Unit3casestudy

.docx

School

Columbia Southern University *

*We aren’t endorsed by this school

Course

4320

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

7

Uploaded by briandjones127

Report
Running head: UNIT III CASE STUDY 1 Unit III Case Study Brian Jones Columbia Southern University
UNIT III CASE STUDY 2 Unit III Case Study – Regional Bank After two years of rapid growth and the acquisition of smaller financial institutions, Regional Bank is looking to expand further. The goal is to acquire other smaller banks and continue their growth with an end goal of becoming a publicly traded company in the next three to five years. A major roadblock appeared in the form of regulators from the Federal Deposit Insurance Corporation (FDIC) who will not approve further acquisitions at this time. Pursuant to FDIC Act section 18(c), the FDIC can block further acquisitions until certain criteria are met (FDIC, 2019). In this case, the issue is the information security policy that Regional Bank has in place. Regulators have stated that the policy is confusing, lacking structure, and filled with discrepancies. Research and Interviews To begin to fix the issues that the regulators have noted, the first step should be reviewing the policies already in place. A thorough review will highlight exact areas that the regulators have mentioned. After the review, the individual tasked with correcting the issues can make determinations as to what sections need to be reworked or reworded and which sections need to be scrapped completely and started over. It would also be wise to ensure that the security policies are standardized across all the institutions that have been acquired already. It would create more problems if the policies were not carried over into each new acquisition. It would also be extremely beneficial to review the logs and findings from previous audits. The previous audits may have exposed inadequacies that were not properly addressed and may be part of the larger issue. In addition to reviewing the policies, interviewing the individual, or group, that drafted the original policies would offer some insight into the original intent of the policies. Those
UNIT III CASE STUDY 3 individuals could also review the documented policies to verify if any revisions or changes have been made. Often, policies can be amended or added “on the fly” and may go unnoticed by the policy writers. Interviewing the Board of Directors of the bank would also add a layer of information to the findings. The Board will have their own opinions as to what the ultimate goals for the company will be and may have input into changes that need to be made. After reviewing the documentation and conducting interviews with the key decision makers, decisions can then be made as to whether any material from the original policies can be useful moving forward. At the very least, the original goals and objectives of the company should be taken into consideration along with the outline or framework of the original security policies. The goals and objectives of the company are generally set by the board of directors and give guidance as to where the company is headed. Writing New Policies ISO Domains and Certification When drafting the updated policies, using the recommendations and domains set forth by the International Organization for Standardization (ISO) would greatly benefit the company. Of the multitude of domains and sections used by ISO, there are a few that would be the most beneficial. First, and foremost, is the ISO 27002:2013 Code of Practice. The Code of Practice is a comprehensive set of recommendations relating to information security. The intent of this code is to act as a single point of reference for identifying the range of controls needed by any organizations, regardless of size. The Code does not mandate specific controls but allows each organization to use a risk assessment-based process to identify the controls that best suit their requirements (Santos, 2019). The sections that should be used are:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help