Security Policy Outline
-
Upload
homenetwork -
Category
Documents
-
view
301 -
download
1
description
Transcript of Security Policy Outline
1
Security Policy Outline
Purpose:
The First World Bank Savings and Loan estimates over $100,000,000 a year in
online credit card transactions for loan applications and other banking services and is in
need of a practical Information Technology (IT) solution to provide and manage
seamless and secure online banking services for its customers. In order to meet the
statutory compliance criteria for Information security management systems, there are
specific legislation and regulations that The First World Bank Savings and Loan must
follow and implement. There are also cost and performance considerations that must be
applied to the overall strategy.
Solution: legislation and regulations
The International Organization for Standardization (ISO) and the International
Electrotechnical Commission (IEC) have produced several documents that address IT
security solutions standards. The two prominent documents to follow are ISO/IEC
17799:2005 and ISO /IEC 27001:2005. The first is ISO/IEC 17799:2005 titled
Information technology - Security techniques - Code of practice for information security
management which establishes guidelines and general principles for initiating,
implementing, maintaining, and improving information security management in an
organization. The objectives outlined provide general guidance on the commonly
accepted goals of information security management. The second is ISO/IEC 27001
titled Information technology - Security techniques - Information security management
systems - Requirements which specifies the processes to enable a business to
2
establish, implement, review and monitor, manage and maintain an effective Information
security management system (ISMS). By following these two standards and ensuring
that the Information Technology Infrastructure Library (ITIL) framework is carefully
implemented, a well-designed and maintained IT security structure will be in place.
Solution: Linux and open source infrastructure
The cost and performance of an IT network and software infrastructure can be
reduced by the utilization of third-party commercial data centers and open source
software products. Linux based IT systems have dominated the World Wide Web server
applications and there are a variety of open source software packages available at
practically no cost to the user. To successfully operate and maintain a secure online
transaction infrastructure, the hardware and software requirements should include
database servers, web servers, file servers, Simple Mail Transfer Protocol (SMTP)
servers, and Lightweight Directory Access Protocol (LDAP) servers. These hardware
and software requirements are available for low cost leases through many third party IT
enterprise companies that utilize virtualization technologies; such as, VMware, and
Citrix. By utilizing the multi-tiered architecture of a third party Linux-based infrastructure,
the cost, performance, and security of maintaining a Linux and open source
infrastructure can be optimized.
Conclusion: Benefits
To stay competitive in the financial institution market, the First World Bank
Savings and Loan must implement the proposed solutions and adhere to all of the
statutory compliance criteria for ISMS for providing online banking services for its
3
customers. In additions to cost savings and increased performance, the confidentiality,
integrity, and availability (CIA) triad perspective can be fully achieved.