From Chapter 10 about IT Security Policy Framework Approaches, please answer following questions. 1, 'Private Sector Case Study' - How are security
This question has been answered
Question

From Chapter 10 about IT Security Policy Framework Approaches, please answer following questions.

1, "Private Sector Case Study" - How are security frameworks applied in this Case Study?

A small correspondent bank wishes to exchange check information electronically with a large bank. This is permitted under a law enacted in October 2003 commonly known as the Check 21 Act. By exchanging information electronically, it can expedite cashing checks for customers. Both banks use the X9.37 standard created by Accredited Standards Committee X9 (ASC X9). The ASC X9B Working Group develops industry standards related to data and information security. The intent of the standards is to reduce financial data security risk and vulnerability. The banking and finance sector couldn't exist without effective interbank communications based on standards.

The problem was that the correspondent bank could not bundle its checks into one bundle for processing by the larger bank. Multiple bundles of checks increase cost. Exceptions were handled separately or bundled into smaller exception groups. A company called All My Papers developed a software solution. This company specializes in financial services software. All My Papers was able to recode the check bundles to be compatible with the X9.37standard being used by both banks. This resulted in a single bundle being processed by the large bank. Bundle recoding reduced costs. It also helped ensure compliance with the Check 21 Act.

This solution required a change to how the correspondent bank implemented the X9.37 standard. This drove both a baseline standard change and a series of procedural changes.


2, "Public Sector Case Study" - How are security frameworks applied in this Case Study?

A recent State of Maryland initiative is an example of external influences on infrastructure security policies. The governor of Maryland created a "Best in the Nation Statewide Health Information Exchange and Electronic Health Records" initiative. The state created a statewide technology infrastructure to support the electronic exchange of health records. This infrastructure supports health service providers doing business in

Maryland. The goal of the initiative is to reduce costs and improve the quality of patient treatment.

The Information Technology Support Division (ITSD) is the state's IT department. The Department of Health and Mental Hygiene (DHMH) was responsible for meeting the governor's health goals. ITSD was responsible for the technology aspect of the initiative. The ITSD was already supporting the DHMH technology environment.

Some of the core ITSD requirements include:

• Expand network performance and capacity.

• Provide continuous operations.

• Provide a secure infrastructure.

• Provide remote access.

• Real-time access to patient medical information.

DHMH developed a staged implementation strategy. The strategy starts with pilot applications. After assessing performance and security, the pilot applications evolve to fully functional operations. This includes ITSD providing continuous security support.

This government initiative directly impacts infrastructure policies. ITSD is responsible for developing and maintaining information security policies, standards, and procedures for DHMH. This new infrastructure affects state-owned computing environments. While this is not implicitly stated, any private company wishing to participate and access this network must also adopt these infrastructure standards. This is also a good example of not reinventing the wheel. It's reasonable to assume that ITSD based the new statewide policies on the Health Insurance Portability and Accountability Act (HIPAA). HIPAA can be

viewed as the core security control standards. The implementation of these core controls result in numerous baseline standards for the state's new infrastructure, such as new and modified LAN and WAN security standards.


3, "Critical Infrastructure Case Study - How are security frameworks applied in this Case Study?

Televent is a company that provides software and services to monitor and support the energy industry in the US and Canada. On September 10, 2012, the company identified a breach of its internal firewall and network. Televent said the hacker installed malicious software and stole software related to its core offering used by its customers. This is a class of software known as "supervisory, control, and data acquisition," commonly called SCADA. SCADA systems are vital component in managing and controlling of power

grids.

These types of successful attacks highlight how vulnerable power grids, and thus the national critical infrastructure, are to hackers. SCADA networks were built originally as closed systems, but over time devices with Internet access have been added to the SCADA networks. For example, individual desktops have Internet access, and access to business servers as well as the SCADA network. This makes the SCADA system vulnerable to Internet threats. In this case, Televent reported that it had disconnected the usual data links between clients and segmented the affected portions of its internal networks.

As with many breaches, the technical details may never be known to the public. However, it is clear that the existing infrastructure policies were not adequate. The measures taken in the breach announcement indicate a lack of adequate policy and/or enforcement in at least these two areas:

• Network segmentation

• Separation between production and test environments

Network segmentation was introduced immediately to isolate the customer support systems from those infected by malicious software. This raises the question of why such segmentation wasn't included as part of the LAN policy in the first place. Such a policy would have ensured the creation of a closed network of people, process, and technology for the systems providing direct access to the customer network. It is unclear if the malicious software was placed on production or test systems. Separation between

production and test systems is an important control. In this case, the need to segment the network immediately and the loss of software code are good indications that both test and production systems were vulnerable. This would be an indication of a potential lack of control between the test and production environments. System and application domain policies not only should be segmented but also should highly restrict access between these two environments.

Answered by Expert Tutors

ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donee

  • remsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor
  • et, consectetur adipiFusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus effic
  • ac, dictum vitae odio. Ddictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dap
  • molestieipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus effic
  • ce dui lectus,onec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvi

nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molest

  • remiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus e

lestie consequat, ultrices aipsum dolor sit amet, cs a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam laci

lestie consequat, ultrices aFusce dui lectus, congue, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor s

lestie consequat, ultrices acongue vem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. P

lestie consequat, ultrices aac, dictum vitsus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliq

molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio

facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequa

m ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac

ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie conse

or nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum v

llentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dict

Step-by-step explanation

ipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur l

ec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliq

lestie consequat, ultrices aaci, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequa

lestie consequat, ultrices aur laoreet. Nam risus, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetu

lestie consequat, ultrices aFusce dui lectus, conguem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum v

lestie consequat, ultrices acongue veor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie c

lestie consequat, ultrices aac, dictum vitng elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat,

llentesque dapibus efficitur laoreet. Nam risus ante, dapibus

lestie consequat, ultrices aiscidictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet.

lestie consequat, ultrices aipsum dolor sit amet, cec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui

lestie consequat, ultrices aFusce dui lectus, congueusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie conseq

lestie consequat, ultrices acongue vedictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque

lestie consequat, ultrices actum vitae odiconsectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui

usce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsu

lestie consequat, ultrices aisciur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pel

lestie consequat, ultrices aipsum dolor sit amet, cFusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam l

lestie consequat, ultrices aFusce dui lectus, conguea molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facil

lestie consequat, ultrices acongue vectum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultr

lestie consequat, ultrices actum vitae odi, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui lectus, congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectet

ec alique

m ipsipsum dolor sit amet, consectetur adie vel laoreet ac, dictum vitae odio. Donec alipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar torto

The student who asked this found it Helpful
Overall rating 100%

"thank you"

Get unstuck

498,962 students got unstuck by Course
Hero in the last week

step by step solutions

Our Expert Tutors provide step by step solutions to help you excel in your courses