Question
Question Scenario [Internet Security] (Part 1 to Part 3) A bank named xyz private limited has three head offices and each head office has eight
Question Scenario [Internet Security] (Part 1 to Part 3) A bank named xyz private limited has three head offices and each head office has eight branches connected with them. These head offices are located in Lahore, Islamabad and Karachi. All branches share their transaction data with respective head offices, then three head offices synchronize their transaction data so that each head office have the same account and transaction details. There is also some branch specific data that needs to be securely stored in the branches and not to be shared with the other branches. Banking systems use multiple applications for their internal communications. This bank have simple username/password based security i.e. their internal applications have username/passwords based logins. Due to recent frequent account hacking incidents they need a security mechanism associated with their applications. They need Confidentiality, Availability, Integrity and Authentication. They are facing major intrusion attempts from outside Pakistan. There are also some low to moderate effective intrusion attempts from information security students of 3, 4 different universities. So, these are all attempts from outside their LAN. There is no chance of insider attacks. Secondly, on 15th January 2021 bank received a ransom-ware threat from anonymous. Ransom-ware are malware that can encrypt complete data present in banks. Thirdly, There are more than 1000 ATM hacking attempts are reported in December 2020. ATM machines are simple systems that have mechanical part that counts and outputs cash, Where as there is a software part as well that interacts with the users and mechanical part of the machine. ATM machines connect with the bank databases to process data and transactions.
Provide solution for following: Part 1: Suggest a complete security architecture for the above banking network scenario. (20) Part 2: Suggest a list of security policies (at least 6) that can be used/deployed in least amount of time. (6) Part 3: Suppose your suggestions provided in solution of part 1 and 2 are fully implemented. Now execute Risk analysis of the complete Banking system. Please suggest any controls if required at the end. (Note: Take only 10 assets of your choice for Risk Analysis) (12)
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started