Management of operational risks related to information security in financial organizations

Mehmood, Furhan, Rafique, Rajia

January 2010

<p><strong>Date</strong>: 30^th May 2010</p><p><strong>Authors</strong>: Rajia Rafique, Furhan Mehmood</p><p><strong>Tutor:</strong> Dr. Michael Le Duc, Dr. Deepak Gupta</p><p><strong>Title:</strong> Management of Operational Risks related to Information Security in Financial Organizations</p><p><strong>Introduction: </strong>Information security is very significant for organizations, especially for financial organizations where customer information and their satisfaction are considered the most important assets for financial organizations. Therefore customer information must be sustained from information security breaches in order to satisfy customers. Financial organizations use their customer’s information several times a day to deal with different operations. These operations contain several types of risks. Operational risks related to information security are becoming sensational for financial organizations. Financial organizations concentrate to reduce the exposure of operational risk related to information security because these risks can affect the business to a great extent. Financial organizations need such policies and techniques which can be used to reduce the exposure of operational risk and to enhance information security. Several authors discuss about several types of operational risk related to information security, and several authors discuss about the techniques to avoid these risks in order to enhance information security.</p><p><strong>Problem:</strong> Investigate the concept of Operational Risks related to Information Security and how it is perceived in Financial Organization?<strong><em> </em></strong></p><p><strong>Purpose: </strong>The aspiration of writing this report is to describe and analyze operational risks related to information security in financial organizations and then to present some suggestions in form of polices or techniques which can be used by financial organizations to enhance their information security.</p><p><strong>Method:</strong> Since the type of our thesis is Qualitative based, therefore exploratory research approach is used to carry out research. Authors tried to use secondary source of information as well as primary source of information in order to get maximum knowledge about the topic and to come up with maximum possible output.</p><p><strong>Target Audience</strong></p><p>The target audience in our mind for this paper consists of both, academic readers and professionals who have interest and some knowledge about information security and operational risks. Target audience for this research work includes professionals, academic readers and both investigated organizations (NCCPL and CDC).</p><p><strong>Conclusion</strong></p><p>By critically analyzing the literature written by various authors and the worthy information provided by our primary sources gave us the opportunity to develop a solution to keep the operations secure from risks and to fix the current problems related to information security. We found that there are different types of operational risks related to information security which can affect the business of financial organizations and there are various techniques which can be used by financial organizations to solve the current issue related to operational risks in order to enhance information security. It was also found that top management in financial organizations is interested in issues about information security operational risk and they showed their keen interest in adopting new effective techniques.</p><p><strong>Keywords:</strong> Information Security, Information Security Risks, Operational Risks, Operational Risk Management, Operational Risks in Financial Organizations.</p>

Operational risks

information security

Security in Distributed Embedded Systems

Tewatia, Rohit

January 2008

<p>Communication in a sensor network needs guaranteed reception of data without fail and providing security to it. The authenticity and confidentiality of the data has to be ensured as sensors have limited hardware resources as well as the bandwidth. This thesis addresses the security aspects in wireless sensor networks. The main task of the project is to identify the critical security parameters for these distributed embedded systems. The sensors have extremely limited resources: small amount of memory, low computation capability and poor bandwidth. For example, a sensor platform can have 8KB of flash memory, a 4MHz 8-bit Atmel processor, and a 900MHz radio interface. Various security threats posed to these small wireless sensor networks has been made and solutions proposed. Secure communication between these communicating partners is to be achieved using cryptography.</p>

Sensor Networks

Motes, Security

Security Issue of BGP in complex Peering and Transit Networks

Khalid, Muhammad Adnan, Nazir, Qamar

January 2009

<p>Border Gateway Protocol (BGP) is a critical routing protocol of the internet, used to</p><p>exchange routing information between autonomous systems (ASes). BGP is highly</p><p>vulnerable to many attacks that can cause routing disturbance on the internet. This</p><p>paper describes BGP attacks, misconfigurations, causes of misconfigurations, impact</p><p>of these attacks and misconfigurations in BGP and counter measures. Also we</p><p>analyze new security architectures for BGP, comparison of these security protocols</p><p>and their deployment issues. At the end we propose new security solution that is</p><p>Defensive Routing Policy (DRP) to prevent BGP from malicious attacks and</p><p>misconfigurations. DRP is operationally deployable and very effective to solve BGP</p><p>problems.</p>

Border Gateway Protocol Security

Network Security Analysis

Hassan, Aamir, Mohammad, Fida

January 2010

<p>Security  is  the second step after  that a successful network has been deployed. There are many  types  of  attacks  that  could  potentially  harm  the  network  and  an  administrator should  carefully  document  and  plan  the  weak  areas,  where  the  network  could  be compromised. Attackers use special tools and techniques to find out all the possible ways of defeating the network security.  This  thesis  addresses  all  the  possible  tools  and  techniques  that  attackers  use  to compromise the network. The purpose for exploring these tools will help an administrator to find the security holes before an attacker can. All of these tools in this thesis are only for the forensic purpose. Securing routers and switches in the best possible way is another goal. We in this part try to identify important ways of securing these devices, along with their limitations, and then determine the best possible way. The solution will be checked with network vulnerable  tools  to get  the  results.  It  is  important  to note  that most  of  the attention  in  network  security  is  given  to  the  router,  but  far  less  attention  is  given  to securing a switch. This  thesis will also address some more ways of securing a switch, if there is no router in the network. </p> / The opponent for the thesis was Yan Wang and the presentation time was 60 minutes.

Network Security Analysis

Data Security Enhancement for Web Applications Using Cryptographic Back-end Store

Lin, Wenghui

01 January 2009

Conventional storage technologies do not always give sufficient guarantees of security for critical information. Databases and file servers are regularly compromised, with consequential theft of identities and unauthorized use of sensitive information. Some cryptographic technologies increase the security guarantees, but rely on a key, and key secrecy and maintenance are difficult problems. Meanwhile, there is an accelerating trend of moving data from local storage to Internet storage. As a result, automatic security of critical information without the need for key management promises to be an important technology for Web Applications. This thesis presents such solution for Internet data storage that uses a secret sharing scheme. The shared secrets are packaged as JSON objects and delivered to various endpoints using HTTP semantics. A shopping website is developed to demonstrate the solution.

Web Applications; Storage; Security

The characteristics of user-generated passwords /

Sawyer, Darren A.

January 1990

Thesis (M.S. in Information Systems)--Naval Postgraduate School, March 1990. / Thesis Advisor(s): Zviran, Moshe ; Haga, William J. "March 1990." Description based on signature page as viewed on October 21, 2009. DTIC identifier(s): Access control, passwords, computer security, identification verification. Author(s) subject terms: Passwords, computer security, user-generated passwords, informaiton system security. Includes bibliographical references (p. 98-99). Also available online.

Data protection. Computer security.

The implementation of the policy of comprehensive social security assistance

Tong, Sui-yip.

January 2006

Thesis (M. P. A.)--University of Hong Kong, 2006. / Title proper from title frame. Also available in printed format.

Welfare fraud Social security

Managing IT Security In Organizations : A look at Physical and Administrative Controls

Asmah, Gilbert Yaw, Baruwa, Adebola Abdulrafiu

January 2005

Introduction Information technology security or computing system security is one of the most impor-tant issues that businesses all over the world strive to deal with. However, the world has now changed and in essential ways. The desk-top computer and workstation have appeared and proliferated widely. The net effect of all this has been to expose the computer-based information system, i.e. its hardware, its software, its software processes, its databases, its communications to an environment over which no one—not end user, not network admin-istrator or system owner, not even government—has control. Purpose Since IT security has a very broad spectrum and encompasses a lot of issues, we want to focus our research by taking a critical look at how business organizations manage IT secu-rity with specific emphasis on administrative and physical controls. Methods When the authors of this paper approached the topic to be studied it soon became evident that the most relevant and interesting task was not merely to investigate how business and non business organizations manage their IT security, but in fact try to understand what lies behind them. The purpose of this paper demands a deeper insight of how organizations address the issue of computer security; the authors wanted to gain a deeper understanding of how security issues have been addressed or being tackled by the organizations. Thus, the qualitative method was most suitable for this study. Conclusion Based on the chosen approach, the result of this study has shown that both business and non-business organizations located in Jönköping recognize the importance of IT security, and are willing to protect their systems from threats such as unauthorized access, theft, fire, power outage and other threats to ensure the smooth running of their systems at all times.

Computer System Security

IT security

Security Planning

Security policy.

Business studies

Företagsekonomi

Stunted Growth: Institutional Challenges to the Department of Homeland Security's Maturation

Fronczak, Dana James

23 April 2013

Scholars have proposed numerous explanations as to why the Department of Homeland Security has struggled to mature as an organization and effectively conduct its core mission. We propose an alternative viewpoint that the department lacks key legal authorities and necessitates key organizational transfer in order to rationalize its portfolio. We examine these points through review of legal authorities in select mission areas and through a resource analysis of activities conducted throughout the federal government to execute the homeland security mission. The analysis leads to specific recommendations for transfers and authorities and suggestions as to how the political environment might coalesce around engendering these changes. / McAnulty College and Graduate School of Liberal Arts; / Graduate Center for Social and Public Policy / MA; / Thesis;

DHS, Homeland Security, Management

The Role of U.S. Infrastructure Investment in Strategic Asset Allocation

Cahill, Michael A

01 January 2013

This paper investigates the role of U.S. infrastructure investments in a multi-asset portfolio, by using monthly return data for eight different asset classes from the period December 2002 to March 2013. Applying mean variance, as well as mean-downside risk, optimization models, I show that U.S. infrastructure plays an important role in delivering better risk/return trade-offs than more traditional portfolios. Infrastructure proves to be most beneficial to moderate-risk portfolios where the standard deviation ranges from 2% to 6% and the maximum allocation to infrastructure is 65.49%. Additionally, I show that infrastructure is more attractive to investors who are averse to variance, rather than downside risk.

Portfolio and Security Analysis