Question

You and your coworkers are designing the audit policy for WeServeU, the banking entity you’ve worked with on prior activities. Make an argument for why the audit system should be able to search for each of the following log items: user, action performed, time of action, and location. For each item, include two reasons you would want to conduct a search on it: First, after you have reason to believe your system has been compromised in some way, and second, how you would monitor each item in routine audits to look for “suspicious behavior”/explain what “suspicious behavior” would look like during a routine audit. Then, argue for a specific lockout policy for each of the following groups: customers; staff (workers); and IT administrators.

Answer 1

Audit policies for banking entities require log tracking for user activity, actions, timings, and locations to address system compromises and monitor for suspicious behavior. Distinct lockout policies should be tailored for customers, staff, and IT administrators based on their access levels and the sensitivity of information handled.

Step-by-step explanation:

Designing an audit policy for a banking entity like WeServeU is critical to ensure that the institution's financial and ethical integrity is maintained. Having an audit system capable of searching logs for user activity, actions performed, time of action, and location has multiple benefits. In the event of a system compromise, you can quickly identify the breach source, ascertain the extent of the damage, and take remedial steps. In routine audits, these elements help in monitoring for suspicious behavior, such as irregular access times or locations that could signify internal fraud or external attacks.

Customers, staff (workers), and IT administrators should have distinct lockout policies that reflect their levels of access and the sensitivity of their roles. For customers, a policy that prioritizes user experience while maintaining security through a limited number of failed login attempts followed by verification requirements would be appropriate. For staff, a similar but stricter policy can be implemented to strike a balance between access and security. IT administrators, given their elevated access, should face immediate lockout upon suspicious activity with a stringent verification process to regain access.

When auditing, indications of suspicious behavior can include abnormal activity patterns, multiple failed login attempts, or evidence of unauthorized access to sensitive areas. The presence of such indicators necessitates further investigation to prevent potential security incidents.

Answer 2

Designing an audit policy for WeServeU requires a system capable of tracking user, action performed, time of action, and location to ensure accountability and aid in investigations. Routine audit monitoring for suspicious behavior helps prevent security incidents. Different lockout policies must be crafted for customers, staff, and IT administrators to balance security and convenience appropriately.

Step-by-step explanation:

When designing an audit policy for WeServeU, it is crucial that the system has the capability to search for specific log items such as user, action performed, time of action, and location. This allows for the tracking of user actions, ensuring accountability and aiding in the detection and investigation of any potential security incidents or compromises. For example, if a system is suspected to have been compromised, being able to search by user helps identify who was involved, searching by action performed can clarify what occurred, time of action could highlight when the compromise happened, and location may pinpoint where the breach took place or where the user was situated.

Routine audits leverage the tracking of these items to identify suspicious behavior. Suspicious behavior could include actions performed outside of usual working hours, from unusual locations, or actions that do not align with typical user patterns. Implementing a specific lockout policy is also integral. Customers should have a lockout policy that balances security with convenience, staff workers should have more stringent requirements considering their access privileges, and IT administrators, having the highest level of access, should operate under the strictest lockout protocols to protect against internal threats and minimize risk.

Citing evidence is essential in any policy proposal. Legislation such as the Personal Data Notification & Protection Act of 2017 can be referenced to emphasize the seriousness of security breaches, and historical examples, such as the 2008-2009 recession, can demonstrate the consequences of inadequate foresight and monitoring in the banking industry.