be automatically available to other individuals and organisations, and that, even where
data is possessed by another party, the individual must be able to exercise a
substantial degree of control over that data and its use
B - Financial services security:
Information is the lifeblood of financial services. The need to securely exchange content has become more important than ever given the increased use of the Internet to distribute content, and...
References: -Clinch, J. (2009, May). Best Management Practice. ITIL V3 and Information Security, Retrieved May 30, 2011
- SANS Institute InfoSec Reading Room. (2006). An Introduction to Information System Risk Management, Retrieved Jun 16, 2011
- United States Federal Law H. R. 2458—48 (2002). Federal Information Security Management Act of 2002. Federal Title III-Information Security. Retrieved June 18, 2011
-Warren and Brandeis, ‘The Right to Privacy’, Harvard Law Review, Vol. IV, Dec 15, 1890, No. 5.
-World Internet Stats, Nov. 2005, www.worldinternetstats.com
University Press, 1992, p. 24, note 22
As a result, to meet the security and assurance needs of modern information systems and applications
Please join StudyMode to read the full document