Scenario
 The organization is a regional XYZ Credit Union/Bank that has multiple branches and locations
throughout the region.
 Online banking and use of the Internet are the bank's strengths, given its limited human
resources.
 The customer service department is the organization's most critical business function.
 The organization wants to be following the Gramm-Leach-Bliley Act (GLBA) and IT security best
practices regarding its employees.
 The organization wants to monitor and control use of the Internet by implementing content
filtering.
 The organization wants to eliminate personal use of organization-owned IT assets and systems.
 The organization wants to monitor and control use of the email system by implementing email
security controls.
 The organization wants to implement this policy for all the IT assets it owns and to incorporate
this policy review into an annual security awareness training program.
Using the scenario, identify four possible IT security controls for the bank and provide rationale for your
choices