Top Essay Writers
We carefully choose the most exceptional writers to become part of our team, each with specialized knowledge in particular subject areas and a background in academic writing.
Posted: March 26th, 2021
Client Data Security for Financial Advisory 401K Exchange (FAKE)
Client Data Security for Financial Advisory 401K Exchange (FAKE)
Name
Institution
Date
Table of Contents
Abstract 4
Implementation Proposal 4
INTRODUCTION 5
Project Scope 5
Defense of the Solution 6
Methodology Justification 6
Organization of the Capstone Report 8
SYSTEMS AND PROCESS AUDIT 9
Audit Details 10
Problem Statement 10
Problem Causes 11
Business Impacts 12
Cost Analysis 13
Risk Analysis 13
FUNCTIONAL AND DETAILED REQUIREMENTS 15
Functional (end-user) Requirements 15
Detailed Requirements 16
Existing Gaps 16
PROJECT DESIGN 17
Scope 17
Assumptions 18
Project Phases 19
Timelines 21
Dependencies 22
Resource Requirements 22
Risk Factors 23
Important Milestones 24
Deliverables 25
METHODOLOGY 27
Approach Explanation 27
Approach Defense 28
PROJECT DEVELOPMENT 30
Hardware 30
Software 30
Tech Stack 30
Architecture Details 31
Assets Used 31
Final Output 32
QUALITY ASSURANCE 33
Quality Assurance Approach 33
Solution Testing 34
IMPLEMENTATION PLAN 36
Strategy for Implementation 36
Rollout Phases 37
Go-Live Details 38
Dependences 38
Deliverables 39
End-user Training Plan 39
RISK ASSESSMENT 41
Quantitative and Qualitative Risks 41
Cost-Benefit Analysis 42
Risk Mitigation 44
POST IMPLEMENTATION SUPPORT AND ISSUES 46
Post Implementation Support 46
Post Implementation Support Resources 46
Maintenance Plan 47
CONCLUSION, OUTCOMES, AND REFLECTION 48
Project Summary 48
Deliverables 48
Outcomes 48
Reflection 49
REFERENCES 50
Abstract
FAKE, which is part of the financial services industry, is looking to better secure and prevent the loss of customer data by using an Advanced Threat Protection (ATP) system that will be known as Tornado to ensure the Safeguards Rule and GLBA compliance. Despite digitalization playing a crucial role in the financial service industry, the move has been associated with numerous security challenges. The industry of financial services work with a substantial amount of confidential client data in its daily transactions. Because of the perceived worth of such data, the industry has become one of the core targets for cybercriminals. Therefore, with the increase in the number of phishing software and high risk mobile applications, FAKE faces the risk of losing its data to cybercriminals if it fails to introduce an ATP system.
Implementation Proposal
The main goal of this project is to enhance the client data protection process for FAKE. To achieve this goal, an ATP system will be designed leveraging digital technologies like self-learning machines and artificial intelligence (AI) for the detection, prevention, and mitigation of threats. The system to develop will be known as Tornado. The technology will be a blend of numerous solutions to data security whose design aims at preventing cybercriminals such as hackers from stealing sensitive and private data. The solution will entail the discovery and classification of the sensitive and private data; monitoring the database; encryption of the database, files, and folders; and anonymization. The effectiveness of the system to detect threats will be enhanced through integration of behavioral analytics in the system.
INTRODUCTION
FAKE, which is part of the financial services industry, is looking to better secure and prevent the loss of customer data by using an Advanced Threat Protection (ATP) system that will be known as Tornado to ensure the Safeguards Rule and GLBA compliance.
Project Scope
The core objective of this project is to enhance the client data protection process for FAKE. To achieve this goal, an ATP system will be designed leveraging digital technologies like self-learning machines and artificial intelligence (AI) for the detection, prevention, and mitigation of threats. The system to be developed will be known as Tornado. The technology will be a blend of numerous solutions to data security whose design aims at preventing cybercriminals such as hackers from stealing sensitive and private data. The solution will entail the discovery and classification of the sensitive and private data; monitoring the database; encryption of the database, files, and folders; and anonymization.
The project will focus on the following areas:
1. Tornado software will aid in data loss prevention by detecting malware and other attempts from unauthorized users to access FAKE’s databases.
2. To implement a data loss prevention program leveraging digital technology, where Microsoft Defender for Endpoint is the proposed solution.
3. To identify and discuss the various forms of threats that can lead to data loss in the IT system of the financial service industry that need to be safeguarded.
4. To execute a training and awareness program on cybersecurity for both the financial service providers and clients to establish the risks associated with data management.
5. To put in place a channel of communication between the financial service providers and clients that is secure.
Items out of scope in this project will include data migration services, non-security end user training, application software licenses, and infrastructure requirements such as network and power cabling, which will be the sole responsibility of the client.
Defense of the Solution
The industry of financial services work with a substantial amount of confidential client data in its daily transactions. Because of the perceived worth of such data, the industry has become one of the core targets for cybercriminals. According to Leonhardt (2019), hackers accessed over 7.9 billion client records. Therefore, with the increase in the number of phishing software and high risk mobile applications, FAKE faces the risk of losing its data to cybercriminals if it fails to introduce an ATP system. The three avenues of mobile banking that are vulnerable to data loss include unsecured Wi-Fi, mobile malware, and third-party applications, which necessitates the need for a technical solution.
Methodology Justification
This project will employ the Risk Management Framework (RMF) which will provide a structured approach to identify the different systems and standards, select and implement the security solution, assess and approve the enterprise solution, and provide continuous monitoring to ensure future compliance. There are at any rate five components that should be taken into consideration when designing the risk management framework structure. They include:
Identification of risk – The initial phase in distinguishing the dangers an organization faces is to characterize the danger universe. The risk rundown is basically an archive of every single imaginable risk. In the wake of posting every single imaginable risk, the organization would then be able to choose the threats to which it is uncovered and sort them into primary and secondary threats. Primary threats are those that the organization should take to drive execution and long haul development. Secondary threats are regularly not fundamental and can be limited or dispensed with totally.
Measuring and assessing risk – Risk estimation gives data on the quantum of either a particular risk presentation or a total risk introduction, and the likelihood of a misfortune happening because of those introductions. When estimating explicit threat presentation it is imperative to consider the impact of that hazard on the general threat profile of the association.
Mitigation of risks and threats – Having classified and estimated its threats and risks, an organization would then be able to choose which threats to take out or limit, and the amount of its center risks to hold. Danger moderation can be accomplished through an inside and out offer of resources or liabilities, purchasing protection, supporting with subsidiaries, or expansion.
Monitoring and reporting of risks – It is imperative to report routinely on explicit and total risk measures to guarantee that danger levels stay at an ideal level. Monetary organizations that exchange day by day will deliver day by day hazard reports. Different establishments may require less continuous revealing. Threat reports should be shipped off risk faculty who have that position to change (or educate others to change) hazard presentations.
Risks and threats governance – governance of risks and threats is the cycle that guarantees all organization representatives play out their obligations as per the danger the board system. Threat and risk governance includes characterizing the parts, all things considered, isolating obligations and allotting position to people, advisory groups and the board for endorsement of center dangers, threat limits, special cases for cutoff points and threat reports, and furthermore for general oversight.
Organization of the Capstone Report
The rest of the report will mainly be comprised of various step involved in the implementation process. A basic part of this source of inspiration was the frameworks and cycle review, which recognized key pain points and the advancement of an emergency with significant effect on the organization, depicted in the difficult causes and business impacts areas. The expense and danger examination assessed the arrangement executed because of reacting to the review results. Nitty gritty and practical prerequisites of the venture are portrayed after the review segments, assessing zones that incorporated the end-client inside the arrangement, and necessities to finish the undertaking. The paper at that point expounds on the task configuration in detail, its extension, presumptions and stages, and recognizing courses of events, conditions, asset necessities, hazard factors, key achievements and expectations.
A survey of the technique received for the undertaking is delineated in the following segment, recognizing different methodologies for the task, any weaknesses experienced, and legitimizations and correlations of the picked approach. This is clarified and protected with specific accentuation on the accomplishments in the close and long haul, and the adaptability of the plan.
Following this, the task improvement segment analyzes the venture embraced, and the different stages and expectations, including the equipment, programming, assets and other innovation and design subtleties. This segment closes with additional legitimization of assets utilized and the last yield of the task.
A depiction and clarification on quality affirmation is in the following segment, as the arrangement is tried inside a few situations and acknowledgment rules. Support of these experiments utilized are likewise clarified. The usage plan is examined straightaway, with subtleties on the venture turn out, assets utilized, systems conveyed and different points of interest and assignments of the arrangement. This incorporates turn out stages, go-live, conditions, expectations and preparing.
Risk appraisal and subtleties on the risk factors comes after the quality assurance. This investigation zeroed in on those regions that may have obstructed the venture and incorporates quantitative and subjective dangers, and any cost invades and particular outcomes. A money saving advantage investigation is created for each danger found, and the part finishes with an audit of danger moderation procedures and any options in contrast to the first arrangement.
Post execution, support and issues are examined in the following segment, distinguishing assets required and a short-and long-haul upkeep plan. This is trailed by the ends, results and reflections as the task is summed up in the last area.
SYSTEMS AND PROCESS AUDIT
An external auditor was contracted by FAKE for the purposes of evaluating the current IT infrastructure, incorporating internal systems, hardware devices, and business transactions. The audit was necessary to assess whether or not the company was protecting confidential and sensitive user data and information from cybercriminals. Being in the financial service industry, client data is constantly a target for cybercriminals. As a result, the management felt the need to better ensure that client data is protected at all times from the evolving nature of cyberattacks. The following audit details present the scope of the audit conducted together with the findings.
Audit Details
The scope of the audit that was carried out at FAKE was to provide an assessment of the current It infrastructure, processes and policies with regard to data protection and security. Similar to other audits, the findings were documented to provide the management with details so that they could take the next steps. In this manner, the intention was to utilize the findings to provide a minimum baseline for the company to secure client data and information while achieving the strategic goals and objectives.
Accordingly, during the audit it was established that the current IT infrastructure is not secure enough to ensure that client data is protected from cybercriminals. The auditor took into consideration the evolving nature of threats and forms of attacks used by cybercriminals. Since the company had not updated the existing infrastructure, it would be possible for cybercriminals to launch attacks that could compromise clients’ sensitive records.
Problem Statement
Financial Advisory 401K Exchange (FAKE) offers its clients financial planning and management services through innovative technology, such as mobile banking. As a company that is still growing and having more clients, FAKE realized the need for a better protection system for detecting and preventing cyber-attacks.
The audit established that the current system did not meet the requirements for protecting client data. For instance, with the increase in the number of phishing software and high risk mobile applications, FAKE faces the risk of losing its data to cybercriminals by not adopting and implementing an ATP system. In comparison, the existing system does not have advanced security features that are provided by an ATP system. This is largely the reason as to why the company needs to adopt a better system for protecting sensitive client data from unauthorized use.
Problem Causes
The audit identified several causes leading to cyberattacks at the company. At the onset, negligence or the lack of awareness was identified to one of the causes leading to potential cyberattacks on sensitive client data and information. Trautman and Ormerod (2018) report that security breaches in companies and organizations is the result of staff negligence. To provide an example, Trautman and Ormerod reference the WannaCry Ransomware attack to demonstrate how negligence leads to cyberattacks. Following the attack, Microsoft released a patch to prevent the attack from affecting companies. However, because of the lack of awareness, some companies continued to experience the ransomware attack since they had not updated their systems. Accordingly, this is a cause that could lead to cyberattacks at FAKE.
Still on negligence, the audit identified that another potential cause that could lead to cyberattacks at the company targeting client data concerns inadvertent insiders. Tariq (2018) explains that inadvertent insiders are staff within a company who because of the lack of awareness serve as an easy entry point for cyberattacks. To be specific, cybercriminals could potentially target employees through social engineering techniques, like phishing, which would then give them the chance of exploiting other cyber vulnerabilities. Since the company’s employees are not fully aware of cyber threats and attacks, they are most likely not to be aware that they have been compromised.
Unsecured Wi-Fi networks is yet another likely cause for cyberattacks at the company. According to Tariq (2018), cybercriminals use unsecure network connections to intercept log-in information that they can they use to breach databases and systems. Tariq goes on to state that roughly more than a quarter of all Wi-Fi hotspots on the planet do not utilize any encryption whatsoever. This essentially implies that by utilizing a receiving antenna equipped for sending and accepting information at 2.4 GHz, any individual situated close to a passageway can without much of a difficulty intercept and record all client traffic and afterward peruse it for information they are keen on.
Business Impacts
FAKE would benefit from the solution because the technology will address multiple security issues related to data protection. The solutions will aim at ensuring the malware protection will prevent the network devices, endpoint agents, centralized platform of management, and email gateways from being attacked and stolen by cybercriminals. Consequently, failing to implement the solution could result in the following business impacts.
One potential business impact concerns the economic expense accompanying data breaches. FAKE could be affected from financial losses as a result of losing corporate data and information, theft of client sensitive records, like payment details, as well as theft of money by cybercriminals. What’s more, the company will also incur the expense that comes with repairing and securing devices, networks, and systems affected.
Another potential business impact is the reputational damage that the company will face. In the financial service industry, client relationship relies on trust. Clients trust that their personal and sensitive data will be kept secure from unauthorized use. The threat of cyberattacks will be likely to damage the company’s reputation since clients will not trust that their data is kept safe. Consequently, the business will be impacted by the loss of clients and reduced profits. Apart from clients, relationships with other stakeholders will also be impacted. These stakeholders include investors, partners, and third parties.
Most importantly, the business could also be impacted by legal consequences. According to the Safeguards Rule and the GLBA Compliance, financial institutions are required to implement information security policies detailing how they plan on protecting sensitive customer data and information. Experiencing data breaches implies that there were no such policies implemented for protecting customer data and information. Accordingly, the company could be liable to regulatory sanctions together with fines.
Cost Analysis
The proposed project will incorporate the expertise and skill of several information management individuals. The financial service company has an internal IT department comprising of these individuals. In accordance, outsourcing experts will not be necessary during the adoption and implementation of the proposed project. The table below demonstrates details related to the cost of the project.
IT Expert Hours Cost per Hour Total Cost
Project manager 30 $40 $1200
Application analyst 45 $35 $1575
Cybersecurity analyst 20 $40 $800
Data analyst 30 $30 $900
Risk Analysis
As will all projects, it is fundamental to expect risks that can affect successful completion. When it comes to businesses and organizations, like FAKE, the adoption and implementation of technology comes coupled with risks that are assessed in terms of likelihood and impact. The proposed solution at FAKE is intended to secure the company’s databases and IT infrastructure to protect client data and information. Regardless of how the proposed solution is aimed at mitigating the current identified risks, there are some new risks that could be encountered.
For the most part, these risks can be considered as post-implementation risks, i.e., those that will occur during and after implementing the proposed solution. Some of these risks are out of the control of the business, including natural disasters, internet connectivity problems together with power disruptions. Apart from these, there are internal risks that could be observed at the company. These include human error and negligence risks, failure of devices and components in the IT infrastructure, recurring cyberattacks, and hardware/software integration problems. These risks are outlined in the following table, based on definitions provided by NIST SP 800-30.
Risk Table
Condition Likelihood Impact Consequence
Natural disasters Low Moderate Moderate
Internet connectivity problems Low High High
Power disruptions Low Low Low
Human error/negligence Moderate High High
Device/system failure Moderate Moderate Moderate
Cyberattacks High High High
Hardware/software integration Moderate Low Low
FUNCTIONAL AND DETAILED REQUIREMENTS
The requirements of the proposed project will entail securing the existing IT infrastructure at the company to ensure that client data is secured from unauthorized access. In the ensuing sections, a description of the end-user requirements, operational and technical requirements, as well as current loopholes and gaps that will be filled through the proposed system will be provided.
Functional (end-user) Requirements
At the company, there are several end-user requirements with regard to the implementation of the proposed solution. To start, one end-user requirement concerns how employees of the company are required to system and communication access facilitated by a workstation, accompanied with the expected level of functionality to perform their tasks. In accordance with Cheng, Fu, and Chen (2016), the classification and categorization of these user functionalities is based on role-based access control.
The current IT infrastructure at the company comprises of network devices, databases, internal front-end services, as well as external internet access. The clients of the company are provided with financial services through third-party applications that connect and provide client data depending on the need. Taking this into consideration, client access to data and information is a functional requirement of the proposed solution.
At a bare minimum, the company’s staff/employees are expected to have a workstation where they can access systems, services, as well as internet connectivity. The internal application allows communication within the organization, which is also used for sending and receiving files and folders. The workstations are expected to comprise of conventional applications, such as internet browsers, Microsoft packages, as well as antivirus programs. Nevertheless, access to data and information is regulated using the role-based grouping policy, whereby employees only access data and information that relates to their position within the company.
Detailed Requirements
A basic prerequisite dependent on the security weaknesses that were identified concerns access controls, and at the financial institution, this is explicitly coordinated to its utilization of the data frameworks and applications, from network devices to security software programs. The management at the company has communicated their anxiety on the internal utilization of email, web and the security of customer information, and this was demonstrated through new security arrangements, methodology and rules, and actualized with unified validation and access controls.
Because of these updates necessities, controls for auditing, for example, monitoring access and logging is to be part of the implementation to forestall cyber risks and threats, as provided in ISO guidelines and regulations (Disterer, 2013). Apart from that, other prerequisites to be met are limitations on the abilities of the company’s employees with regard to installing software programs and applications from any source, on the web or locally and to make changes to the work area of the workstations, for example, personalization of the presentation, screen captures and add-ons. Tentatively, based on how usernames and passwords are currently in the control of a policy-based centralized framework, there is a requirement for effective and efficient design settings that for securing data and information.
Existing Gaps
The gap that exists at the company, i.e., FAKE, concerns how there is no guarantee when it comes to protecting sensitive client data and information. For the most part, the financial institution was aware that there were existing resources implemented for providing security; however, with the increasing and advancing nature of cyberattacks, it was determined that these resources were not adequate enough. With the integration and implementation of the proposed solution, the company will be able to not only protect client data and information but will also have a means of detecting and identifying where the threats are coming from.
Another gap that exists in the company concerns the lack of awareness of the employees with regard to security. At FAKE, employees are allowed to bring their own devices, which in itself is a potential vulnerability since they connect these devices to the company’s network. If these devices are infected with malware, there is a possibility of the entire network becoming compromised. In this manner, the lack of security awareness is a gap that needs to be filled.
PROJECT DESIGN
In this section of the document, the outline of the project design will be provided, comprising of the scope of the project, phases that will entail the lifecycle, timelines and dependencies associated with implementing the system. Similarly, resource requirements will be provided as well as risk factors that will be involved with the project. Lastly, the section will provide a discussion with regard to the important milestones of the proposed system together with the expected deliverables. Accordingly, the plan is to replace the existing system with an advanced threat protection system.
Scope
The scope of the proposed project will involve adopting and implementing a cloud-based advanced threat protection system. In essence, the project is envisioned to restructure the data and information security strategy at FAKE to improve protection and performance. In accordance, the project scope will cover and target particular areas of risks and threats, ranging from devices, systems, and users. As a result, the restructured security strategy will improve the existing layer of protection.
Tentatively, the project will be limited to implementing Tornado as the advanced threat protection system. To be precise, implementation will entail cloud configuration that will accommodate and facilitate services like machine learning and artificial intelligence to improve security. In turn, the proposed system will entail protecting network devices, systems, as well as servers.
Apart from that, employees of the company together with their workstations will also be included. For the most part, users are recognized as the greatest vulnerability because of several factors, including lack of awareness and negligence. In this manner, users are included in the scope of the project since they will be impacted by the proposed solution. When it comes to user workstations, they are included as part of the project in terms of the tools that will be implemented for increasing data and information protection.
As already provided, items out of scope in this project will include information relocation administrations, non-security end client preparing, application programming licenses, and framework prerequisites, for example, organization and force cabling, which will be tasked to the customer.
Assumptions
The following assumptions were made with regard to the proposed project design.
1. Access to network devices, systems, and databases will be made available all throughout the duration of the project to assist in collecting feedback about the system.
2. The adoption and implementation of the advanced threat protection system will assist to significantly minimize the potential points of vulnerabilities in the financial institution and offer better protection to client data.
3. Implementation of the proposed project will not require hiring of individuals capable of interacting and using the system. Since the company has an internal IT department, the assumption is that will have the necessary skills and expertise for interacting with the system.
Project Phases
In the proposed project, the waterfall methodology was selected because of its relative ease when it comes to sharing progress with stakeholders. According to Chari and Agrawal (2018), the waterfall methodology involves delineating a task into unique, successive stages, with each new stage starting just when the earlier stage has been finished. The waterfall methodology is the most customary strategy for dealing with the proposed venture, with colleagues working in a straight style towards a set ultimate objective. Every member has an obviously characterized job and none of the stages or objectives are required to change. That said, the following are the phases that will be involved with the project.
Requirements phase is the first phase of the proposed project. In the project’s lifecycle, this is the stage in which the project manager not only analyzes but also collects and accumulates all the prerequisites and documentation for the proposed venture. In addition to that, the development team also goes through the requirements so that they can get the scope of the project. The team engages in asking questions for securing answers building to the product’s development. That said, this will be a crucial part of the lifecycle and will mark the second milestone for the venture.
After that, the next stage is the system design phase. During this stage, the project manager plans the work process model for the undertaking. In addition to the design, the test cases will be developed to show how to prove each requirement was met. Similarly, software developers are given the task of designing a technical solution to the issues identified as provided in the requirements. Several documents will come out of this phase, including the system design document, test cases and requirements traceability matrix.
Implementation is the next subsequent phase. The deliverables that come out of the system design phase are developed into units or components, which are essentially small segments of the complete project. Here, the proposed system is incorporated in in the company; i.e., this is where components of the proposed advanced protection system get assembled. This is also an important milestone for the project based on how it will involve incorporation of the proposed system at the organization.
Following that is the testing phase. During this stage, every component that forms part of the proposed system is tested to guarantee they function true to functionality and satisfy the fundamental prerequisites. The finished product needs to undergo steady programming testing to see whether there are any defects or blunders. Testing is also done so the customer does not confront any issue during the establishment of the product. As a milestone of the project, completion of the phase will imply that the system is ready to be integrated into the client organization.
Deployment is the subsequent phase on account of the proposed system. Basically, this is the part of the project’s lifecycle whereby the final system is officially dispatched within the company.
Finally, the last phase is support and maintenance. In this last, progressing stage, the project team performs upkeep and engages in maintaining the subsequent system after it is implemented. This stage happens after implementation of the complete system, and includes making alterations to the framework or an individual segment to modify features or improve execution. These alterations emerge either because of progress demands started by the client, or deformities revealed during live utilization of the framework. More so, the customer is presented with customary upkeep and backing for the developed system.
Timelines
Within the scheduled plan, the respective phases were allotted the following timelines.
Phase Key Activity Duration
System & process audit Developing project scope document
Developing project plan
Appointing project manager and team 2 weeks
Requirements Business process review
Functional and details requirements collection 2 weeks
System Design Modelling of infrastructure
Functional design modelling 4 weeks
Implementation Initial system installation 2 weeks
Testing Development of test cases
Integration testing
Stress testing 1 week
Deployment Final system assessment
Implementation into company
End user training 2 weeks
Maintenance Project evaluation
Sign-off 1 week
Dependencies
There are a large number of the tasks that are subject to the progression preceding it. These are presented in the Gantt outline above. Necessities gathering could not start until the reviews are finished. Application examination cannot happen until the elements have been resolved. Making the framework configuration is reliant on all necessity gathering exercises being finished. Building up the robotized instrument is subject to the framework configuration being finished. To perform quality affirmation on the device, the instrument must be finished. Lastly, usage will happen after all QA exercises are finished.
Resource Requirements
There will be some asset necessities for the undertaking to be provided by the monetary establishment comprising of equipment and programming. The equipment prerequisites included force and organization cabling, as the proposed framework joins any remaining required necessities. The allotted territory where the proposed frameworks to be executed should have all force and organization foundation labeled and, on the web, and prepared to interface with the organization. The proposed frameworks incorporate programming along with their separate licenses, needed to get the organization gadgets on the web and initiated, and to move the customer applications from the old foundation to the new. Any remaining programming and licenses to work customer applications will be the obligation of the monetary establishment.
Aside from that, other asset prerequisites will include:
• An application analyst who will be needed at the necessity gathering stage.
• A cyber security analyst who will be needed at requirement gathering stage.
• A data analysis who will be required for both the necessity gathering stage and the quality assurance stage.
• A software developer who will be required for both the framework plan and framework advancement stage.
• The project supervisor who will be required all through the whole task.
Risk Factors
One of the risk factors identified for the project is the loss of funding whereby it is pulled for one reason or another. The likelihood of the risk factor is low since as long as the project is moving forward and showing results, the funding will not be cut. Also, the low cost and short lifespan of this project makes it an unlikely candidate for cuts. However, the consequence of the risk factor in the company is high in the sense that if the project funding is cut, the system will not be completed.
Another risk factor is the lack of follow-up of the project during its lifecycle. If the remediation efforts do not result from this project, it will make this project’s outputs worthless. The likelihood of the risk factor is moderate since all tasks and activities are subject to the management. For instance, management may decide that the remediation efforts are too costly and they would rather put the money elsewhere. Regardless, the consequence of the risk factor is low because the proposed project will still be completed.
Hardware failure is another risk factor that could be observed during the project. Basically, network devices or workstations could crash during implementation. However, the likelihood of the risk factor is low since the current devices are installed with the latest software and they are also not more than three years old. The consequence of the risk factor is also low since the devices that fail can be replaced and they are not dependent on each other.
Lastly, another risk factor is reduction of performance and productivity. During implementation, some parts of the IT infrastructure will be affected one way or another. This will cause reduced performance but only for a short while, which is why the likelihood is low. Similarly, the consequence of the risk factor is low since the assets that will be affected will have already been considered in the beginning to ensure that not all business processes and operations are affected.
Important Milestones
During the project lifecycle, the following are the essential milestones that will provide insight into the extent of progress.
1. Completion of audits. This is among the first milestones that will set the pace of the project lifecycle. The milestone will be determined to be finished by the delivery of the audit reports to the project manager for analysis.
2. Completion of requirements gathering. Following the audit reports, the project will undergo functional and detailed requirements gathering to establish the prerequisites of the project. Accordingly, this milestone will be determined by the requirements document that will also be delivered to the project manager.
3. Completion of system design. In this milestone, the system design document is created. Likewise, the milestone incorporates the creation of the test together with a requirements traceability matrix, which will match each test case with the requirement that it meets. All of these documents will be delivered to the project manager.
4. Completion of testing. For this milestone, the quality assurance team will develop a report documenting the results of the tests conducted on the proposed system. This report shall be delivered to the project manager. Apart from that, the company will sign a document indicating acceptance of the proposed system. Once this is fulfilled, the acceptance letter will be sent to the project manager.
5. Completion of plan of action. After the implementation of the proposed system, the plan of action will be documented and delivered to the project manager together with the development team.
Deliverables
The following are the deliverables of the project:
1. Requirements document. The document will contain all the functional and detailed requirements. The document is created during the requirements gathering phase.
2. System design document. The document contains the design of the system. It is developed during the system design phase.
3. Test cases. These cases show the steps to follow to test each requirement. These cases are developed during the system design phase.
4. Requirements traceability matrix. This is a table showing the relationship between requirements and test cases. It is used to ensure coverage of test cases to requirements. It is developed during the system design phase.
5. Files with supporting analysis data. All data and information gathered during the requirements phase for the application analysis and the vulnerability analysis will be provided.
6. Priority list of vulnerabilities. The document will comprise of all documented vulnerabilities and risks following the implementation and testing phases. The document will serve as a lookup point for known vulnerabilities as well as a template for recording new or recurring threats and risks.
7. Plan of action document. The document comprises of the plan of actions that are developed during the implementation phase. The document will come in handy to assist in the deployment of the final system within the company.
METHODOLOGY
The methodology in the proposed project will be equivalent across all the stages, which will serve the function of mitigating the dangers utilizing inventive and new innovation arrangements that diminish cost and multifaceted nature when it comes to IT management. Accordingly, the proposed methodology will be undertaken through face to face evaluation meetings with work force, which included administration, and taking stock of introduced foundation and supporting documentation. Past review and danger evaluations will also be gathered and analyzed whenever found, while contents and log reports will be directed to figure out the present status of the existing system. This investigation gathering strategy will be applied to the frameworks, organization, assets (individuals), and finished the image to give the preview of the IT infrastructure at FAKE. The methodology will be applied to convey basic data, which will also be used to affirm the urgency of the undertaking, while at the same time featuring the need to keep the arrangement straightforward and secure.
Approach Explanation
The methodology that will be adopted to deal with use in settling the issues identified at FAKE will at first be a standard waterfall framework to make the mechanized apparatus. To begin with, the system and process audits will be finished. Utilizing the information from the audits just as other examination information, the functional and detailed requirements will be accumulated. From these prerequisites, a plan of the framework will be made. At that point the proposed system will really implemented within the company. Subsequently, the new system will go into the conventional quality assurance (QA) measure to evaluate its efficiency. On the off chance that client acknowledgment is provided, deployment will start. At last, the product will move into a support and maintenance stage to consider continuous refinements to the design.
The methodology attempted was intended to zero in on the undertaking supporter’s necessities, yet to gain from those that would be the real beneficiaries of the arrangement, the end clients. While there was a danger of expanding the extension dependent on client input, the advantage far exceeded the danger as this information can be helpful whether it’s possibly in support of the orders of the board. In the event that the information bolsters that of the board, that would be incredible. On the off chance that it varies, at that point this separation, if it’s in spite of the board’s reasoning, should be examined with the undertaking’s patron and assessed. Also, the methodology served to approve review and danger discoveries, as those were key elements in administration’s choice to look for an answer.
The decision to apply similar methodology across all stages in the undertaking was because of the task size, which was little, and the tight window for reacting and execution. There was a slight danger of having deficiencies with that decision, as some significant contemplations might be disregarded, however that danger was satisfactory.
Approach Defense
Verma, Bansal, and Pandey (2014) suggest that the end client should consistently be one of the objectives in estimating the achievement of a result, and a critical one at that, where client contribution and scarcity in that department are top elements and pointers in venture achievement and disappointments separately. Client involvement ought to be a pillar in business projects, and a triumph basis, particularly in the circumstance that brought about the issues at FAKE. The reviews and threat evaluations likewise noticed the criticalness of the end client at AIB in being dangers to the business.
The methodology was also selected based on how it fulfills all the significant components. To start with, it shows that the organization is performing due industriousness in proactively tending to their weaknesses. Second, it moves toward the issue intelligently and perceives that not everything weaknesses can be fixed. Rather it organizes the main ones to the first spot on the list permitting the engineers to realize which issues should be remediated first. Third, it delivers how future changes to the IT architecture will be dealt with.
Apart from that, the selected methodology was intended to handle the known weaknesses of the current system, and considers finding valuable data for project usage, that would have in any case stayed obscure. The adaptability of the methodology was supported as all zones of the business was contacted – however talks with, evaluations, walk-throughs and documentation. This gave extra justification towards long haul accomplishment as the methodology will consider exercises gained from earlier and existing design, the business culture within the association, the board’s essential objectives, the end client and the customer profile.
PROJECT DEVELOPMENT
The development of the project served to deliver an arrangement that planned an answer dependent on the expressed necessities and extra contribution from clients, appraisals and reports. After a plan alternative was picked, the arrangement was additionally evolved, tried and executed with complete merchant on location uphold. Plan improvement incorporated all regions of establishment and usage, including preparing and documentation
Hardware
No extraordinary equipment will be required. It is normal that the application will run on a PC running the Windows 10 working framework. Regardless, Uninterruptible Force Supplies (UPS) will be required that would keep up consistent and clean capacity to associated gadgets during ordinary force tasks (no blackouts), and during a force blackout, this will proceed as dependent on the sort of burden (associated gadgets), inside battery status and length of blackout time without interference.
Software
The lone programming bought was the reinforcement programming, which will deal with the reinforcement and reestablish activities of the information, frameworks, and applications at the customer organization. Any remaining programming was given by the customer organization and comprised of existing working frameworks, applications, information bases and particular licenses.
Tech Stack
An innovation stack gives a rundown of all the innovation administrations used to construct and run a solitary application. Concerning the customer organization, there is just the custom protection agent application that is the core of the business, comprising of an application front end, where clients access the program, and the information base back end where the information is put away.
Architecture Details
The framework at FAKE was refreshed to a virtualized model running on the high level danger security framework, which decreased the costs brought about by the organization. Moreover, this permitted the monetary organization to change over and run all their application and workers essentially on the new stage, and to demand for all future projects the require to help virtualization, as this will keep on contributing towards a more noteworthy profit for the venture.
FAKE relocated the actual workers to virtualized workers, keep up all current information and settings. The new area was designed with concentrated security and all new client profiles were made. Another virtual email worker was introduced and coordinated with client profiles and application account settings. Fix the executives and application refreshes are presently overseen by virtual workers answerable for this set-up of administrations and designed to download security and basic updates, which are then tried for a few days prior to being pushed out to the separate endpoints.
Assets Used
On this task the vendors provided all labor to introduce, arrangement, design, test and direct preparing nearby with information move at project shutting. These assets were incorporated as a component of the item buys. The high-level danger security framework was totally actualized by means of a cloud climate with online help, which worked in the customer favor as the item was introduced by the customer in one hour and at the end, the customer was completely equipped for dealing with the application.
The customer gave one innovation asset both organization and frameworks ability who dealt with the interfaces between the bought items and the current frameworks. The customer likewise gave power and cabling labor as mentioned by the sellers before all establishment. All customer gave assets were in the utilize of the customer and those expenses were excluded from the undertaking costs. These assets were completely utilized before the establishment of the bought items. Because of the size of the undertaking, the venture chief was additionally the customer support, and all task conversations were planned week by week with agents from each huge territory, frameworks, organization, security and applications, with Microsoft Defender for Endpoint installer starting to lead the pack for sellers.
Final Output
The task gave at closure a high-level risk assessment framework, with incorporated administration of all organized assets, including work force, network gadgets, frameworks, and cycles. The newly created security system made sure that the framework arranges all verifications and approvals, associated inside on another fast organization for applications. The objective of the management was to make sure about the framework and foundation new security rehearses across the endeavor, with customer information upheld up locally and repeated offsite. This was given at closure inside the contracted timetable and at no extra expense.
QUALITY ASSURANCE
The methodologies utilized for Quality Assurance (QA) and testing of the arrangement is clarified in the accompanying areas. The procedure rehearsed was actualized at different phases of the venture, in some occurrence as a reaction to the customer’s question on highlights and functionalities of the items. As quality confirmation is a cycle or any arrangement of cycles of deciding if an item or administration meets the predetermined prerequisites, it assumes a huge part in the achievement and consumer loyalty of a task. During the venture, customer’s suspicions were likewise talked about and exhibited towards fulfilling the quality confirmation guidelines anticipated.
Quality Assurance Approach
The important quality confirmation standards for this execution is to have minimal effect on client experience while shielding the organization from attacks. This will guarantee that the organization along with the information bases at the organization keeps awake and accessible while being secured by the new progressed danger insurance framework. The prerequisites of the monetary foundation were intended to change the venture framework into a versatile, dynamic, superior, secure and reasonable climate, where the business can zero in on its protection agent administrations with the assurance that this framework can fulfill every one of its needs and force any remaining task at hand.
With these expressed objectives, the quality confirmation approach was to draw in the customer at the soonest period of the task, comprehend the set of experiences behind the necessities and the current condition of the business, and fabricate the answer for testing all through the later stages. The inquiries on tying down the framework and customer information to moderate the created hazards, were the spurring factors behind revamping the venture with a strong innovation establishment. This started with whiteboard meetings, which distinguished basic regions to be tended to, for example, adaptability, excess and the capacity to streamline IT without affecting execution. The customer gave a depiction of the current climate that demonstrated the framework assets being used, which empowered the group to work out the situation that would satisfy and surpass the needs of the business over a three-year cycle.
With this plan affirmed, an establishment model was proposed and shown to the customer basically, utilizing standard conferencing devices. This permitted the customer to partake in the estimating and configuration practice utilizing their information as contribution, to create the arrangement that would be advertised. Notwithstanding quality confirmation testing, client acknowledgment testing was finished. For this situation, the client would be the weakness supervisory group. An individual from that group tried the product both to guarantee it met necessities just as taking a gander at any usability issues.
Solution Testing
To test the solution the best option that was agreed upon was a penetration test. This test would be done by a third party. The test would consist of an external mock email attack. This would allow to test its defenses against something similar to the original attack in which the network was compromised. After the external penetration test is complete there will be an internal penetration test. This penetration test will test the network segmentation portion of the implementation. This will mimic how far an assailant would have the option to make it on the organization on the off chance that it were undermined. With AIB’s endorsement after these tests were effective during commencement and arranging stages, the buy orders were given, and the group booked the executing stage. Similar acknowledgment rules were rehashed with the AIB framework introduced and arranged, and limits were relegated dependent on the amount of the load, which was more realistic in the previous stages.
The test plan will begin with an attack similar to the cyberattacks that were recently completed. This will be done by the penetration testers and the bank employees will have no knowledge of the penetration test outside of IT. The test email will be sent out to several individuals within the bank. If the email is opened it will further the attack by trying to reach out to its C2C (command and control) server to download a fake malicious package. If this package is triggered and downloaded onto the user’s pc it will attempt to scan the network to see what other resources on the network can be accessed.
The second part of the test plan will be carried out inside the network. In this part of the test, the penetration tester will act as an unauthorized pc on the network. This will be testing the network segmentation as well as portions of the implementation. The penetration testers’ unauthorized pc will try to access sensitive portions of the network and collect information as to what was found and what was able to be accessed and what was not. This portion will be tested by trying to infiltrate a large file that contains false customer information.
IMPLEMENTATION PLAN
The implementation plan of the project was necessary to coordinate all the activities in a timely sequence, as the client was on a tight schedule and budget to complete the solution and reduce its liabilities. The following sections outline the plan implemented starting with the strategy adopted and the case for this method, then continuing to the phases of the plan dependencies, deliverables and training for the end users.
Strategy for Implementation
The strategy employed was to use the time between issuing orders for the purchases and receiving the items, estimated at about three weeks, to setup and install infrastructure required for the new system, establish initial training classes and prepare documentation. This would be followed by the network installation, as this was the most common cause of issues, and a process immediately used in the existing environment to increase performance and reduce project execution time. Additionally, the network equipment was estimated for delivery within five days, providing enough time to install, test and deploy.
With the network configured and online by the time the advanced threat protection system was deployed, the next steps were to install and bring the new system infrastructure online on a test network, validate the settings, coordinate client quality assurance tests, and turn over to FAKE for use.
The alternatives to this plan was to wait and then deploy all purchased systems after all deliveries were completed. However, that approach would increase the time to deploy and introduce risks due to having multiple hardware implementations taking place simultaneously, as any developing issues would take a longer time to identify and add to project delays, negatively impacting the client’s plans.
Rollout Phases
The phases of the rollout were documentation, infrastructure, pre-training, networking, systems installation, testing and validation, training, quality assurance, and acceptance. Documentation in this first rollout phase references all information required by the respective vendors and manufacturers from the client, to ensure that the following details of the client are obtained: Users, profiles, roles and responsibilities, IT administrators contact information Existing architecture diagrams, applicable IP addresses.
The Pre-training phase was geared to initiate the assigned personnel at the financial institution on the expected hardware and software being purchased, what to expect, the requirements, assign roles and responsibilities, and design the training program at the later stage of the project implementation. The networking phase was the first stage of actual device installation and began the tasks of installation of the new high-speed network. Once this was connected, powered and tested, connectivity was established to bridge onto the existing production network. After verification of ensuring that no conflicts occurred with existing infrastructure, several key devices were moved over to validate the connections and data traffic flows. This phase was completed in one day, and this timeline included all tests and verifications.
The training phase was designed to provide in-depth knowledge on the new equipment, both hardware and software, and establish the management and administration of these same. This was completed in four hours and ended with assigning online course training accounts with a few assigned FAKE personnel, to follow-up with certification testing. While these certifications were not a requirement, they do complement the hands-on training and skills with a deep dive into the core hardware and software that provide the basis of the solutions.
The quality assurance and acceptance stage involved the testing and success criteria conducted during the initiation and planning phases with the client, with the main difference of having these completed on the client’s hardware and software. Additionally, the testing included the new servers installed for the domain, email and security. Finally, the quality assurance stage included disaster recovery and replication tests. These tests involved simulations of common failures such as power interruptions, network interruptions, storage failures, node failures, and interruptions during data replications.
Go-Live Details
The project will be considered fully implemented when the QA and acceptance stage is completed, with the system turned over to the client for migrating the applications and data from old to new infrastructure.
This hand-off and go-live also included passing the client onto the online support teams for the various packages purchased, as the client will start referring to these on any questions, issues or concerns after acceptance. The criteria used to determine the full implementation status was the completion of the disaster recovery and system failures simulations, as well as the commencement of migrating applications and data to the new infrastructure.
Dependences
Power and network infrastructure were key requirements to be operational, and network information such as IP addresses, email addresses, DNS and NTP collected and provided to the system installers before the system installation. Once system installation is completed and connection to the internet is confirmed, there are no other dependencies required.
Deliverables
The tangible deliverables from the project were the increased network performance, the immediate benefits of the advanced threat protection system (storage, memory and processor) providing increased capabilities to FAKE, the security architecture and new centralized email. These elevated the enterprise infrastructure in measurable ways from performance, efficiency, security, communications, high availability and low cost. The intangible deliverables were the lowered threat landscape, reduced vulnerabilities, research and development, and the company’s brand name, goodwill and services, especially with all the negative press reports.
End-user Training Plan
Training will be provided by a member of the development team. This training will be delivered to all members of the development team and anyone that the company needs to be aware. Since this is a small team, training should be able to be done in person in a short session. This training will occur prior to the user acceptance testing so that the development team will know how to use the software properly to execute the tests.
Tentatively, the first goal in giving user training to the end-clients is limiting any efficiency misfortunes related with the product change. This implies the training plan will need to, as fast as could reasonably be expected, involve getting them up to the ability level needed to take care of their responsibilities at any rate as fast and precisely as they were doing with the old programming (or manual techniques). At that point in the following stage, the final system is used to assist clients with taking care of their responsibilities all the more rapidly, precisely, as well as safely than previously.
A significant component in making the user training plan incorporates assessing the specialized expertise level(s) of the individuals who will really utilize the product consistently. As a rule, programming end-clients are not especially in fact keen, yet you may have distinctive specialized expertise levels inside a gathering. It’s significant all things considered to give various degrees of preparing. Specialized beginners will require more engaged, bit by bit guidance in fundamentals, while more gifted PC clients will rapidly get the rudiments and advantage from additionally preparing that tells them the best way to utilize more dark or progressed highlights of the product.
RISK ASSESSMENT
The following sections provide details on the risk assessment of the project and the solution. A risk analysis detailing the quantitative and qualitative risks factors and a cost/benefit analysis of any benefit shortfalls, cost overruns and respective consequences are discussed, along with any risk mitigations applied and applicable project changes.
Quantitative and Qualitative Risks
The risk factors that may have impeded the project implementation quantitatively are delays in completing the project on schedule, as there was an increasing risk of liability due to the data loss and infrastructure security issues. Those risk factors occurring during project implementation are outlined in the quantitative risk matrix below.
Risk Analysis Table – Quantitative Risk
Risk Condition Risk Likelihood Risk Impact Risk Consequence
Natural disasters Low Moderate Moderate
Internet connectivity problems Low High High
Power disruptions Low Low Low
Human error/negligence Moderate High High
Device/system failure Moderate Moderate Moderate
Cyberattacks High High High
Hardware/software integration Moderate Low Low
The qualitative risk factors are those that are most likely to impede the project implementation were mostly issues that may have impeded the project, with the potential to become definitive risk factors. These were identified as resource risks with assigned personnel, as well as changes in management’s requirements or objectives during the project and outlined in the qualitative risk matrix shown underneath.
Risk Analysis Table – Quantitative Risk
Risk Condition Risk Likelihood Risk Impact Risk Consequence
Changes by management with regard to project goals and objectives Low Moderate Moderate
Changing of project staff and personnel because of reasons like illness or unavailability Low Moderate Moderate
Clients of the company presenting new propositions for the project Low Low Low
Cost-Benefit Analysis
The accompanying table tends to the cost/advantage investigation of each danger, featuring the danger of any shortages and the expense of these, just as the danger of any cost overwhelms and its results. This kind of investigation is utilized by organizations to assess choices, and prior to affirming projects.
Risk Benefit Risk of Shortfall Risk of Cost overrun Consequences
Making sure that client data and information is protected through the new framework and information insurance Minimizes loss of data and information Likelihood is low. In turn, the solution is exceedingly redundant. At the same time, it incorporates a replicated backup system Likelihood is low. This is attributed to the low assessments of resource and asset utilization. Extra system resource demands, which may necessitate more allocation of funding
Unified authentication, e-mail, and security controls Increased threat
protection,
reduced risk and
vulnerabilities, and added
auditing Likelihood is low. The
addition of a
domain
infrastructure
with email
server provides
objectives that
was not
available prior to the project Likelihood is low. This is due to the
new services
replacing
personal email
as well as system use. Increased security threats and vulnerabilities due to lack of appropriate controls and authentication.
Relocating to virtualized environment or the public cloud Lessen cost and
intricacy, and
give the
capacity to make
committed
workers, with the
long haul objective of moving to the cloud for the organization for extra investment funds Likelihood is low. This is because moving the architecture to the cloud presents a
very low risk Likelihood is low. This is based on how there will be
zero cost Having to use the cloud is less costly as compared to having the proposed system as a standalone application
Risk Mitigation
The following threats and risks were moderated by the accompanying activities that focused the anticipated and examined dangers and concerns. In every one of these cases, the rollback plan is move to another engineering, which was at that point distinguished and disposed of as excessively exorbitant and prohibitive when contrasted with the initial system that was in place.
Making sure that client data and information is protected through the new framework and information insurance. This threat was relieved by working with the customer in pre-project arranging workshops, to reproduce and test the plan and getting old reinforcement information from the customer to test and approve setup settings.
Unified authentication, e-mail, and security controls. These security hazards was alleviated by setting up the new security stances as compulsory by the executives and upheld beginning with new security strategies and systems and finished with the security mindfulness program.
Relocating to virtualized environment or the public cloud. This danger was alleviated by mimicking his for all intents and purposes and approving the cycle and the information change, which is from physical to the cloud environment.
POST IMPLEMENTATION SUPPORT AND ISSUES
The post implementation for help and issues are talked about in the accompanying segments, and were things included with all merchant cites. This is a basic segment in most dynamic cycles, as client assistance and backing particularly in equipment and programming, can increment or alleviate chances, lessen weaknesses, bring about or decrease cost and discourage an incredible item from being fruitful.
Post Implementation Support
The new frameworks, equipment and programming, bought by FAKE all incorporate full-time help on the web, by telephone, or with next-business-day on location, with same day crisis on location reaction through approved suppliers in the locale. All the items include pre-usage uphold, Go Live help and long haul uphold. The base included help time period is 1-year inexhaustible at the commemoration of the customer acknowledgment date. Terms can be expanded yearly of multi-year, with the average multi-year being 3 years.
All help for the individual equipment and programming incorporates total help with item refreshes, patches, fixes, flawed parts and additional items. A few alternatives exist with the individual makers for standard, center and upper level help whenever required. These choices are regularly practiced by customers with crucial information or with prerequisites for additional highlights and usefulness. The company chose the standard degree of help as this gave their necessities and prerequisites.
Post Implementation Support Resources
Post usage uphold assets are accessible from online help accounts, which the customer designed and endless supply of the venture conclusion. Admittance to the help assets are through phone, maker site, email solicitation or versatile application. Furthermore, with the included web based instructional courses, chosen faculty have select admittance to customer entries for a wide scope of help, including sites, recordings, advancement sites as well as documented assets and resources.
Maintenance Plan
The arrangement for short-and long haul support incorporates framework wellbeing checks and diagnostics, which don’t need any vacation or disconnected modes. In the main year of administration, there are quarterly wellbeing checks performed by the seller as a feature of following the advancement of the customer in their arranged reason. This is stretched out in year two on a yearly help call, generally planned around the time that help is up for reestablishments.
On the off chance that there is an expected issue, the new system will open a help ticket, request the new part if this is required, and get this delivered out to the company. On these events, customers get a bundle with the new part and directions on supplanting this. At the point when backing calls are opened, the support department will regularly request admittance to the framework, and furthermore start tests to decide the framework status and beware of the introduced updates and fixes. On the off chance that these are obsolete, this is talked about with the customer.
CONCLUSION, OUTCOMES, AND REFLECTION
The accompanying segments give rundowns of the venture, expectations and results, and any takeaways that can become exercises scholarly, or points for distributing as formats on future undertakings for the company with regard to adopting and implementing new technology.
Project Summary
For the most part, the proposed undertaking was an intriguing and fulfilling one in that the customer modified their IT structure and framework, yet in addition let go of all the ongoing and ancient reasoning that bound the financial institution to an IT architecture that was not secure. Throughout the venture, the most troublesome test was helping the company on changing their idea and their presumptions of what innovation is today, and to seek after with due tirelessness and due consideration elective arrangements that may conflict with business as usual. While it was an unexpected situation that made the venture, these transformed into open possibilities for progress.
Deliverables
The proposed system showed the effectiveness and execution of an improved and secure IT infrastructure to accommodate the business processes, operations, and interactions with all users. As a result, FAKE was at last ready to set up their new security act, in light of a framework that brought the benefits of the public cloud locally into the financial institution. Accordingly, inside this archive, a few outlines, charts and tables together give the reason and goals that were looked for by the customer in the undertaking.
Outcomes
While FAKE is a fictitious organization, the issues together with the finished product offered are very normal to be observed in the financial services industry. The proposition are legitimate and as genuine as could reasonably be expected, with proclamations, conversations and realities that maintain situations of today. Having been associated with comparative undertakings utilizing these items, it would be practically right to accept that FAKE and its staff would be excited to be the beneficiary of the advanced threat protection system.
Reflection
This project showed the creator how to unite the aptitudes and procedures learned in this coursework, applying these towards an answer dependent on a recreated situation that mirrors reality. Throughout the project, the author also put into practice as a regular occurrence the abilities created, and work out the test and the encounters to address the inquiries. By adjusting this paper to issues taken from genuine organizations, the creator had to embed himself into the reproduction and showcase the jobs and obligations while drawing in the venture group, as he grappled with time, exercises and the dangers that created. Also, this involvement with finishing the activities, put forth for the creator the real factors that happen in attempting to achieve project objectives, and a more prominent understanding into the existence cycle phases of projects.
REFERENCES
Capgemini. (2012). Data privacy in the financial services industry: How high-profile data breaches have impacted the privacy landscape. Risk & Compliance. Retrieved from https://www.capgemini.com/wp-content/uploads/2017/07/Data_Privacy_in_the_Financial_Services_Industry.pdf.
Chari, K., & Agrawal, M. (2018). Impact of incorrect and new requirements on waterfall software project outcomes. Empirical Software Engineering, 23(1), 165-185.
Cheng, P. H., Fu, J. M., & Chen, L. W. (2016). Knowledge transfer of software tool development for functional requirements analysis. Computer Applications in Engineering Education, 24(1), 131-143.
Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for information security management.
Leonhardt, M. (2019). The 5 biggest data hacks of 2019. CNBC. Retrieved 17 December 2020, from https://www.cnbc.com/2019/12/17/the-5-biggest-data-hacks-of-2019.html.
Tariq, N. (2018). Impact of cyberattacks on financial institutions. Journal of Internet Banking and Commerce, 23(2), 1-11.
Trautman, L. J., & Ormerod, P. C. (2018). Wannacry, ransomware, and the emerging threat to corporations. Tenn. L. Rev., 86, 503.
Verma, J., Bansal, S., & Pandey, H. (2014). Develop framework for selecting best software development methodology. International Journal of Scientific & Engineering Research, 5(4), 1067.