Sign In
Not register? Register Now!
Essay Available:
Pages:
4 pages/≈1100 words
Sources:
Check Instructions
Style:
APA
Subject:
Law
Type:
Term Paper
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 20.74
Topic:

Cybersecurity Plan for Bank Law Term Paper Research

Term Paper Instructions:

Final Exam There is no time limit for this exam. The exam must be finished by no later than Aug. 6, 2020, at 11:59 pm ET. Good Luck! Question 1 Scenario -- Cybersecurity Plan for Bank • Your employer knows you just took this course and therefore, senior leadership wants to make sure the company fully updated on the state of play post British Airways, Marriott Hotels, Facebook and Equifax. • Your employer is a large commercial international bank domiciled in NY and organized under the laws of NY and thus subject to DFS regulation in the first instance. You have US offices in Miami, LA, San Francisco, and Boston. You also have offices in London, Paris, and Stuttgart. Thus, the bank is subject to EU GDPR as well. The bank’s business focus in on emerging companies, the fintech space, a niche that others are not fulfilling. Your employer both services people (high net worth) and business, and lends and invests in business too. Other facts you need to know • Bank has the standard policies and procedures like an incident response, business continuity, and crisis communications plan. But you have had no practice, no table top exercise for a year or more. Everyone has been too busy. • There are other requirements under the GDPR that you now know of but you also know your bank/employer needs help in organizing and implementing them. • You are fully aware of the regulatory dynamics. • And the board is scared of cyber. They are great business people, but they see the handwriting on the wall and the dynamics of holding companies liable for data breaches. In no more than three pages, please draft a plan for your employer: • How to more fully comply with the GDPR and what other policies and procedures the bank needs if someone were to look over and review them post breach; • Please indicate to the board which of the policies would help also comply with OCC, FFIEC, NY, and California. In sum, how do you help your employer more broadly comply with all relevant requirements? • The 72 hour notification rules scare the board. How on earth can you possibly comply? What would your advice be? What helpful steps can be indicated for your employer (like practice, practice and more practice”)? Can outside counsel and outside forensic counsel can help you be more efficient in your response? • Lay this all out for your board in plain English. Question 2 In one page or less: • I want you to apply your cumulative knowledge of the course – give me your “David Letterman’s Top 10” best practices for cybersecurity. Please make it in a way that you can post or demonstrate at your company or office. Make me proud of what you have learned during the course. Pictorials are fine. Creativity is fine. I was your teacher for the course. You are the next generation of educators and teachers. Teach! We are all in this together.

Term Paper Sample Content Preview:

Running head: CYBERSECURITY PLAN1
Cybersecurity Plan for Bank
Student Name
College/University Affiliation
CYBERSECURITY PLAN

2

Cybersecurity Plan for Bank
I. Cybersecurity Plan
The General Data Protection Regulation (GDPR), applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe (“General Data Protection Regulation,” n.d.), is a comprehensive data governance framework. The GDPR, as well as a number of key federal and state regulations discussed shortly, is mandatory and requires full compliance in order to avoid any possible fines and, in worst case scenario, partial or full suspension of business activity should data breaches go unreported, reported inadequately and/or occurred frequently. Given current scope, only select areas of GDPR are discussed namely, Consent, Encryption, Privacy by Design, Right of Access, Right to be Forgotten, Right to be Informed, and Third Countries.
For Consent, one of six bases mentioned in GDPR (i.e. contract, legal obligations, vital interests of data subject, public interest and legitimate interest), processing personal data is generally prohibited unless explicitly allowed by law or data subject has consented to processing (“Consent,” n.d.). Similar to California Consumer Privacy Act (CCPA), discussed shortly, GDPR places particular emphasis on user/consumer data protection and privacy. This mandates explicit data processing consent forms, or some similar documentation, in order to comply with GDPR.
For Encryption, data should, under GDPR, be coded into readable forms only to authorized parties and encrypted to all non-authorized parties in order to minimize risks of cyber attacks and data breaches (“Encryption,” n.d.). This requires up-to-sate and best-in-industry encryption methods in order to ensure data moves safely and securely, particularly if one or more Third Countries are involved.
CYBERSECURITY PLAN

3

For Privacy by Design, platform architecture should be such that data is protected against potential existing and/or future breaches (“Privacy by Design,” n.d.). Technology used to manage data should, put differently, be designed such as to ensure flowing data is safely and securely protected. This requires phasing out of legacy platform architecture and acquiring best-in-industry solutions in order to continue to respond effectively and proactively to all identifiable risks.
For Right of Access, data subjects should be fully informed of any personal data processing and, in case of failure to do so, fines are applicable (“Right of Access,” n.d.). For financial institutions, customer right of access has gained more significance and is, perhaps more importantly, become integral to brand credibility. Accordingly, customers should be fully informed of any data processing activities performed beyond consented ones. This should ensure, on one hand, customers are fully aware of any data processing activities and, on another hand, to avoid potential applicable fines should customers are not duly granted access to processed data according to GDPR.
For Right to be Forgotten, data subjects are entitled to have personal data erased immediately...
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Order

👀 Other Visitors are Viewing These APA Term Paper Samples:

HIRE A WRITER FROM $11.95 / PAGE
ORDER WITH 15% DISCOUNT!
Order Now