How Greiblock Credit Union Can Strengthen its Policies and Procedures to Address Issues
Objective:
Design policies and procedures to address the following areas: dynamic vulnerability analysis, intrusion detection, and incident response. The description should include the critical aspects of each area in measurable terms, as well as the role various technologies play in executing the policy and procedure strategy.
Course Goals:
1. Develop and utilize policies, procedures, and technologies for incident analysis.
3. Develop incident response plans and procedures that maintain investigative integrity for a variety of incidents and exposures.
4. Incorporate incident management, containment, identification, eradication, and recovery.
7. Utilize forensic techniques to determine extent of incidents and formulate corrective and evidentiary-based response.
8. Incorporate analysis and response results into appropriate action plans, reporting information sharing, improvement cycles, and exposure elimination.
Scenario:
Greiblock Credit Union (GCU) is a $5 billion financial services firm with a central office located in Chicago, Illinois, and approximately 100 branch offices located throughout the Midwest. The central office provides primary technical services for the all of the corporate locations including branch offices. This is done through a centralized architecture housed in the Chicago data center. Because of security considerations, no IT services are outsourced.
GCU has been the victim of an increasing number of security situations including fraud, identity theft, and cyber-attacks. The GCU Board of Directors has charged you with ensuring that proper policies and procedures are in place to proactively address these situations. They ask that these policies and procedures be developed with a set of metrics so that their effectiveness can be determined. These metrics should include what is to be measured, how measured, and what actions will be performed with the information. Specific areas that you must address include dynamic vulnerability analysis, intrusion detection, and incident response.
These policies and procedures should include one technical and one social aspect for each of the three areas (dynamic vulnerability analysis, intrusion detection, and incident response). These policies and procedures should be in the following format: 1) Purpose, 2) Scope, 3) Policy, 4) Enforcement, 5) Metrics. Incorporate subtopic areas as appropriate – i.e., 1.1, 1.2, etc.
Deliverables:
You need to design policies, procedures, and metrics to address the following areas: dynamic vulnerability analysis, intrusion detection, and incident response. The description should include the critical aspects of each area in measurable terms, as well as the role various technologies play in executing the policy and procedure strategy. Your paper should have a title page, table of contents, overview with references, followed by the policies and procedures in following format: 1) Purpose, 2) Scope, 3) Policy, 4) Enforcement, 5) Metrics. Note that the policies and procedures should be delivered in an applied business policy format for GCU, not as an academic research paper explaining general polices.
Note: 8 -12 pages excluding cover letter, TOC, graphics and attachments.
GCU’s Policies and Procedures
Student’s Name
Institutional Affiliation
GCU’s Policies and Procedures
Overview
The goal of this security manual is help Greiblock Credit Union (GCU) strengthen its policies and procedures to address various situations, but not limited to cyber-attacks, identity theft and fraud. The policies and procedures that have been outlined in this manual are developed based on a set of metrics that will be used to determine their effectiveness. Moreover, this metrics will be used to alter the policies according to fit the situation. The manual specifically addresses dynamic vulnerability analysis, intrusion detection and incident response. The metrics upon which the policies are based will address what will be measured, how it will be measured and the actions that will be taken. Technical and social aspects of major areas of this manual will be addressed as well.
It is prudent for GCU to have active policies and procedures in place to respond to any security breach. However, to do so critical areas need to be identified and GCU has done so. Therefore, a policy and procedure outline will enable the organization maintain its integrity to its members. Therefore, the identified critical areas must be understood. The dynamic vulnerability analysis enables the organization to test and evaluate its systems in real time. The objective of this analysis is to identify any security errors present in a system while it is in use (Dynamic Analysis, 2017). The analysis utilizes web applications to establish vulnerabilities by conducting actual attacks on the systems (Dynamic Analysis, 2017).
The intrusion detection system (two types active and passive) monitors any malicious activities and is designed to notify the system in case a threat is detected (Bradley, 2016). The active system is programmed to block threats automatically while the passive only monitors and analyses the traffic (Thomas, 2017). The objective of this system is to detect any threat trying to bypass the implemented security control measures (IDFAQ, 2017).
The last critical area identified by GCU is the incident response which addresses what incidents are and the steps to be followed in case they occur. This is addressed by an incident response team whose objective is to address situations in a timely and cost effective manner (Rouse, 2005).
Purpose
The purpose of this policy is to establish direction, procedures and metrics that can be used to maintain confidentiality, integrity and security that will ensure availability of information, communication and computing services within the organization. The aim is to decrease fraud, identity theft and cyber-attacks by strengthening the security levels and integrity of its systems. This policy manual will address dynamic vulnerabilities, intrusion detection and incident response.
Scope
This policy manual will be applicable to all employees and processes utilizing information, communication, computing systems and applications that have been developed, installed and owned by the organization. Due to security considerations of the organization, no IT services that will be outsourced, therefore, they will performed and maintained in-house. This will enable the training ...
π Other Visitors are Viewing These APA Essay Samples:
- INSW 200: Why I Picked the Field of Indigenous Social Work3 pages/β825 words | 7 Sources | APA | Literature & Language | Essay |
- College Application Essay for Southern Methodist University 1 page/β275 words | No Sources | APA | Literature & Language | Essay |
- The Status of Women in Hamlet and The City of Ladies3 pages/β825 words | No Sources | APA | Literature & Language | Essay |
- Activity: Writing Workshop. Healthcare Fraud Review1 page/β275 words | No Sources | APA | Literature & Language | Essay |
- Academic Excellence1 page/β275 words | No Sources | APA | Literature & Language | Essay |
- Journal Entries Listening To Homophonic Texture Of Music1 page/β275 words | No Sources | APA | Literature & Language | Essay |
- Impact of Globalization on Child Prostitution in Many Countries8 pages/β2200 words | 8 Sources | APA | Literature & Language | Essay |