GLOBAL FINANCE, INC. (GFI)

 

Global Finance, Inc. (GFI) is a financial company that manages thousands of accounts across Canada, the United States, and Mexico. A public company traded on the NYSE, GFI specializes in financial management, loan application approval, wholesale loan processing, and investment of money management for their customers.

The diagram below displays the executive management team of GFI:

CCO

Andy Murphy

Figure 1 GFI Executive Organizational Chart 

BACKGROUND AND YOUR ROLE

You are the Chief Security Officer, hired by COO Mike Willy, to protect the physical and operational security of GFI’s corporate information systems. Shortly after starting in your new position, you recognize numerous challenges that you will be facing in this pursuit.

Your primary challenge, as is usually the case, is less technical and more of a political nature. CEO John Thompson has been swept up in the “everything can be solved by outsourcing” movement. He believes that the IT problem is a known quantity and feels the IT function can be almost entirely outsourced at fractions of the cost associated with creating and maintaining an established internal IT department. In fact, the CEO’s strategy has been to prevent IT from becoming a core competency since so many services can be obtained from 3rd parties. Based on this vision, the CEO has already begun downsizing the IT department and recently presented a proposal to his senior management team outlining his plan to greatly reduce the internal IT staff in favor of outsourcing. He plans on presenting this approach to the Board of Directors as soon as he has made a few more refinements in his presentation.

 

COO Willy’s act of hiring you was, in fact, an act of desperation: the increasing operational dependence on technology services combined with a diminishing IT footprint gravely concerned Mike Willy, and he begged to at least bring in an Information Security expert with the experience necessary to evaluate the current security of GFI’s infrastructure and systems. The COO’s worst nightmare is a situation where the Confidentiality, Integrity, and Availability of GFI’s information systems were compromised – bringing the company to its knees – then having to rely on vendors to pull him out of the mess.

 

ASSIGNMENTS

• From the devices and systems identified in the GFI Corporate Network Topology, conduct a

thorough asset inventory, assign monetary values to each asset (quantitative), and assign a priority value for each asset (qualitative) that could be used to determine which assets are most critical for restoral in the event of a catastrophic event or attack.

• Evaluate the perimeter security, make a list of access points internal and external (remote), identify vulnerabilities and make suggestions for improvements to perimeter and network security.

• Evaluate the remote access infrastructure, identify vulnerabilities and suggest security

improvements to mitigate risks to remote access.

• Address the COO’s concern over the mobility security and design a secure mobile computing

(smart phones, tablets, laptops, etc.) in terms of authentication technologies and data protection.

• Identify wireless vulnerabilities and recommend what safeguards, authentication technologies, and network security to protect data should be implemented.

• Evaluate the authentication protocols and methodologies within the wired, wireless, mobility and remote access environments and suggest improvements to secure authentication for GFI.

• Evaluate the web system protocols and vulnerabilities within the Intranet server and suggest

secure protocol improvements to improve security for web authentication.

• Design a cloud computing environment for the company with a secure means of data protection at rest, in motion and in process.

• Assess all known vulnerabilities on each asset in this environment and impacts if compromised.

• using the asset inventory and the assigned values (monetary and priority) conduct a quantitative and qualitative risk assessment of the GFI network.

• Recommend risk mitigation procedures commensurate with the asset values from your asset

inventory. Feel free to redesign the corporate infrastructure and use any combination of

technologies to harden the authentication processes and network security measures.

• Provide an Executive Summary. 

• You are welcome to make assumptions for any unknown facts as long as you support your

assumptions.

• The Title Page, Table of Contents and References page(s) don’t count in your 15 page

minimum!!! 

 

 

 

 

Answers

Related Questions

Programming : Discussion...

Chapters 30, 31, and 34 presented three mini-case studies on ERM and risk. Each one presented a slightly different risk scenario. Suppose...

Business Finance : discussion question...

1.Which contingency leadership theory do you believe is the best, why?2.Do you believe that most managers use influencing (powe...

Writing : Georgia Institute of Technology Obama I...

Also the impact the two had on the black community. Example.. If the average of a black person going to college went up then talk about th...

Programming : University of The Cumberlands Infor...

For the reference i have also attached the textbook,Chapter 7 - Business Considerations for a Successful IG ProgramChapter 8...

Programming : Discussion...

Application portfolio management (APM) represents a process of continual refinement. Discuss the various methods and capabilities of APM....

Business Finance : Saudi Electronic University W...

Based on case study (through link below):...

If you didn't find the right answer

Ask Your Questions, We'll notify you once someone answers it