Executive Summary

TMXBank, Inc. is a profitable regional financial institution with more than $1.2 billion of controlled assets that serves a three-state area in the Southeastern USA. In the last several years, the bank has facilitated growth through the acquisition of small local banks to create a broader geographic presence. In recent strategy mapping sessions, the leadership of TMXBank identified several strategic initiatives it seeks to pursue 1) continue growth, 2) reduce cost, and 3) improve efficiency of operations.

Business Challenges

Core banking systems require modernization.

a.TMXBank cannot adequately support the functionality of banks it acquired. Staff are stretched to the limit in their efforts to support the disparate systems.

b.From a technology viewpoint, integrating the core banking systems with new applications is complex, and the skill set that is needed to maintain the legacy core systems is becoming harder to find.

c.See the attached Overview of TMXBanks systems

There are concerns regarding compliance.

d. There are concerns about TMXBanks ability to comply with industry regulations. As the bank has grown it has become subject to additional banking regulations.

e. With the continued growth of the bank, the IT staff has become responsible for regulation compliance for which the bank is now accountable.

Narrative below is from your discussion with the bank VP of IT.

"For all of our core banking account transactions, we run our new $4 million banking app suite on a multi-core transaction processing server that we paid $64,000 on our network that is segregated from all other network nodes and is backed up transaction-by-transaction instantly to two off-site mirror servers. These servers are supported by our 3rd party disaster recovery vendor at an annual cost of $125,000 per year. These connections are facilitated by two dedicated leased lines that are provided by the vendor. The first server is our redundancy server. If our primary server on site is unavailable the redundant mirror can instantly function as a replacement for the primary server for as long as required. The second off-site mirror is a disaster recovery server. Its primary use is to restore data in the event that the primary transaction process server has a data loss. In the event of multiple failures of the primary and redundant servers, this server could be employed for transaction processing as well. Inside the building, our network is front-ended by a firewall appliance that uses intrusion detection and prevention applications as a well as log capture and analysis apps. This system was purchased 18 months ago for $64,000. Our web server, mail server, andfile server are all less than 3 years old and each costed about $4,800 when new. They are segregated on separated network nodes. Likewise, our loan management software and our customer management software, both purchased last year for a combined $132,000,run on a separate server identical to the hardware used for our other apps, that is also on a segregated network node from all other resources. The database server, again similar to our other hardware, with all customer data is in this node. All of these resources are administered by the Network Manager. Connected to our network are 5 teller terminals at which tellers key customer transactions during regular business hours. There are 10 workstations deployed in the building. Two are utilized by our loan officers, four are utilized by our CEO, CFO, VP of Lending, and Manager of Tellers, two are utilized by the Network Manager and his direct report the Network Analyst and the other workstation is mine. There are various job-specific applications cloud sourced from vendors available on each of these workstations and all software is properly purchased from vendors for an annual subscription fee of $200,000."

Overview of TMXBank Systems:

Required:

Write an Executive Summary that includes:

1. What are the critical assets of the bank and why?
2. What vulnerability exist that might expose the critical assets?
3. What are the threats that may exploit the vulnerabilities of the critical assets?
4. Based on your quantitative and qualitative assessments, what are the top 3 risks for the bank?
5. If any of the top 3 risks are realized, what would it cost the bank?
6. What should the bank do about the top 3 risks?

Complete a Cost Benefit Analysis for the top 3 risks you identified.

1. Support the cost of acquisition of your controls with external sources or logical justifications.
2. Support the proposed cost of a loss associated with each of your three risks using external sources or logical justifications.

Complete a Business Impact Analysis with recommendations for remediation.

1. What critical business functions are affected?
2. What critical systems are affected?
3. What is the MTD/MAO for each CFB? How did you arrive at that number?

Overview of TMXBank Systems