Board Briefing – Round One “You are up to the plate” Law Essay

Essay Instructions:

Board Briefing – Round One – Annual Meeting 2020 – Operation: “You are up to the plate”
You were newly hired as Chief Information Security Officer (CISO) for the XYZ Bank, a nationally
chartered, FFIEC regulated full service bank. XYZ Bank also is publicly traded on the NY Stock Exchange.
The bank is incorporated in New York under its banking laws, and does business in nearly every state in
the United States. It has a presence in the UK (London) but only a very limited presence in other EU
states. Your computer infrastructure is relatively new, yet you have a lot of businesses and subsidiaries
in the bank that primarily use the cloud.
It is January 2020. You were just hired in September 2019 from another bank (albeit smaller and
regional in presence). Before that, you worked as No. 3 at Fed Ex in the IT department and were
involved in all kinds of business interruption issues. In your current position, you have a relatively
experienced team of 20 people, and a cyber security capital budget of $1 million dollars (including
salaries, which can be frighteningly high). Your employer did a major acquisition in 2017 and is still
having growing pains assimilating the new business.
You just had a vulnerability assessment done. It was relatively good, but the bank has never been able to
catch up to all the operating system and network patching that is required on a weekly basis. You are
always behind. You know about NotPetya cyber attack from your last job.
Your CEO walks up to you and asks you to make your first address to the Board of Directors. The CEO
tells you that the board members, who come mostly from other regional and national banks, are not
cyber savvy. They do not speak tech, and have gotten frustrated in the past with other CISO’s being too
tech and cyber savvy. The CEO gives you one last piece of advice: keep it to a half hour or they will get
bored.
In preparation for the board meeting, please draft a 3 page memo to the CEO, addressing the following
issues:
1. Please identify 3 cyber security issues that may have legal implications, and describe the
relevant legal implications.
(No more than 1 page)
2. Please provide the arguments you will make to the board for why it makes sense to have robust
up to date cybersecurity policies and procedures. In discussing this, please:
a. Summarize three cyber attacks that would be relevant to XYZ Bank: vulnerabilities that
were exploited; penalties (criminal or civil), any other tangible or intangible losses, and
anything else you believe to be relevant.
b. Point out to Directors their exposures and liabilities if they fail to use reasonable care
and diligence in creating and overseeing cybersecurity policies and procedures.
(No more than 2 pages)

Financial Privacy & Cybersecurity Midterm Assignment Board Briefing – Round One – Annual Meeting 2020 – Operation: “You are up to the plate” You were newly hired as Chief Information Security Officer (CISO) for the XYZ Bank, a nationally chartered, FFIEC regulated full service bank. XYZ Bank also is publicly traded on the NY Stock Exchange. The bank is incorporated in New York under its banking laws, and does business in nearly every state in the United States. It has a presence in the UK (London) but only a very limited presence in other EU states. Your computer infrastructure is relatively new, yet you have a lot of businesses and subsidiaries in the bank that primarily use the cloud. It is January 2020. You were just hired in September 2019 from another bank (albeit smaller and regional in presence). Before that, you worked as No. 3 at Fed Ex in the IT department and were involved in all kinds of business interruption issues. In your current position, you have a relatively experienced team of 20 people, and a cyber security capital budget of $1 million dollars (including salaries, which can be frighteningly high). Your employer did a major acquisition in 2017 and is still having growing pains assimilating the new business. You just had a vulnerability assessment done. It was relatively good, but the bank has never been able to catch up to all the operating system and network patching that is required on a weekly basis. You are always behind. You know about NotPetya cyber attack from your last job. Your CEO walks up to you and asks you to make your first address to the Board of Directors. The CEO tells you that the board members, who come mostly from other regional and national banks, are not cyber savvy. They do not speak tech, and have gotten frustrated in the past with other CISO’s being too tech and cyber savvy. The CEO gives you one last piece of advice: keep it to a half hour or they will get bored. In preparation for the board meeting, please draft a 3 page memo to the CEO, addressing the following issues: 1. Please identify 3 cyber security issues that may have legal implications, and describe the relevant legal implications. (No more than 1 page) 2. Please provide the arguments you will make to the board for why it makes sense to have robust up to date cybersecurity policies and procedures. In discussing this, please: a. Summarize three cyber attacks that would be relevant to XYZ Bank: vulnerabilities that were exploited; penalties (criminal or civil), any other tangible or intangible losses, and anything else you believe to be relevant. b. Point out to Directors their exposures and liabilities if they fail to use reasonable care and diligence in creating and overseeing cybersecurity policies and procedures. (No more than 2 pages)

Essay Sample Content Preview:

MEMORANDUM
Name:
Instructor:
Course:
Date:
MEMORANDUM
DATE: July 9, 2020
TO: The CEO
FROM: The Chief Information Security Officer (CISO)
SUBJECT: Financial Privacy and Cyber security
It has come to my attention that the bank is at a higher risk of cyber-crime attacks. This memo is reminder to use the bank infrastructure appropriately since it is relatively new with a lot of businesses as well as subsidiaries usingcloud to store and back data.
The increased rate of cyber-attacks on financial institutions like banks has directed attention to the need to integrate cyber-security. This has necessitated various initiatives to address this issue. The banking industry is IT-intensive and very dependent on data as a primary input. Also, firms in this sector are much interconnected via payment systems. Also, the sector offers services and products that are time-sensitive and can be undermined by cyber-attacks. In this sector, banks offer public-facing services and products. A bank system’s many contact points with external parties cause significant vulnerability to these attacks and can be utilized as starting points for attacks that target other areas of the financial system. Thus, it is significant that banks have sufficient processes, procedures, systems, and governance in place to minimize cyber-risks.
1. Cyber-Security Issues
In 2014, the US National Institute of Standards and Technology (NIST) presented a cyber-security framework. Also, the New York State Department of Financial Services (NYDFS) integrated NY Cyber Regulation in 2017. These regulations require financial institutions like XYZ bank to carry out a periodic assessment of their information systems, implement in place programs that ensure confidentiality, maintain a cyber-security policy, write an incident response plan, have a chief information security officer to oversee the plan, have a third party policy, and notify the NYDF of any incident. As such, these frameworks could be a valuable starting point for XYZ Bank that decide to put in place or upgrade their approach to cyber threats like malware, phishing, and password attacks.
Malware Attack
Malware covers numerous cyber-attacks like worms, viruses, and Trojans. It is a code that has malicious intent to steal or destroy information on a computer. Viruses attach and infect files uncontrollably to destroy the system’s main functionality thereby deleting or corrupting them. Trojans hide as legitimate software that can be damaged. They create backdoors in security profiles to allow others in. worms are infections across whole networks of devices (Janczewski&Colarik, 2008). Thieves can use malware attacks to steal money from customers’ accounts.
Phishing
Phishing attacks pose a request for information from a third party. They are sent through email and ask utilizers to click on links and provide their information on passwords and accounts. The banking sector is mostly targeted by hackers utilizing phishing attacks since customers may fail to detect the scam that results in the theft of their money.
Traditional banks provide checking, savings accounts, credit cards, and payment processing companies, and web e-tailer...

Updated on January 26, 2024

Get the Whole Paper!

Not exactly what you need?

Do you need a custom essay? Order right now:

Order

👀 Other Visitors are Viewing These APA Essay Samples:

Press Release and Reflection

3 pages/≈825 words | 1 Source | APA | Law | Essay |
Knight Institute v. Trump, No. 18-1691 (2d Cir.) Law Essay

4 pages/≈1100 words | APA | Law | Essay |
Law Interpretation

1 page/≈275 words | 3 Sources | APA | Law | Essay |
Terrorism and Counterterrorism

10 pages/≈2750 words | 11 Sources | APA | Law | Essay |
Ethics in Criminal Justice Administration Analysis

4 pages/≈1100 words | 4 Sources | APA | Law | Essay |
Briefing: Critical Legal Thinking Cases

2 pages/≈550 words | 3 Sources | APA | Law | Essay |
Case Brief R. v. Williams [1998] 1 S.C.R1. 1128 Law Essay

2 pages/≈550 words | No Sources | APA | Law | Essay |