Access Restrictions
Darryl E. Gennie
Dr. Jodine Burchell
Augusta
CIS 560
21 January 2017
Strayer University
Restricting access to sensitive information plays a vital role in the success of any organization. Information is deemed sensitive when it needs protection from unauthorized access. Protecting this information is essential in safeguarding security and privacy of an organization. Thus, an organization such as Bank of America has taken measures geared towards protecting its sensitive information from unauthorized access. Just like other organizations, Bank of America has two types of sensitive information. The first type of sensitive information is personal information. This is data that may affect an individual if
…show more content…
Accessing this information by competitors could pose the bank to the risk of closing down. The third case where the no access level could be applied in this business is customers and other third parties having access to computer passwords. Having access to this information is a potential threat to the bank because this can enable them in accessing crucial information about the bank. In some instances, some customers could log into the bank’s system and credit their accounts with huge sums of money. This will plunge the bank into huge losses that could lead to its closure. Furthermore, the bank can warn customers against sharing bank account information with other people. In case the credit card of a customer gets lost, the customer will be at risk of losing his or her money if a person who knows details of the card gets access to it. The fourth case where the bank could use the no access level to its sensitive information is when it is ensuring security for its networks. When unauthorized users have access to the bank’s networks, it is at risk of having its system hacked. Essentially, hacking the bank’s system could lead to the closure of the bank because it will lead to massive loss of data (Akin, 2011). For instance, losing account details of customers means that customers cannot have access to their money which could
Confidentiality is the protection of information from unauthorized access. This is the assurance that information provided has not been made known to unauthorized persons, processes or devices. The application of this security service suggests information labeling and need-to-know imperatives are core aspects of the system security policy. Information, in today’s world, has value and everyone has information they wish to keep secret. Information such as credit card details, trade secrets, personal information, government documents, and many more. It was stated (Securitas Operandi™, 2008) that, we are bound to keep many secrets – corporate, staff, and personal secrets. We must keep this confidential information under wraps and earn the trust of employers, colleagues, and regulators every day. Mechanisms to enforce this include cryptography, which is, encrypting and decrypting data, access controls such as
In the document is also said that even when people have money in that bank people would go to the bank and go get their money since that bank was going to be a failed and it also said that after their failure the repressive effect on the spending of its clients. They couldn’t do anything to help the bank to crash even though they will all be crashed any day.
The article starts by giving the example of Wells Fargo recent problems of protecting client information. In the case of Wells Fargo, employees where using private client information to open credit card and savings accounts without their clients knowing about the accounts. The article explains things that an individual can do to help prevent this type of activity in the future. “Use technology to your advantage” (White). How checking of your credit report and recognizing what abnormal activity on your bank accounts help protect your personal information.
Bank of America is a multinational banking institute and one of the most trusted in the banking industry. This organizations sole purpose is to protect the customer’s confidentiality and assets by ensuring that data protection is the number one priority; however any organization when holding personal information can be a victim of data breach and BoA is not exempt. One of the largest risks BoA faces today is Mobile Banking. This consumer convenience is used by fifty percent of smart phone owners (Finney, 2014). Phishing is also threat to the banking industry; this strategy by hackers allows the extraction of consumer passwords and other sensitive information. Hackers targeting banking institution employees with convincing e-mails that fool them into clicking on malicious links-which ultimately compromise their credentials or
With the advance technology, banking has become a 24 hours a day and seven days a week ability. Not too long ago banks were only open from 9:00am to 3:00pm, workers and businesses rushing to get to the bank before they close. Paychecks were handed out personally not direct deposit, cashing or depositing a paycheck entailed a trip to the bank. Now most companies have direct deposit and the printed paycheck is becoming a thing of the past, this is only one example of how technology in banking has changed in society. The electronic banking (e-banking) can be described as the automated method of new and traditional banking services which reduce cost, and simplify front and backend process satisfying customers.
Financial institutions work with a large amount of data, often sensitive information. The computer software banks use are quite complex, which makes them a target for fraud and
If local branch employees are monitored accessing or causing damage to bank property and as a result are in violations of policy, they will be terminated, legal action will be pursued, and the that local branch will be put on probation for 6 to 12 months. Other industries may allow for these issues to go unnoticed but since the Great Recession mitigating fraud/cybersecurity (up to 18%) and and managing compliance (up to 29%) have reached highs as financial institutions struggle to combat these challenges. (Pilcher)
o Technology: In a technology driven world, it is important that banks in the industry ‘move with the time’. With respect to the big four, these banks have now introduced internet and cell phone banking as well as banking from the ATM; making the industry highly competitive. This technology aims to make banking for the client simple and accessible from anywhere. This new technology is aimed, once again, at the medium to high-income earning clients, who have access to these technologies.
Customer always have twenty-four-hour and seven days access to the bank website. They can easily access to the account to make payment, to transfer fund, to check their account balance when the bank is not in the operation hour.
Financial institutions, such as banks, are very susceptible to cybercrimes. Weaknesses throughout the security system leave the banks vulnerable regardless of the strength of the security measures. There are many threats and risks to banking institutions with some of the most common being malware, botnets, and DDoS attacks, as well as phishing and skimming. Inside attacks are also a threat to the security of banks as is customer fraud, also referred to as first-party fraud. Strengthening the security structure of banks and other financial institutions can be done by performing risk assessments and putting security programs in place where they will do the most good.
After the assessment and audit carried out on the protocol of operations of Bank Solutions, we identified uncontrolled access to event logs as one of the biggest security threat factor the institution is currently faced with. It goes without saying that as a result of this phenomenon, the institution’s information is at a great risk of alteration and even access by external entities. As a result, consumer protection is far from being guaranteed, as well as privacy policy being highly compromised. Some of the power users have access to event logs whereby they have administrative privileges of making changes to the captured information, majorly transactions information, putting into consideration that the power users are in a position to also change their own event logs. There is no guarantee of the trustworthiness and credibility of the power users, hence a precautionary measure has to be taken in order to cover this gap and enhance information security and privacy policy for the consumers.
Management of the bank does not share information and knowledge openly within the organization. Communication is rarely encouraged in this organization. Senior managers and managers do not
‘When, however, a bank ... goes further and advises on more general matters relevant to the wisdom of the transaction, indicates that it may, not necessarily obliged to, be crossing the line into the area of confidentiality so that the court may then have to examine all the facts including, of course, the history leading up to the transaction, to determine whether or not that line has, been crossed’
(Joseph; Stone, 2003) have said that the internet deals with a huge number of various financial transactions like customer payments, securities transactions applications for insurance acquisitions or loans. The result of the intention of the internet is to be an open network which means a high security risks are implicated with financial transactions. Today, different techniques and standards are presented in order to control these risks. Basic requirements are as follows: customer and financial institution have to trust each other; private data have to be encoded. No third party can be able to quickly get access to the private information such as financial transactions; It necessary to be guaranteed that the receiver and the sender have the same intentions. Gautam and Khare (2014) also reference about security issues in online banking by saying “Security violation can be categorized as Violation with serious criminal intention, Violation by 'casual hackers ' or Flaws in systems design and/ or set up leading to a security violation. E-banking system users still face the security risks with unauthorized access” (Gautam and Khare, 2014). (Mohammad, 2008) has a study about the emerging gap between banks’ expectations (or at least what their written customer policy agreements imply) and users’ actions related to the security requirements of online banking, the study discussed the issue about using online banking
Every bank will have to get the permission of the Reserve Bank before it can open a new branch. Each scheduled bank must send a weekly return to the Reserve Bank showing, in detail, its assets and liabilities. This power of the Bank to call for information is also intended to give it effective control of the credit system. The Reserve Bank has also the power to inspect the accounts of any commercial bank.