CSCI 620 Final Examination
Please read carefully the case study that you have to solve. Your statements have to be logically justified. Your diagrams have to be detailed and well explained. The case study is open ended, so you will have to make assumptions and consistently use them throughout the entire paper. You can use the book, other network security related books, the presentations and the Internet as references. Any source used has to be referenced.
You have been named the CIO administrator for a small size bank, which has nine branches and the headquarters which also works as a bank. Your responsibility is to come up with a plan for securing the network infrastructure, which includes number of servers, network security devices, desktops, laptops and handheld devices. The plan should be carefully crafted to show all the necessary details in crafting the security policies, and mechanisms to enforce the policies for the IT of the bank. An understanding of the security issues the company is facing in order to conduct its business has to be reflected in the security aspects of the infrastructure (you should justify why a security measure is taken and how it will affect the business of the bank).
The bank network consists of a main site, a backup site and nine branch sites. Each branch network connects to the main site through a dedicated connection. The branches are each handling investment business as well as regular banking business. Three of the branches are located in the downtown area in very close proximity (two blocks apart, but the buildings are adjacent). The branches need to have access to the central database of the bank besides their own databases. Each of the branches has roughly 50 employees except for the headquarters which has 150. Ten percent of the employees are investment bankers who need constant access to the internet for market updates. Given the nature of the business, all the employees require email access. Internet access is also required. The bank uses customized software to interface to the databases and provides the customers with web access to their accounts as well as to other financial tools. Each branch has its own database but periodically the information from this database updates the main database. However, the management, which is located at the headquarters, must have access to all the information. The bank also has a backup site. The Human Resources department has its own database and so does the payroll department. Each of these departments has a staff of 10 people and does not need access to the other databases. The IT department employs roughly 80 people, 40 of which are located at the headquarters. The software development for the bank is partly done at the headquarters by a group of 10 developers and partly outsourced to a large software development firm.
Your plans should contain detailed information of how the access to networks at the branches, at the headquarters and at the backup site will be controlled. Physical security should also be addressed. Given the diverse staff employed by the firm, it is necessary to have detailed policies regarding file access, system access, documents access, systems and network security. Choices of OS, security software and hardware have to be justified. Vulnerability analysis is also done every year.