A trusted system is one that meets the expectation of risk. The system performs as expected, keeping risks within the accepted boundaries. This enables the system to meet the desired level of confidentiality, integrity, and availability of the organization. In online banking, a user must trust that his or her money will be kept safe and accessible, that automatic payments may be made, and that information should be kept private.
There are three levels of trust: component, information system, and enterprise. An overall security strategy determines the controls at each level, and ensures that the controls support each other for robust security. Each individual component, or device, must conform to the security policy of the organization. Minimal standards for the security policy of a component include disabling unused services, routine updates, data encryption, and strong passwords, as well as firewalls and anti-viruses as applicable. Managing trust starts with a documented and management-approved security program. A security program consists of policies, standards, and guidelines that clearly state management’s expectations (Olzak, 2011).
An end user of the organization’s online banking system should be able to access the account information 24/7. Data must be transferred over secure channels to prevent interception. Changes to account information, such as a deposit, withdrawal, or purchase, must update to the online account page as close to instantaneously as possible. Payments, transfers, and money-orders requested through the online interface must be made promptly and securely. The system should respond only to authorized end users and demand strong passwords.
Information must move across trust boundaries from the organization’s system to the end user’s system. As it is beyond the power of the organization to control the security of the end user’s system, it is vital to put as many safety precautions in place as possible. One option is to require additional security questions be answered if access is attempted from an unfamiliar IP address. The security must also flow both ways, with a method in place to assure the end user that they have indeed reached the bank’s secure website and not that of a phishing scam forger. One method used is to divide the authentication into two steps, then have the end user upload a picture or phrase which is then displayed once the user passes the first round of authentication, and then require a second round of authentication once the user is assured they have reached the correct location.
While the organization cannot control what the end user attempts to keep on their own system, the organization should ensure all data stored on its system is thoroughly encrypted. Information should be accessible only via connected to a server, never stored on a component that could conceivably be removed from the organization’s direct control. Physical access should be controlled both via authentication processes and physical security. End users should be secure in the knowledge that transactions are monitored and that red flags will be raised at unusual activity. Alerts will be investigated and audits be performed routinely on these procedures to insure every alert is responded to properly. The system itself should work to protect the end user from being a risk by requiring strong passwords and routine changes to passwords. The system should also protect the end user by limiting password resets and locking out the account after a certain number of unsuccessful authorization attempts. Should this occur the end user should be manually notified via phone or letter and verify identity and authorization before the hold on the account is released.
End users must be able to trust in the organization’s members, which requires proper separation of roles and inclusion in the security policy of processes for handling complaints and termination. Changes to account management should be restricted to a very small number of employees, and then only during their on duty times in which they are functioning in the role of account manager. The end user should be secure in the knowledge that an average teller is unable to alter account information, and that terminated employees are unable to continue to access the system either electronically or physically.
The additional benefits of network segmentation, such as improving network performance and reducing congestion, make it a vital part of organizational security. Proper segmentation prevents a problem in one area of the company affecting other companies. As an example, if the organization choses to function as a lender for mortgages, applications for dealing with mortgage customers should be segregated from applications for banking customers. This approach should also utilize in depth defense, protecting the most vital assets with multiple layers of security. At physical locations, wireless connections should be segmented behind firewall with a separate rule set to ensure that if someone does gain access to the wireless network they must still pass through layers of protection to access the rest of the network. Network segmentation also limits the ability of attacks such as viruses and Trojans to spread through the system. Security can be further improved by preventing nodes from being visible to the sections of the network that are not authorized to access them. Firewalls, IPS/IDS, switches, and routers are all vital areas of perimeter and network segment defenses (Olzak, 2011).
Once the security policy is in place, it should be assessed by an independent and neutral third party to ensure it is robust and free of blind spots. Routine audits and assessments should be made in all areas and possibly reviewed by the third party for potential threats.
Information stored within the ‘cloud’ should be subject to the same securities and restrictions as all other data within the system. An update or modification to an end-user’s loan information should be viewable only after ensuring that it is being accessed by an authorized user.
A trusted system has confidentiality, ensuring only authorized users can view data. It should have integrity, ensuring that data is accurate and verifiable. It should require authentication and non-repudiation. Every alteration made to the system should be traceable back to its source. Data should be protected both at rest and in transit. The system should function as it is promised to function, removing worry and concern from the end user to ensure that they are willing to trust their money, their identity, even their very futures to the system.
Dunn, C. L., Cherrington, J. O., & Hollander, A. S. (2004). Enterprise information systems: A pattern-based approach (3rd ed.). New York, NY: McGraw-Hill.
McNurlin, B. C., Sprague, R. H., & Bui, T. (2009). Information systems management in practice (8th ed.). Upper Saddle River, NJ: Pearson Education.
O’Brien, J. A., & Marakas, G. (2009). Management information systems (9th ed.). New York, NY: McGraw-Hill.
Olzak, T. (2011). Lecture, Week 4. Retrieved from University of Phoenix, CMGT430 – Enterprise Security website.
© 2012, Within this mind. All rights reserved.