Vikas on Security

Download, Study and Compare/Contrast NIST Risk Management guidelines discussed in Special Publications 800-30, -37, -39 and -53 You will be working individually. You will download and skim several NIST Special Publications, extracting key concepts: NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems Technology Systems NIST Special Publication 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach NIST Special Publication 800-39 Managing Information Security Risk Organization, Mission, and Information System View NIST Special Publication 800-53 Recommended Security Controls for FederalInformation Systems and Organizations In an 800-1200 word paper, provide a high level summary of the NIST documents, identify key points and assess the value as a practical tool for making IT decisions. Compare this model to one other assigned this term. How helpful do you think the NIST s...

Q1 Research the situation. Provide insights into the new IA risk incurred by having everyone’s banking and other financial services credentials. (500 words or less) The new business idea plans to access personal financial information of clients from various online sources and present in a useful manner fo use by the clients. This is a form of web scraping where the application would access client information from multiple accounts and present analysed content to the user. Due to personal information being accessed by the company a number of IA risks arise. These risks exist at both the individual client and the organisation level. The risks at the  individual level  are  : - Chances of leaking information increase as an additional entity is given financial details Identity theft as a single entity has all the personal and financial information  The organisation may sell client information to other third parties. Lax computer security mea...

The Company: Klew Loess & Associates New Idea: AgregGREAT! Ñ    HackMeCo financial subsidiary. Ó    Original Business Plan: Medicare Fraud Prevention Ñ    New Idea: AgregGREAT! Ó    Customers give us all of their financial portal login information (banks, brokerages, credit unions, credit reporting agencies), we login for them, get their information and present it in a useful way Ó    Profit! Some Assumptions Ñ    There are no laws preventing the new idea Ñ    AgregGREAT! Has been discussed generally among management & is gaining some traction internally Ñ    The projected numbers for AgregGREAT! are 4x current revenues in 2 years Ó    Depends on a completely new customer base, not all from USA Ó    Depends on perception of reliability (marketing) Questions from Business Development Team Ñ    We’ll be logging into financial portals and ...

CASE 1 : Control Analysis    Q 1 :  Explain and support information assurance controls for access to sensitive client banking information by HMC employees? My Response  :  1.     In this case, the key task is to ensure sufficient access control mechanism exist to protect sensitive  client banking information . The key concerns here are:- ·           Distinct separation of duties. ·          How to network access to servers is protected. ·          Who has to access to what information ? ·          How to audit these access ? 2. To address these concerns firstly it is necessary to carry out the risk assessment of the system .  This would  involve assuring the prevent security and access controls present as well as the new risks raced  du...

         The first case of  the course " Designing and Executing Information Security Strategies"   deals with control analysis and recommendations. The scenario and questions posed are given below. I will post my response in the next post.  Day 0, life is normal Q 1 :  Explain and support information assurance controls for access to sensitive client banking information by HMC employees? Q2. Explain and support information assurance controls for how access control is handled administratively? Yesterday’s Status ·           Financial Services ASP, provides credit clearance software services for 20 large banks worldwide ·           We provide the platform and the software, their (the banks) people operate the system ·           Our DBAs have access to the banks databases for support re...