How Greiblock Credit Union Can Strengthen its Policies and Procedures to Address Issues

Greiblock Credit Union (GCU) is a $5 billion financial services firm with a central office located in Chicago, Illinois, and approximately 100 branch offices located throughout the Midwest. The central office provides primary technical services for the all of the corporate locations including branch offices. This is done through a centralized architecture housed in the Chicago data center. Because of security considerations, no IT services are outsourced.
GCU has been the victim of an increasing number of security situations including fraud, identity theft, and cyber-attacks. The GCU Board of Directors has charged you with ensuring that proper policies and procedures are in place to proactively address these situations. They ask that these policies and procedures be developed with a set of metrics so that their effectiveness can be determined. These metrics should include what is to be measured, how measured, and what actions will be performed with the information. Specific areas that you must address include dynamic vulnerability analysis, intrusion detection, and incident response.
You need to design policies, procedures, and metrics to address the following areas: dynamic vulnerability analysis, intrusion detection, and incident response. The description should include the critical aspects of each area in measurable terms, as well as the role various technologies play in executing the policy and procedure strategy. Your paper should have a title page, table of contents, overview with references, followed by the policies and procedures in following format: 1) Purpose, 2) Scope, 3) Policy, 4) Enforcement, 5) Metrics. Note that the policies and procedures should be delivered in an applied business policy format for GCU, not as an academic research paper explaining general polices.
GCU’s Policies and Procedures
Student’s Name
Institutional Affiliation
GCU’s Policies and Procedures
The goal of this security manual is help Greiblock Credit Union (GCU) strengthen its policies and procedures to address various situations, but not limited to cyber-attacks, identity theft and fraud. The policies and procedures that have been outlined in this manual are developed based on a set of metrics that will be used to determine their effectiveness. Moreover, this metrics will be used to alter the policies according to fit the situation. The manual specifically addresses dynamic vulnerability analysis, intrusion detection and incident response. The metrics upon which the policies are based will address what will be measured, how it will be measured and the actions that will be taken. Technical and social aspects of major areas of this manual will be addressed as well.
It is prudent for GCU to have active policies and procedures in place to respond to any security breach. However, to do so critical areas need to be identified and GCU has done so. Therefore, a policy and procedure outline will enable the organization maintain its integrity to its members. Therefore, the identified critical areas must be understood. The dynamic vulnerability analysis enables the organization to test and evaluate its systems in real time. The objective of this analysis is to identify any security errors present in a system while it is in use (Dynamic Analysis, 2017). The analysis utilizes web applications to establish vulnerabilities by conducting actual attacks on the systems (Dynamic Analysis, 2017).
The intrusion detection system (two types active and passive) monitors any malicious activities and is designed to notify the system in case a threat is detected (Bradley, 2016). The active system is programmed to block threats automatically while the passive only monitors and analyses the traffic (Thomas, 2017). The objective of this system is to detect any threat trying to bypass the implemented security control measures (IDFAQ, 2017).
The last critical area identified by GCU is the incident response which addresses what incidents are and the steps to be followed in case they occur. This is addressed by an incident response team whose objective is to address situations in a timely and cost effective manner (Rouse, 2005).
The purpose of this policy is to establish direction, procedures and metrics that can be used to maintain confidentiality, integrity and security that will ensure availability of information, communication and computing services within the organization. The aim is to decrease fraud, identity theft and cyber-attacks by strengthening the security levels and integrity of its systems. This policy manual will address dynamic vulnerabilities, intrusion detection and incident response.
This policy manual will be applicable to all employees and processes utilizing information, communication, computing systems and applications that have been developed, installed and owned by the organization. Due to security considerations of the organization, no IT services that will be outsourced, therefore, they will performed and maintained in-house. This will enable the training of IT staff to acquire knowledge and skills that will enable them handle certain tasks according to the company’s requirements. Training an IT staff solely to handle the requirements of one company will enable them respond to any breach in security in a timely and effective manner. Therefore, this policy will be applicable to all employees within the organization who are granted rights to view, process and store any information within the systems of the organization. However, this policy will not replace any policies that are in place but rather add on them.
Dynamic Vulnerability
Before any procedures are activated, all systems within the organization will be tested for any vulnerabilities and establish any possible vulnerability entry point. If any vulnerability is identified, it is advisable to create patches as an attempt of fixing them. After the patches have been activated, their effectiveness will be evaluated to establish proactive measures against similar instances in the future.
Several steps will be taken to conduct vulnerability test. They include:
* Defining and classifying system resources.
* Assigning the resources relative levels of importance.
* Identifying potential threats to each resource according to its importance.
* Developing strategies that will be used to deal with the threats according to their importance.
* Defining and implementing the identified strategies to decrease the impact of the identified vulnerability. In case of any security flaws, it is important to create a disclosure. This will be done by the individual who identified the vulnerability.
* Assessing the vulnerabilities through ethical hacking which is deliberating with the objective of establishing guid...
