Scenario  A bank named “xyz private limited” has three head offices and each head office has eight branches connected with them. These head offices are located in Lahore, Islamabad and Karachi. All branches share their transaction data with respective head offices, then three head offices synchronize their transaction data so that each head office have the same account and transaction details. There is also some branch specific data that needs to be securely stored in the branches and not to be shared with the other branches. Banking systems use multiple applications for their internal communications. This bank have simple username/password based security i.e. their internal applications have username/passwords based logins. Due to recent frequent account hacking incidents they need a security mechanism associated with their applications. They need Confidentiality, Availability, Integrity and Authentication. They are facing major intrusion attempts from outside Pakistan. There are also some low to moderate effective intrusion attempts from information security students of 3, 4 different universities. So, these are all attempts from outside their LAN. There is no chance of insider attacks. Secondly, on 15th January 2021 bank received a ransom-ware threat from anonymous. Ransom-ware are malware that can encrypt complete data present in banks. Thirdly, There are more than 1000 ATM hacking attempts are reported in December 2020. ATM machines are simple systems that have mechanical part that counts and outputs cash, Where as there is a software part as well that interacts with the users and mechanical part of the machine. ATM machines connect with the bank databases to process data and transactions.   Suppose your suggestions provided in solution of question 1 and 2 are fully implemented. Now execute Risk analysis of the complete Banking system. Please suggest any controls if required at the end. (Note: Take only 10 assets of your choice for Risk Analysis) (12)

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

Scenario 

A bank named “xyz private limited” has three head offices and each head office has eight branches connected with them. These head offices are located in Lahore, Islamabad and Karachi. All branches share their transaction data with respective head offices, then three head offices synchronize their transaction data so that each head office have the same account and transaction details. There is also some branch specific data that needs to be securely stored in the branches and not to be shared with the other branches. Banking systems use multiple applications for their internal communications. This bank have simple username/password based security i.e. their internal applications have username/passwords based logins. Due to recent frequent account hacking incidents they need a security mechanism associated with their applications. They need Confidentiality, Availability, Integrity and Authentication. They are facing major intrusion attempts from outside Pakistan. There are also some low to moderate effective intrusion attempts from information security students of 3, 4 different universities. So, these are all attempts from outside their LAN. There is no chance of insider attacks. Secondly, on 15th January 2021 bank received a ransom-ware threat from anonymous. Ransom-ware are malware that can encrypt complete data present in banks. Thirdly, There are more than 1000 ATM hacking attempts are reported in December 2020. ATM machines are simple systems that have mechanical part that counts and outputs cash, Where as there is a software part as well that interacts with the users and mechanical part of the machine. ATM machines connect with the bank databases to process data and transactions.

 

Suppose your suggestions provided in solution of question 1 and 2 are fully implemented. Now execute Risk analysis of the complete Banking system. Please suggest any controls if required at the end. (Note: Take only 10 assets of your choice for Risk Analysis) (12)

Expert Solution
steps

Step by step

Solved in 2 steps

Blurred answer
Knowledge Booster
Public key encryption
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education