Scenario 

A bank named “xyz private limited” has three head offices and each head office has eight branches connected with them. These head offices are located in Lahore, Islamabad and Karachi. All branches share their transaction data with respective head offices, then three head offices synchronize their transaction data so that each head office have the same account and transaction details. There is also some branch specific data that needs to be securely stored in the branches and not to be shared with the other branches. Banking systems use multiple applications for their internal communications. This bank have simple username/password based security i.e. their internal applications have username/passwords based logins. Due to recent frequent account hacking incidents they need a security mechanism associated with their applications. They need Confidentiality, Availability, Integrity and Authentication. They are facing major intrusion attempts from outside Pakistan. There are also some low to moderate effective intrusion attempts from information security students of 3, 4 different universities. So, these are all attempts from outside their LAN. There is no chance of insider attacks. Secondly, on 15^th January 2021 bank received a ransom-ware threat from anonymous. Ransom-ware are malware that can encrypt complete data present in banks. Thirdly, There are more than 1000 ATM hacking attempts are reported in December 2020. ATM machines are simple systems that have mechanical part that counts and outputs cash, Where as there is a software part as well that interacts with the users and mechanical part of the machine. ATM machines connect with the bank databases to process data and transactions.

 

Suppose your suggestions provided in solution of question 1 and 2 are fully implemented. Now execute Risk analysis of the complete Banking system. Please suggest any controls if required at the end. (Note: Take only 10 assets of your choice for Risk Analysis) (12)