Mis 589 11 & 12 Mini Cases
CHAPTER 11 & 12 MINI-CASES
I. Belmont State Bank
Belmont State Bank is a large bank with hundreds of branches that are connected to a central computer system. Some branches are connected over dedicated circuits and others use the dial-up telephone network. Each branch has a variety of client computers and ATMs connected to a server. The server stores the branch’s daily transaction data and transmits it several times during the day to the central computer system. Tellers at each branch use a four-digit numeric password, and each teller’s computer is transaction-coded to accept only its authorized transactions. Perform a risk assessment.
First, I will begin with building a control spreadsheet for the bank; which looks much like Figure 11.2: (Fitzgerald, 374).
Then I would identify the assets. In this case, the assets I worry about most are hardware, network software, client software, data and mission critical applications. The hardware that I am concentrated on is the mail servers, web servers, and client computers and ATMs connected to them. As far as network software, I look at the application software (mail server and web server) along with server operating systems and system settings. With client software, it’s the overall operating systems and system settings. Organizational data and storage is the focus; the databases with records. The mission critical applications are the company website and financial database with spreadsheets/personal history/ applications and appraisals; along with transaction history. At the top of the list; is the mission critical applications necessary to conduct business/ for business survival. Next, is the organizational data, client software, hardware, and network software. As far as threats, the biggest threats in order of dollar loss and likelihood of occurrence are intrusion (internal, external and eavesdropping/hacking), sabotage, fraud, theft of information, denial of service, virus, theft of equipment and finally
I. Belmont State Bank
Belmont State Bank is a large bank with hundreds of branches that are connected to a central computer system. Some branches are connected over dedicated circuits and others use the dial-up telephone network. Each branch has a variety of client computers and ATMs connected to a server. The server stores the branch’s daily transaction data and transmits it several times during the day to the central computer system. Tellers at each branch use a four-digit numeric password, and each teller’s computer is transaction-coded to accept only its authorized transactions. Perform a risk assessment.
First, I will begin with building a control spreadsheet for the bank; which looks much like Figure 11.2: (Fitzgerald, 374).
Then I would identify the assets. In this case, the assets I worry about most are hardware, network software, client software, data and mission critical applications. The hardware that I am concentrated on is the mail servers, web servers, and client computers and ATMs connected to them. As far as network software, I look at the application software (mail server and web server) along with server operating systems and system settings. With client software, it’s the overall operating systems and system settings. Organizational data and storage is the focus; the databases with records. The mission critical applications are the company website and financial database with spreadsheets/personal history/ applications and appraisals; along with transaction history. At the top of the list; is the mission critical applications necessary to conduct business/ for business survival. Next, is the organizational data, client software, hardware, and network software. As far as threats, the biggest threats in order of dollar loss and likelihood of occurrence are intrusion (internal, external and eavesdropping/hacking), sabotage, fraud, theft of information, denial of service, virus, theft of equipment and finally