Compliance with federal and state legislation

Reference no: EM13854248

A. Task:

You and your team are to provide a security architectural design for a new, internet-based bank that you are setting up, having been granted a banking licence under the new "No More Squirrelling" legislation recently passed by the Federal Government.

The requirements for this design are described below. You are required to work in teams of four, and you need to register your team (team name and member details) on Moodle.

Because you are dealing with a bank, a number of security concerns at various levels need to be addressed in your architecture:

1. Compliance with federal and state legislation,

2. Public confidence in your enterprise by providing confidentiality, availability and integrity of customer data,

3. Privacy of customer data,

4. Interoperation with other financial institutions, both nationally and internationally,

5. Compliance with international standards,

6. Security of all bank assets,

7. Current trends in customer engagement via the internet

Your design needs to deal with enterprise architectural issues relating to application security, platform/OS security, network security and storage security.

The decision has been made to run the bank's IT operations in a Cloud environment.

B. Components you need to deliver:

1. High level security architecture (SABSA contextual and conceptual levels). I suggest that you use reference architectures if you can find these. The purpose of this work product is to show what types of security services you intend to provide, what types of cloud services you will be using (private, public, hybrid, SaaS, PaaS, IaaS), what types of systems and networking you will need for the bank - consider head and branch office systems and networks, ATM and EFTPOS systems and networks, international links.

You will need to make reasonable assumptions about sizing, capacity, etc. of the various IT components, and you need provide a design for best security practice, i.e. cost is less of an issue than having security exposures and weaknesses.

2. Detailed (SABSA logical level) security architecture. This will include specific details of what security services you will provide, what networking you will provide, what application systems you will be protecting, what tools you will be using.

3. Detailed design (SABSA physical level) of your main processing site(s), irrespective of use of Cloud. This will include location, security equipment, networking devices, storage sizing, management tools, operational components for the detailed security architecture.

4. Costing estimates (both labour, hardware and software, both for implementation and operation)

5. Planning estimates with enough detail to show estimates at equipment installation level

6. Resourcing estimates

For these latter components, you would benefit from using the SABSA Framework for Security Service Management.

C. Approach:

Use the SABSA framework as a guide for your work products. Concentrate on the How, Who and Where (Process, People and Location) columns. You will have to do some research about how an organisation like a bank would be running its IT systems and what they would consist of.

5. Description of the security services you are planning to provide, why, and where they will be located in relation to the bank's IT systems and networks.

6. Equipment lists describing what equipment you will be implementing to provide these security services.

Reference no: EM13854248

Questions Cloud

Draw the indifference curves that display jims preferences : jim likes to go to church but he also likes to drink wine. Unfortunately for jim the consumption of one of these goods reduces the enjoyment of the other. Draw the indifference curves that display jims preferences

Shifts in the production possibilities frontier : Terrorist attacks foster instability and may affect productivity over the short and long term. Do you think the September 11, 2001, terrorist attacks on the World Trade Center and the Pentagon affected short- or long-term productivity in the United S..

An express contract-implied contract : Kelly tells Jimmy she will pay him $1,000 if he builds a shed in her backyard. Kelly is a(n) Livewire Company and McCoy's Candy, Inc., sign a document that states Livewire agrees to design a Web page for McCoy's, which agrees to pay for the service. ..

Explain what factors may contribute to a greater : What experimental error would cause a mistaken increase of copper into the cycle? What is done in the Experimental Procedure to avoid this "positive" error? Explain a. Explain what factors may contribute to a greater than 100% recover of copper in t..

Compliance with federal and state legislation : Compliance with federal and state legislation - Public confidence in your enterprise by providing confidentiality, availability and integrity of customer data,

Find the ph : Find the pH of the following - A: 17.91 g Na2HPO4*12H20 - 1.7 mL 1M NaOH - 998.3 mL H2O B: 13.16 g citric acid monohydrate - 25 mL 1M NaOH - 975 mL H2O

Elaborate on the concepts of general systems theory : Elaborate on the concepts of general systems theory / general systems thinking and boundaryless organizations. Interpret how systems thinking and boundaryless conditions can be positive characteristics in an organization

Write a classification-and-division essay identifying : What kinds of survival skills does a student need to get through college successfully. Write a classification-and-division essay identifying and discussing several kinds of skills and indicating why each category is important

Draft of the nursing philosophy statement : Your final draft of the Nursing Philosophy Statement is due this week. Look over your work and make any changes or revisions needed. Attach is the one first paper that you guys wrote.

User Account

All Pages