Security Policies
Introduction
Security policies refer to, to be secure for a system, business or an
organization. In the case of a company or a business, it looks at the
constraints on behavior of the staff members as well as constraints put on
enemies such as walls, doors, locks and keys. For most systems, the security
policies handle control on functions and flow among them. It controls all the
rights to entry by exterior systems and adversaries as well as access to data
and company programs by non authorized people (Andrew, 2013).
Privacy policy is a legal document or statement that unveils some or all
of the means through which a company collects, manages and disclose a client or
customer’s information or data. The client’s data can be any description that
identifies a customer. This information ranges from name, date and place of
birth, physical address, marital status, financial records, medical history, ID
issue and expiry date, credit card information, contact information among
others. The main purpose of privacy policy is to inform customers of what
information is collected, and whether it publicized or kept confidential or
given to other organizations (Slater, 2008).
Background of the
organization
The financial
institution that I choose is Barclays Bank.
Barclays Bank is a British international financial and banking services
company, which has its headquarters in London, UK. Barclays Bank finds its
roots to the goldsmith banking company founded in 1690 in the city of London.
James Barclay joined the business in the year 1736. In 1896 the several united
under the umbrella of Barclays. In the subsequent years, Barclays became a
nation wide bank and slowly moved to other parts of the world. It is a worldwide bank that deals in
investment, wholesale, and retail banking as well wealth management, credit
cards and mortgage lending. It is present in over 50 countries and territories
and has about 50 million clients in the world. Barclays in itself runs two businesses,
which are an investment and corporate Banking, and the other is wealth and
investment management; and Business and Retail Banking (Andrew, 2013).
Core information system security concepts
According to
Barclay’s information security concepts, the bank commits to keeping part of
clients or customers information private and confidential. This information
includes those that Barclays bank gets from third parties.
The information
that clients provide when they registering with the bank are a secret they are not
to the public. They even provide ways through which a person can protect their
information that is in the case of online services.
The detail that surrounds the privacy
policy includes not having to keep the information and only use it for the intended
purpose only. A client has to be notified in case the bank has to use the
information somewhere else. The main purpose of privacy policy is to inform
customers of what information is collected, and whether it publicized or kept
confidential or given to other organizations.
In the cases of
outsourcing of any process, the bank ensures that right security measures are
in place that meets their privacy principles. The bank also ensures that
transfer of client’s information from one country to another is safely
conducted. The main reason that Barclays bank has for their privacy policy is to inform
customers of what information is collected, and whether it publicized or kept
confidential or given to other organizations.
Corporate policy
Corporate
policy refers to a document that has step by step guideline. It is made after
analysis of both internal and external environment that can have an effect on
an organizations goals, plans and operations. It also establishes the making
and implementation of strategies of the organization’s other offices.
Just
as any other organization or financial institution, Barclays bank has its
corporate policy. Their policy is aimed at creating and maintaining investor’s
value and making sure that there are ethics, legal and transparency. That is
what governs most of the businesses that are done in Barclays bank. The bank
has several policies that manage how the bank and their customers do business.
For example, acts such as corruption, the acts warrant independent
investigation and the results of the investigation are made public. This helps
reduce the level of corporate corruption in the banks environment (Slater,
2008).
The
corporate and the security policies that are used in Barclays bank are very
rigid in terms of ensuring customers’ safe environment. This will provide high
levels of security and rules that govern how business is conducted within the
banks premises. For example, the bank
does not give out information such as name, date and place of birth, physical
address, marital status, financial records, medical history, ID issue and
expiry date and credit card details of the customers to anyone unless
authorized by the client. It also has a corporate policy that tackles acts such
as corruption the bank handles such acts by warranting independent
investigation and the results of the investigation are made public. This helps
reduce the level of corporate corruption in Barclays bank.
Though,
the bank's security and corporate police are so tight on making the environment
free, they are some discrepancies that face these policies. When handling the
information transfer from the bank to the third party, there are no background
security checks done on reasons that make the other firm acquire information
from them and not directly from the client. There is a possibility of the other
firm getting more information from the bank than the client might give.
The
only way through the discrepancies could be managed is by alignment of
corporate and security policies. This can be done through, doing a pilot, study
on what takes place in the bank, which
information is mostly needed by other firms. After all that is done
appropriate measures can be put to ensure data security and good corporate
behavior is achieved, (Harris, 2012).
The
measures that the software firm should take are as follows; develop a database
that only authorized company employees can have access to it on any time.
Create defense mechanisms that prevent malware infections, which cause problems
such as leakage of information, unauthorized access, proprietary information,
disclosure of personal data, deletion of data, damage to the programs, and
denial of authorized access to the database among other problems that comes
system software (Willims, 2010).
A port scanner
refers to a software application for probing a host or server for free ports.
Administrators for their networks normally use the software for verifying
network security policies; it is also a vial tool for the attackers they use it
in the identification of the running services with the motive of compromising a
host. A port scan is an attack that sends requests of clients to various
servers’ port addresses on a host. They do this with the aim of getting a port
that is active and they exploit an identified weakness of the service, most
uses of a port are just probes to determine the services that are available on
a remote machine but not always attack (Maimon, 1996).
TCP
scanning
When the SYN is
not the best option, simple port scanners operate by the operating system's
structure functions. This mode is known as connect scan it is named after the
Unix connect structure call. The operating system will finish a handshake in a
TCP three ways if a port is open, to avoid any kind of service attack, the
scanner closes the connection immediately. An error code is otherwise returned.
The advantage of this mode of scan is that there are no special privileges
required by the user. However, the functions of the network prevent the
low-level control when the operating system is used this is to say, the scan is
rare (Maimon, 1996).
Window
scanning
Window scanning is
rarely used because it is regarded as outdated in nature; the window scanning
is not trusted in its determining whether a port is closed or open. The same
packed as an ACK scan is generated by window scanning, but it inspects whether
modifications to the window. If the port is open, a false design will try to
create a window size for the packet when the packet has reached its
destination, the packets window field will be flagged with 1’s before returning
to the sender. Open ports will be labeled as closed. This scanning technique is
used with systems do not support this technology.
SYN
scanning
This is another
TCP form of scanning. Instead of using the operating system's network
applications, raw IP packets are generated by the port scanner and then it
watches the responses. The scanner also called the "half-open
scanning", simply because it does not open full TCP link. An SYN package
is generated by the port scanner. The intended port will respond if it is open,
with an SYN-ACK package. The scanner host reacts with a RST packet closing the
link prior to the finishing of the handshake. There are several advantages
coupled with the use of raw network connection; it allows a detailed report of
the responses and gives the full control to the scanner. These scanners are
most effective in handling data and processing (Maimon, 1996).
The scanners can
be used positively to make work easier for many organizations that have large
quantity of work. This reduces the work load that an organization has. The
scanners can be used as a way of identification of most of the documents that
are used in companies. This will help the organization find out which if fake
or genuine. The scanners also help organization make things such as employees’
identity cards, through scanning their photos and fixing them on their relevant
tags. An error code is otherwise returned. The advantage of these modes of scan
is that there are no special privileges required by the user. The tags are used as security passes among
other things. The scanners can also be used to deter unauthorized access, proprietary information,
disclosure of personal data, deletion of data, damage to the programs, and
denial of authorized access to the database among many more.
Although the
scanners are of great help to organizations they can be used for malicious purposes. For example they can be
used to forge important document. The scanner has a
capability of editing documents and has a duplicate of the original that looks
the same as the original. One can scan and edit a lot using these machines and
obtain for instance money through a fake document made by the help of the scanner.
The forgery can be made on documents that will tarnish the name of a particular
company or organization. This is mostly done by rival company or group of
people.
The scanners could
be used for malicious
purposes in a banking hall for instance one could use the scanner to make an
Identity similar to another person then do something bad. The company will then
go for the person whose identity was used as the main suspect in the case (Erikson, 1999). This will in turn make the work environment to be
very hostile for everyone. When a person forges, they
do this with the aim of getting a port that is active and they exploit an
identified weakness of the service, most uses of a port are just probes to
determine the services that are available on a remote machine but not always
attack (Abraham, 2004).
In
conclusion, it is important for financial institutions to have all their
policies scrutinized before they put them into action. Policies help safeguard
the institution a lot, as it is the base of almost all the operations that take
place. Software that is used should also be cross checked to determine their
security levels to ensure nothing goes wrong.
WORK
CITED
Abraham N., (2004). "Verdict
in the case Avi Mizrahi vs. Israeli Police Department of Prosecution”
Oxford University press
Erikson J., (1999). HACKING the art of exploitation
(2nd ed.). San Francisco: NoStarch Press. ISBN 1-59327-144-1
Andrew H., (2013). Corporate Governs in Barclays Bank: A case
of Banks in London, Unpublished Article
No comments:
Post a Comment