Question Details

[solution] »

Need a 5 page paper that will address the assignment by 12/10/16 at 7pm

Running head: As


Answer Download

The Question

Need a 5 page paper that will address the assignment by 12/10/16 at 7pm

Running head: Assignment 8 1 One of France?s oldest banks, Societe Generale experienced an internal malicious attack. Societe


Generale is a universal multinational banking and financial services company headquartered in


Paris that origins date back to 1864. The bank is ranked the third largest bank in France. They


have corporate branches throughout eastern European.


A former Societe Generale bank employee, Jerome Kerviel was charge with breach of trust,


unauthorized use of the bank?s computer systems and forgery which cause the bank to loss a total


of 7.14 billion dollars from 2006 into 2008. The culprit Jerome Kerviel was accused of


conducting fictitious transactions by embellishing of hedge fund to investors with fictional rates.


The investors where assuming they were buying into a medium to high risk fund that will


produce a high rate of return. Kerviel, orchestrated a scheme of perception to these


investors/traders by creating a fraudulent network of useless documents to carry out his web of


misconception. The malicious intent that Kerviel carried out would established a new norm for


ithe concept in migrating the insider threat. Diagram 1[Int15]


Diagram 1 illustrates the succession that must be carried out when implementing a successful


internal control process of events. These attributes will define the integrity of your business


processes to ensure internal directives are sustain for operational use. If falter the occurrences


that Societe Generale experience will appear and have the potential of demising your


organizational reputation and trust.


The risk assessment process assigns a comparative risk by the self-examining the business


structure. The business impact analysis (BIA) who may conduct the assessment can identify


potential threats and incidents beforehand to determine if a viable countermeasure can be


established if needed. It appears if Societe Generale had reconstructed their current business


practices by review and comment that the suspect failsafe?s would have identified Kerviel


potential for an inside treat. Assignment 8 2 The controlling of the environment at the enterprise risk level can be enforced by executive


management. This process would fortitude proper safeguards to include check and balances of


financial and internal auditing by establishing sound processes. Kerviel, argument when arrested


was that management knew of his common business practices by enticing the investor by having


a multitude of surplus available that showed profitable gains and value to be added. Kerviel,


argument prelude into the corporate culture and philosophy that top level management was well


aware of these fraudulent actions and indeed turned a blind eye to his perspective in wrong




Control activities are core component for a service organization to put in place policies and


procedures to ensure effective normalcy within the financial sector[Fra15]. Kerviel took


advantage of Societe Generale lack thereof proper policy implementation. The risk associate with


one individual having unlimited access to customers? accounts with little to no oversight was the


avenue of deconstruction of the organization trust and integrity with its customers. Kerviel


approached this facet of business spectrum as being less guarded with few to no oversight that


would have normally each and every one being accountable for.


Information needs to be commutated in a fashion that is clearly understood. In my readings I find


no inclination of Societe Generale having no formal awareness training in place. Kerviel argued


that his practices where the norm with no specific training awareness being instructed for


organizational use. The proper awareness training platform should address all pertinent


information related to the importance of InfoSec within a financial environment. There is little to


no room for potential customer dissatisfaction when in commerce trading.


Within a financial environments monitoring of systemic use should be conducted with normalcy


to ensure accuracy and internal mandates are adhere to. Kerviel, viewed the lack thereof proper


monitoring of transactions as a means of internal control of the networking infrastructure.


An alternatives/solutions that Societe Generale could have invested in was having a third party


vendor or financial subject matter expert inspect the logs and all pertinent documents that will


substantiate relative findings. This form of third party look overs would have intensified the


relativeness of checking and validating proper monetary transactions are being conducted in a


manner of policy expedites.


The insider threat in many organization is a non-avoidance act due the nature of what is


presented. Kerviel had the advantage that he knew how the risk management process worked.


Kerviel could bypass system controls in order to set up false counter trades to circumvent any


safeguards that where present. Since the hiring of Kerviel in 2000 he build an intensive


knowledge base on how everything worked and the interaction with one another. In every aspect


of trading Kerviel knew all the in?s and out?s in which he knew exactly how to cover-up


fraudulent positions that he create.


In order to combat insider threat any organization either big or small should encompass the


following in the normalcy of day to day operations.


1. Institute periodic enterprise-wide risk assessments. Assignment 8 3 An organization must incorporate at the enterprise level InfoSec. A critical assessment must be


conducted followed by a defining strategy matrix of what assets that need to be safeguarded from


both insider and outsider threats.


2. Institute periodic security awareness training for all employees.


All employees within the organization must be trained on the awareness of security policies and


procedures. These training forums must address the importance of maintaining proper security


posture at all times and no one is to falter when doing so. The enforcement of proper security


constraints must be represented organizational wide to include executive staff to the mail room


clerk. Security in paramount when dealing with customer?s PII.


3. Enforce separation of duties and least privilege.


The enforcement of separation of duties should be the top echelon of security controls. Kerviel


should not have had as many privilege as he had. He should have had only privileges that was


required for his day to day job resource requirement.


4. Implement strict password and account management policies and practices.


Set a strenuous password policy to include numbers, special characters, capital and lower case


letters. A password reset should be conducted at a minimum every 120 days.


5. Log, monitor, and audit employee online actions.


Employees should be informed that all the information and data that is collected when working


on a company owned devise is intellect property and is subject to be monitored and audited


accordingly within organizational standards. By doing this, this places the employee in a position


of total awareness when management stress or deem viable in confiscated organizational owned




6. Use extra caution with system administrators and privileged users.


Vigilance must be adhere to for system administrators and privileged users. This allows for


oversight for those users.


7. Actively defend against malicious code.


Ensure system administrators and privileged user?s conduct all describe patches on time.


8. Use layered defense against remote attacks.


Organizations should use a defense in depth approach for system administrators and privileged


users. These users must have coworker compliance to ensure all efforts that are deployed are




9. Monitor and respond to suspicious or disruptive behavior.


All employees are responsible for InfoSec. Policies and Procedures should encompass a means


for an employee to report disruptive behavior if the deem necessary.


10. Deactivate computer access following termination. Assignment 8 4 If an employee is terminated either beginning favorable or not, his or her access should be


disable immediately. This recourse is to ensure the former employee doesn?t have a means to


retrieve data or access any computer network infrastructure.


11. Collect and save data for use in investigations.


If an attack do occur, there should a method of gathering evidence for future criminal judication.


12. Implement secure backup and recovery processes.


Implement on a daily basis a backup/recovery process. If an incident do occur you have the


means to retrieve data from a previous day or a previous month. This data will be used strictly


for recovery and operational use thus forward.


13. Clearly document insider threat controls.


Publish within the AUP the significance of establishing the internal threat controls and the


consequences associate withit when falter[Mus08]. Diagram 2. [Ala15]


In closing Jerome Kerviel, had too much power in speaking in relative terms. He had the where


of all to pull off an elaborate scheme of misconception due to the lack thereof security controls


that where not in place or followed at Societe Generale. Kerviel drive and determination didn?t Assignment 8 5 reward him any monetary value but bolster his ability to cause fraudulent trades. Kerviel presents


an organization worse nightmare, the person or persons that are hired to conduct business


transactions for the organization to increase profit margins but decides on to create havoc and


chaos. His demise is a welcoming call for the future IT professional to ensure when they are put


into positions of authority that they too implement and stay current with new technologies. Assignment 8 6 References


A large number of security breaches are being caused by insiders, knowingly or unknowingly. (2015,


October 12). Retrieved from Goggletechinfo:


Balakrishnan, B. (2015, October 14). Insider Threat Mitigation Guidance. Retrieved from Sans Org:


France: Bank Fraud Could Have Been Stopped. (2015, October 12). Retrieved from CBS NEWS:


French bank blames trader for $7 billion fraud. (2015, October 12). Retrieved from NBC NEWS:


Internal Controls. (2015, October 12). Retrieved from


Massive Fraud in France. (2015, October 12). Retrieved from SPIEGEL Online:,1518,530673,00.html


Musthaler, L. (2008, June 02). 13 best practices for preventing and detecting insider threats. Retrieved




Sayer, P. (2015, October 12). Poor IT security to blame in Société Générale fraud. Retrieved from


Infoworld: Assignment 8


Westervelt, R. (2015, October 14). Societe Generale bolsters internal controls, discovers second insider.


Retrieved from TechTarget: 7


Solution details

Solution #000175979

[solution] »

Need a 5 page paper that will address the assignment by 12/10/16 at 7pm

Running head:

Uploaded by: Tutor

Answer rating:

This paper was answered on 14-Oct-2020

Pay using PayPal (No PayPal account Required) or your credit card . All your purchases are securely protected by .

About this Question






Oct 14, 2020





We have top-notch tutors who can do your essay/homework for you at a reasonable cost and then you can simply use that essay as a template to build your own arguments.

You can also use these solutions:

  • As a reference for in-depth understanding of the subject.
  • As a source of ideas / reasoning for your own research (if properly referenced)
  • For editing and paraphrasing (check your institution's definition of plagiarism and recommended paraphrase).
This we believe is a better way of understanding a problem and makes use of the efficiency of time of the student.


Order New Solution. Quick Turnaround

Click on the button below in order to Order for a New, Original and High-Quality Essay Solutions. New orders are original solutions and precise to your writing instruction requirements. Place a New Order using the button below.


Order Now