Work Leading Security Consultancy Firm Junior Security Coordinator Firm Recently Won Bid P Q43879795
You work for a leading IT security consultancy firm as a junior IT security coordinator. Your firm recently won a bid to provide IT security consultancy for one of the well-known financial banks named FinBank. FinBank is looking to enhance its IT information security as a step to be PCI DSS (Payment Card Industry Data Security Standard) standard compliant. As part of your role, you have visited the bank with your colleague (Network security engineer) to document the bank procedures as well as the network configurations in order to provide the correct recommendations. You found out that there are a lot of: misconfigurations on the firewall, VPN access to a lot of users and external partners, and that they use one flat network for all of connected devices with no procedures to preserve the data confidentiality, integrity and availability. Your manager asked you to prepare a detailed report to be submitted to the CRO-Chief Risk Officer, CCO- Chief Compliance Officer and the CIO- Chief Information Officer of the bank. Your report should: • identify IT security risks together with proposing methods to assess and treat IT security risks. • Identify the potential impact of incorrect configuration of firewall policies and third-party VPNS on IT security. Discuss risk assessment procedures, and how you can take benefit of the ISO risk management methodology by summarizing it and highlighting its application in IT security. • Provide ways to improve the bank IT security via: o implementing different technologies in network security: providing examples for each technique you propose. discussing the benefits and justification of using Network Monitoring Systems. Investigating the ‘trusted network’ configuration and if it can be part of the bank IT security solutions. Show transcribed image text You work for a leading IT security consultancy firm as a junior IT security coordinator. Your firm recently won a bid to provide IT security consultancy for one of the well-known financial banks named FinBank. FinBank is looking to enhance its IT information security as a step to be PCI DSS (Payment Card Industry Data Security Standard) standard compliant. As part of your role, you have visited the bank with your colleague (Network security engineer) to document the bank procedures as well as the network configurations in order to provide the correct recommendations. You found out that there are a lot of: misconfigurations on the firewall, VPN access to a lot of users and external partners, and that they use one flat network for all of connected devices with no procedures to preserve the data confidentiality, integrity and availability. Your manager asked you to prepare a detailed report to be submitted to the CRO-Chief Risk Officer, CCO- Chief Compliance Officer and the CIO- Chief Information Officer of the bank. Your report should: • identify IT security risks together with proposing methods to assess and treat IT security risks. • Identify the potential impact of incorrect configuration of firewall policies and third-party VPNS on IT security. Discuss risk assessment procedures, and how you can take benefit of the ISO risk management methodology by summarizing it and highlighting its application in IT security. • Provide ways to improve the bank IT security via: o implementing different technologies in network security: providing examples for each technique you propose. discussing the benefits and justification of using Network Monitoring Systems. Investigating the ‘trusted network’ configuration and if it can be part of the bank IT security solutions.
Expert Answer
Answer to You work for a leading IT security consultancy firm as a junior IT security coordinator. Your firm recently won a bid to…
OR