Question

You have been hired as a contractor to help a new bank/credit union called WeServeU. You’ve been asked to help them design their cybersecurity policies, specifically how they can be highly conscientious about the AIC triad as they form their policies.

Write at least three sentences each explaining how a banking institution might need to think about the aspect of the AIC triad: confidentiality, integrity, and availability. You can cover both the basic concept of the term and concrete policy recommendations related to the term in your answer. For now, WeServeU is mostly concerned about internal access—in other words, how their own employees and the company itself will manage data; you’ll help them with their customer-facing website in a future activity.

Rubric
Student includes at least three sentences related to maintaining confidentiality—rules limiting access to certain information (e.g., customer service reps shouldn’t be able to see social security numbers).


Student includes at least three sentences related to integrity in their answer—ensuring the information can’t be altered or deleted by unauthorized people (e.g., access to information requires password protection; backups of data are saved and secured regularly; proper security against external breaches is applied etc.).


Student includes at least three sentences related to availability in their answer—making sure that access to information is always available (e.g., through redundant systems, solid IT staff, good disaster recovery and system upgrade policies, etc.).

Answer 1

Policy recommendation:

Confidentiality - The bank should ensure to keep the sensitive information private and only authorized users and processes should access the information. Data encryption is required for instance data at rest is encrypted use of strong passwords, two-factor authentication is required for employees and social engineering training to ensure no data leaves the bank without control measures in place.

Integrity - The bank should ensure that there is consistency of information, networks and systems. The ability to recover data that is lost and mitigation and recovery plans should be in place and put in measures to restrict the changes in the waiting list. The bank should ensure that their security measures on data that is on transit for instance file permission protection and user access control to data is encrypted and cannot be modified by unauthorized user.

Availability -The bank should ensure that authorized users have free access to the devices, networks and data required to carry out their daily tasks. Resolving hardware and software disputes, along with routine maintenance, is crucial to maintaining the systems and their availability.

Answer 2

confidentiality,

The first part of the AIC triad that WeServeU needs to consider is confidentiality. Confidentiality is important because it makes sure that important data is viewed only by authorized personnel.

integrity

Living, working, and leading in integritymeans that we don’t question ourselves.

availability.

Availability is one of the most critical parts of the warranty of a service. If a service does not deliver the levels of availability required, then the business will not experience the value that has been promised. Without availability the utility of the service cannot be accessed