The main purpose of this paper is to elaborate issues related to security, interoperability, and operations of Bank solutions Inc. Disaster Recovery/Business continuity plan (DR/BCP) by prioritizing the selected requirements based on immediate need, security posture, complexity, resource availability, and cost. The necessity of applicable government regulations and the use of security controls recommended by the NIST special publication 800-53 is also explained to operate daily activities of Bank solutions Inc. in an efficient and effective way by protecting the confidentiality, integrity, and availability (CIA Triad) of assets, individuals, data, organizations, systems, and processes.
Definition
Financial Institution: “It means any …show more content…
Lack of knowledge to implement DR/BCP by critical plan participants
It is clearly mentioned that Bank solutions Inc. has not provided any training to properly implement DR/BCP during disaster and the critical plan participants are unaware of using DR/BCP properly. It is very critical to define the roles and responsibilities of each individual during disaster recovery to cope with immediate need.
Prioritization: Bank Solutions Inc. must update its security policy by defining the roles and responsibilities of individuals/groups during an event of disaster and training must be provided in order to avoid complexity. To be more precise, trainings must be performed every six months to make everyone aware of the procedures during such event.
4. Access control
Access control is also an important security and interoperability issue of the Bank Solution Inc. where there is no explanation of which users and administrators have access to control and manage information systems. This problem must be addressed immediately by defining their roles and responsibilities to protect accessibility of sensitive …show more content…
Bank solutions Inc. clearly lacks an offsite storage for back up. It is very important to have an offsite back up storage in order to avoid operations during an event of disaster. It is highly risky to depend on a single storage site for backup storage.
Prioritization: Implementation of offsite backup storage is a must to avoid daily operational activities during an event of disaster as it provides storage of information required to carry out daily operations. As there is cost associated to maintain offsite backup storage, it is worth in order to maintain the CIA triad of system and processes.
8. Mishandling of Backup tape
Backup tapes must be stored in a safe location with dual control and this procedure is not implemented by the Bank solutions Inc. The Night Operations Manager of Bank solutions Inc. is mentioned to store the backup tapes in a safe at his home which is very unethical practice. Backup tapes are very important during disaster recovery.
Prioritization: Backup tapes play important role during disaster recovery process. This issue must be immediately addressed and proper procedure must be implemented to secure backup tapes. Upon implementation, it will be easy to record the availability of backup tapes and security issues can be reduces as well.
9. Lack of Data Center