1. Securing a Bank
At Small Local Bank (SLB), we recognize that customer information is
a valuable asset. This includes, but not limited to, social security numbers,
bank account numbers and passwords, and the names and current addresses of our
clients. We have designed the following security policy to help safeguard
sensitive information of our customers at SLB:
SLB will implement a series of controls to help safeguard information
from unauthorized viewing by non-bank personnel and restrict employees to only access
data in carrying out official responsibilities. Access to the SLB networked
electronic databases and personal computers will be protected with firewall
systems and anti-spyware programs. In addition, the network will be divided
into several security domains. Access to these domains will require a login ID
and password, and will be restricted to appropriate domains for that user.
Furthermore, an electronic log will be maintained of access to files containing
confidential information regarding our customers. It is the employee’s
responsibility to keep their ID and password private. If an employee forgets
their ID or password, he or she is to contact the cyber-security manager.
SLB’s firewall systems and virus detection software will be updated and
installed daily. Known and anticipated threats to SLB will be documented, along
with the measure taken to counter the likelihood of the threats occurring. All
data files for SLB are backed-up daily and stored off-site.
All customer information in SLB networks or systems will be
encrypted. Personal information about our customers will not be exchanged or
given away without their permission.
Analysis of Security Policy
In order to implement a security policy, we must interpret and
understand what our local bank wishes to secure; we address this by defining
important customer information that we wish to protect. The policy continues by
addressing the three security services: confidentiality, integrity, and
availability. To maintain confidentiality, or concealment of information or
resources, access controls are implemented as well as the encryption of
sensitive information. In addition, access controls help implement the availability
of using desired information or resources. Only those who have access to a
security domain using a login ID and password will have availability to
information to conduct their responsibility. Integrity is maintained with the
electronic logging access of files to sensitive information and changes to such
With security mechanisms in place to enforce the security policy, the
goals of prevention, detection, and recovery are present. Data files are
backed-up for recovery and encrypted for prevention of snooping. Threats are
monitored and documented for detection. Firewall systems and anti-virus
software help secure the local bank network, preventing potential threats of
delay and denial of services.
Overall, the security policy ensures the security and confidentiality
of customer information. It protects against anticipated threats to the
integrity of such information, and restricts access, or availability, to or use
of sensitive information that could result in harm or inconvenience to any
2. Securing New (Cool) Technologies
Human microchipping shows exciting and potentially beneficial
applications; however, this technology poses several threats and attacks to the
security of its users.
With human microchipping becoming an emerging new technological
development, it is susceptible to exploitation and makes its users a target for
bad intentions. So much important information can be stored on the chip, either
for personal use or commercial, with purposes of reading and writing data. This
means that attackers could corrupt, wipe or copy the information. Common
threats that come to mind are modification or alteration, where the attacker
changes the user’s data with the possible goal of deception. If the attacker
successfully replaces data with their own, they have altered the identity of
the user, which could lead to a masquerading or spoofing attack, impersonating
the user for their own means.
Furthermore, there are certain legal, moral and ethical issues that
arise with the chip being implanted in an individual’s body. Who is to monitor
when someone is attempting to attack/hack into his or her device? Where is the
line drawn between company property and personal?
Certainly, there are many devices currently used that handle the
purpose of human microchipping that should not be disregarded. If a delay or
denial of service were to occur within the company network or premises, they
should be relied on for back up.
The use of human microchipping has its pros and cons. The
availability of information and data stored on the chip should only be made
available within company grounds and denied services once outside a network
perimeter. To maintain confidentiality of the user, personal information should
not be stored on the chip.