Security Plan and Recommendation
Data integrity and security is vital to the business because data can be accessed by malicious people and used to commit fraud. This plan offers technologies and strategies that can be employed to enforce data integrity and security in Bank Solutions in a bid to ensure the continuity of its operation.
Employee training on utilizing the new technology is the primary strategy that the business should employ. It involves teaching the employees new ways of handling their current activities while using new technology. This strategy will help the organization detect security threats even before they occur (Gouin, 2007). It is explained by the fact that the employees will have the knowledge on the latest trends they can use to enforce security of data. Moreover, they will be aware of the best methods that will prevent these threats from occurring.
Training will take place in workshops and seminars. During training, professionals will practically demonstrate the employees how they can use the latest trends to enforce security of data and information. Once the employees are conversant with the new methods, the organization will switch to the new technologies in pilot phases (“NIST Computer Security Publications – NIST Special Publications (SPs),” 2014). This approach will entail the organization adopting the new technology in one department at a time. All the possible weaknesses are to be identified before the security plan is implemented to all the other departments of the business.
Training will be particularly apparent for the staff that will be responsible for handling crucial IT tasks because of the nature of their job that requires high awareness on the security measures. For instance, the database administrator will be trained on new ways of enforcing security of data within the organization because not all the threats facing the business come from external sources. Internal threats are also evident. For example, when an employee without the right of viewing certain information accesses it, he or she can use it for personal gain, which compromises data integrity. Thus, the database administrator needs to set protocols that will determine the rights of the employees in the organization to view information (Hirose, 2008).
These rights will be established founded on the job description of the employees. The employees will view only the information that they need to carry out their daily tasks. The database administrator will use banner messages and log to monitor and regulate the information that the employees can view. Banner messages entail message pop-ups that inform the employees when they try to access information that they have not been granted permission by the database administrator. The banner messages option provides a ground for taking legal action against employees that may attempt to view restricted information (Snedaker, 2007). The logs keep a detailed record of the employees that access the system at a certain tome and what actions they perform. The logs will greatly enhance the data integrity in the organization. The database administrator will grant read-only rights to the employees. This move will ensure that the employees cannot change the data of the organization for personal gain.
On the other hand, the network administrator will mainly be responsible for protecting the data of the organization against external threats. Hackers may use loopholes in the organizations network to gain illegal access to the data. They may gain access to the intellectual property of the firm. This information is very crucial since it may be sold to business rivals (“NIST Computer Security Publications – NIST Special Publications (SPs),” 2014).
Thus, the network administrator should receive training on safeguarding the network from attacks like hacking and phishing. It will be attained by receiving training on the suggested technologies like cloud technology, packet-filtering firewall, and data warehouse.
The inclusion of network administrator in the organization will help in implementing cloud technology in the firm. The training he will receive will help him utilize means that will safeguard the data of the organization. Moreover, the training will help him to implement packet-filtering firewalls in the organization. The database administrator will be responsible for uploading data to the warehouse. The data stored in this section will be offline and hence free from hacking. The strategy of training the database administrator will help him employ archiving, which is a method that eliminates old data in the warehouse to allow for quick retrieval of the relevant data when data loss occurs.
Figure 1. Cloud Computing. Source: Retrieved from
Cloud computing allows the organization to use the existing infrastructure of computers to access the public and private cloud. A new type of cloud referred to as community cloud associations, one or several of the fusion of public data clouds. This type of cloud will be used by the business to safeguard data. Public cloud is the most expensive one, trailed by community cloud and private cloud correspondingly. Cloud computing can also be regarded from business models perspective. When deliberated from this outlook, there are three kinds of service prototypes. They include software as a service (SaaS), infrastructure as service (IaaS), and platform as a service (PaaS). The firm will use IaaS when it can obtain services via the network from the whole computer infrastructure. Thus, the primary concern for IAAS is to produce the public cloud with the dependable environment and secure information (Watkins, 2013).
Additional features and guarantees
- FREE plagiarism report (on request)
- FREE amendments
- FREE title page
- FREE biblioraphy
- FREE outline (on request)
- FREE e-mail delivery
- FREE formatting
- FREE revision
- Quality research and writing
- 24/7 LIVE support
- Fully referenced papers
- Any citation style
- Up-to-date soures only
- PhD and MBA writers
- 100% Confidentiality
- No hidden charges
- Never resold works
Why choose us?
732 Qualified writers
9.7 / 10 Average quality score
75 782 Completed tasks
98.9 % Returning customers
PaaS is the preferred prototype where growth, testing, and location of applications are undertaken by the business. This infrastructure targets developers. SaaS is the major model where service suppliers have the whole responsibilities for appraising, deployment, safety, and upholding the application (Gouin, 2007).
Figure 2. Saas Model Source: Retrieved from
Costs, ROI, Mitigation, and Barriers
Costs, ROI, Mitigation, and Barriers
|Technology||Estimated costs||ROI||Mitigation of risks||Barriers|
|Cloud technology||$ 20000 initial cost plus $2000 monthly fees||Very high||Hacking
|High startup cost
|Packet filtering Firewalls||$ 5000||High||Hacking||High cost|
|Data warehouse||$10000||High||Illegal access
|High startup cost|
It is hard to measure the returns on investment of cloud computing since the returns are holistic (“NIST computer security publications – NIST special publications (SPs),” 2014). They are obtained from a reduction in the cost of production and increased efficiency. Thus, they have a very high rate of returns. The returns from packet-filtering firewall are high since they prevent illegal access to data and quick recovery in case of a data loss (Snedaker, 2007). The costs of the cloud are the most expensive followed by the data warehouse and finally the packet-filtering firewall. Cloud technology incurs a higher cost since it has monthly charges and increased internet usage. The data warehouse will incur a relatively cheaper cost compared to the cloud but will regularly require the database administrator to operate it frequently. Packet filtering firewall will be utilized since it offers a comprehensive protection of information obtained from the Internet by investigating all the packets.
Cloud technology is a developing trend where ISPs offer firms and individuals access to software that is stored in the cloud. The clients can subsequently use the software without installing it on their personal computers. The option also permits users to store their data in the cloud. Cloud computing as a service has provided businesses and individuals with the best solutions for storage, infrastructure, and software. The firm will no longer require purchasing expensive software to run their operations or hardware to store their data. The cloud technology will permit the firm to use internet-enabled devices to harness great apps for their business requirements (Gouin, 2007).
In addition to the above benefits of efficiency and lower operational costs, this technology will allow the business to store its data and information on the public cloud. As a result, the data is safe from the intentional damage by malicious persons. The data on the cloud is encrypted to ensure that even if hackers gain access to the system, they cannot decode the data. Moreover, storing information in the cloud provides smooth business continuity when a data loss occurs. The data can be retrieved easily, and the business will resume its activities. This technology will address all the threats arising from improper storage of data and information within the company (Hirose, 2008). Notably, this technology will keep the data safe from physical damage such as fire and floods.
Besides, cloud computing allows businesses to access their data at any time of day or night. The geographical location does not matter as long as the businesses have access to the Internet. This flexibility allows a company to set workstations anywhere. Furthermore, as already mentioned, the data stored in the cloud is protected from hackers (“NIST computer security publications – NIST special publications (SPs),” 2014). The cloud providers have set up schemes that encrypt the data and check for validity for the people accessing it.
The cloud technology providers are conscious of the threats that are involved with cloud computing. Thus, they utilize a reliable web and stage that enhance the safety of data and information. The protected cloud will provide a dependable service to the business by protecting the data of all its clients. This secure cloud can also notice the malicious outbreaks on the data. Moreover, service providers ensure the provision that is unrestricted of any glitches like data loss or theft complications since spiteful individuals can infiltrate the public cloud by imitating a lawful user, contaminate the public cloud, and distress the business by distributing bad and infected info (Snedaker, 2007).
The current procedure of storing information on magnetic tapes in a safe is not efficient. Thus, the organization will implement a data warehouse. This approach will permit the business to store data offline in a data center. The offline storage protects the data from network threats like hacking. Nevertheless, the location of the warehouse should be an area that is not prone to the environmental hazards like floods. Archiving will be used in the warehouse, which will enable quick recovery of data.
Packet Filtering Firewall
Packet filtering firewall will be utilized since it will protect the firm from malicious content from the Internet. This firewall neglects packets that do not satisfy the condition set by the network administrator. The main benefit of this firewall is that it is economical. Besides, it consumes fewer resources.
This security plan will ensure that the organization data is protected from intentional damage such as hacking. Moreover, it will make sure that the organization is safe from unintentional data damage that may occasion from adverse environmental conditions like floods. The strategy of adopting a database administrator and network administrator and training them will be instrumental in guaranteeing that they will take measures that will protect the data from illegal access. The technologies adopted will incur a significant amount of cost. Nevertheless, the long-term outcome of utilizing the technology would be a reduced operating cost.