Question Details

[solution] »

Need a 5 page paper that will address the assignment by 12/10/16 at 7pm


Running head: As


Description

Answer Download


The Question

Need a 5 page paper that will address the assignment by 12/10/16 at 7pm


Running head: Assignment 8 1 One of France?s oldest banks, Societe Generale experienced an internal malicious attack. Societe

 

Generale is a universal multinational banking and financial services company headquartered in

 

Paris that origins date back to 1864. The bank is ranked the third largest bank in France. They

 

have corporate branches throughout eastern European.

 

A former Societe Generale bank employee, Jerome Kerviel was charge with breach of trust,

 

unauthorized use of the bank?s computer systems and forgery which cause the bank to loss a total

 

of 7.14 billion dollars from 2006 into 2008. The culprit Jerome Kerviel was accused of

 

conducting fictitious transactions by embellishing of hedge fund to investors with fictional rates.

 

The investors where assuming they were buying into a medium to high risk fund that will

 

produce a high rate of return. Kerviel, orchestrated a scheme of perception to these

 

investors/traders by creating a fraudulent network of useless documents to carry out his web of

 

misconception. The malicious intent that Kerviel carried out would established a new norm for

 

ithe concept in migrating the insider threat. Diagram 1[Int15]

 

Diagram 1 illustrates the succession that must be carried out when implementing a successful

 

internal control process of events. These attributes will define the integrity of your business

 

processes to ensure internal directives are sustain for operational use. If falter the occurrences

 

that Societe Generale experience will appear and have the potential of demising your

 

organizational reputation and trust.

 

The risk assessment process assigns a comparative risk by the self-examining the business

 

structure. The business impact analysis (BIA) who may conduct the assessment can identify

 

potential threats and incidents beforehand to determine if a viable countermeasure can be

 

established if needed. It appears if Societe Generale had reconstructed their current business

 

practices by review and comment that the suspect failsafe?s would have identified Kerviel

 

potential for an inside treat. Assignment 8 2 The controlling of the environment at the enterprise risk level can be enforced by executive

 

management. This process would fortitude proper safeguards to include check and balances of

 

financial and internal auditing by establishing sound processes. Kerviel, argument when arrested

 

was that management knew of his common business practices by enticing the investor by having

 

a multitude of surplus available that showed profitable gains and value to be added. Kerviel,

 

argument prelude into the corporate culture and philosophy that top level management was well

 

aware of these fraudulent actions and indeed turned a blind eye to his perspective in wrong

 

doings.

 

Control activities are core component for a service organization to put in place policies and

 

procedures to ensure effective normalcy within the financial sector[Fra15]. Kerviel took

 

advantage of Societe Generale lack thereof proper policy implementation. The risk associate with

 

one individual having unlimited access to customers? accounts with little to no oversight was the

 

avenue of deconstruction of the organization trust and integrity with its customers. Kerviel

 

approached this facet of business spectrum as being less guarded with few to no oversight that

 

would have normally each and every one being accountable for.

 

Information needs to be commutated in a fashion that is clearly understood. In my readings I find

 

no inclination of Societe Generale having no formal awareness training in place. Kerviel argued

 

that his practices where the norm with no specific training awareness being instructed for

 

organizational use. The proper awareness training platform should address all pertinent

 

information related to the importance of InfoSec within a financial environment. There is little to

 

no room for potential customer dissatisfaction when in commerce trading.

 

Within a financial environments monitoring of systemic use should be conducted with normalcy

 

to ensure accuracy and internal mandates are adhere to. Kerviel, viewed the lack thereof proper

 

monitoring of transactions as a means of internal control of the networking infrastructure.

 

An alternatives/solutions that Societe Generale could have invested in was having a third party

 

vendor or financial subject matter expert inspect the logs and all pertinent documents that will

 

substantiate relative findings. This form of third party look overs would have intensified the

 

relativeness of checking and validating proper monetary transactions are being conducted in a

 

manner of policy expedites.

 

The insider threat in many organization is a non-avoidance act due the nature of what is

 

presented. Kerviel had the advantage that he knew how the risk management process worked.

 

Kerviel could bypass system controls in order to set up false counter trades to circumvent any

 

safeguards that where present. Since the hiring of Kerviel in 2000 he build an intensive

 

knowledge base on how everything worked and the interaction with one another. In every aspect

 

of trading Kerviel knew all the in?s and out?s in which he knew exactly how to cover-up

 

fraudulent positions that he create.

 

In order to combat insider threat any organization either big or small should encompass the

 

following in the normalcy of day to day operations.

 

1. Institute periodic enterprise-wide risk assessments. Assignment 8 3 An organization must incorporate at the enterprise level InfoSec. A critical assessment must be

 

conducted followed by a defining strategy matrix of what assets that need to be safeguarded from

 

both insider and outsider threats.

 

2. Institute periodic security awareness training for all employees.

 

All employees within the organization must be trained on the awareness of security policies and

 

procedures. These training forums must address the importance of maintaining proper security

 

posture at all times and no one is to falter when doing so. The enforcement of proper security

 

constraints must be represented organizational wide to include executive staff to the mail room

 

clerk. Security in paramount when dealing with customer?s PII.

 

3. Enforce separation of duties and least privilege.

 

The enforcement of separation of duties should be the top echelon of security controls. Kerviel

 

should not have had as many privilege as he had. He should have had only privileges that was

 

required for his day to day job resource requirement.

 

4. Implement strict password and account management policies and practices.

 

Set a strenuous password policy to include numbers, special characters, capital and lower case

 

letters. A password reset should be conducted at a minimum every 120 days.

 

5. Log, monitor, and audit employee online actions.

 

Employees should be informed that all the information and data that is collected when working

 

on a company owned devise is intellect property and is subject to be monitored and audited

 

accordingly within organizational standards. By doing this, this places the employee in a position

 

of total awareness when management stress or deem viable in confiscated organizational owned

 

devices.

 

6. Use extra caution with system administrators and privileged users.

 

Vigilance must be adhere to for system administrators and privileged users. This allows for

 

oversight for those users.

 

7. Actively defend against malicious code.

 

Ensure system administrators and privileged user?s conduct all describe patches on time.

 

8. Use layered defense against remote attacks.

 

Organizations should use a defense in depth approach for system administrators and privileged

 

users. These users must have coworker compliance to ensure all efforts that are deployed are

 

accountable.

 

9. Monitor and respond to suspicious or disruptive behavior.

 

All employees are responsible for InfoSec. Policies and Procedures should encompass a means

 

for an employee to report disruptive behavior if the deem necessary.

 

10. Deactivate computer access following termination. Assignment 8 4 If an employee is terminated either beginning favorable or not, his or her access should be

 

disable immediately. This recourse is to ensure the former employee doesn?t have a means to

 

retrieve data or access any computer network infrastructure.

 

11. Collect and save data for use in investigations.

 

If an attack do occur, there should a method of gathering evidence for future criminal judication.

 

12. Implement secure backup and recovery processes.

 

Implement on a daily basis a backup/recovery process. If an incident do occur you have the

 

means to retrieve data from a previous day or a previous month. This data will be used strictly

 

for recovery and operational use thus forward.

 

13. Clearly document insider threat controls.

 

Publish within the AUP the significance of establishing the internal threat controls and the

 

consequences associate withit when falter[Mus08]. Diagram 2. [Ala15]

 

In closing Jerome Kerviel, had too much power in speaking in relative terms. He had the where

 

of all to pull off an elaborate scheme of misconception due to the lack thereof security controls

 

that where not in place or followed at Societe Generale. Kerviel drive and determination didn?t Assignment 8 5 reward him any monetary value but bolster his ability to cause fraudulent trades. Kerviel presents

 

an organization worse nightmare, the person or persons that are hired to conduct business

 

transactions for the organization to increase profit margins but decides on to create havoc and

 

chaos. His demise is a welcoming call for the future IT professional to ensure when they are put

 

into positions of authority that they too implement and stay current with new technologies. Assignment 8 6 References

 

A large number of security breaches are being caused by insiders, knowingly or unknowingly. (2015,

 

October 12). Retrieved from Goggletechinfo: http://www.googletechinfo.com/large-numbersecurity-breaches-caused-insiders-knowingly-unknowingly/

 

Balakrishnan, B. (2015, October 14). Insider Threat Mitigation Guidance. Retrieved from Sans Org:

 

https://www.sans.org/reading-room/whitepapers/monitoring/insider-threat-mitigationguidance-36307

 

France: Bank Fraud Could Have Been Stopped. (2015, October 12). Retrieved from CBS NEWS:

 

http://www.cbsnews.com/stories/2008/02/04/business/main3785088.shtml

 

French bank blames trader for $7 billion fraud. (2015, October 12). Retrieved from NBC NEWS:

 

http://www.msnbc.msn.com/id/22818054/ns/business-world_business/t/french-bank-blamestrader-billion-fraud/

 

Internal Controls. (2015, October 12). Retrieved from Successimg.com: http://successimg.com/internalcontrols/

 

Massive Fraud in France. (2015, October 12). Retrieved from SPIEGEL Online:

 

http://www.spiegel.de/international/business/0,1518,530673,00.html

 

Musthaler, L. (2008, June 02). 13 best practices for preventing and detecting insider threats. Retrieved

 

from NETWORKWORLD: http://www.networkworld.com/article/2280365/lan-wan/13-bestpractices-for-preventing-and-detecting-insider-threats.html

 

Sayer, P. (2015, October 12). Poor IT security to blame in Société Générale fraud. Retrieved from

 

Infoworld: http://www.infoworld.com/article/2648517/security/poor-it-security-to-blame-insoci-t--g-n-rale-fraud.html Assignment 8

 

Westervelt, R. (2015, October 14). Societe Generale bolsters internal controls, discovers second insider.

 

Retrieved from TechTarget: http://searchsecurity.techtarget.com/news/1315178/SocieteGenerale-bolsters-internal-controls-discovers-second-insider 7

 


Solution details

Solution #000175979

[solution] »

Need a 5 page paper that will address the assignment by 12/10/16 at 7pm


Running head: As.zip

Uploaded by: Tutor

Answer rating:

This paper was answered on 14-Oct-2020

Pay using PayPal (No PayPal account Required) or your credit card . All your purchases are securely protected by .

About this Question

STATUS

Answered

QUALITY

Approved

DATE ANSWERED

Oct 14, 2020

EXPERT

Tutor

ANSWER RATING

BEST TUTORS

We have top-notch tutors who can do your essay/homework for you at a reasonable cost and then you can simply use that essay as a template to build your own arguments.

You can also use these solutions:

  • As a reference for in-depth understanding of the subject.
  • As a source of ideas / reasoning for your own research (if properly referenced)
  • For editing and paraphrasing (check your institution's definition of plagiarism and recommended paraphrase).
This we believe is a better way of understanding a problem and makes use of the efficiency of time of the student.

STUCK WITH YOUR PAPER?

Order New Solution. Quick Turnaround

Click on the button below in order to Order for a New, Original and High-Quality Essay Solutions. New orders are original solutions and precise to your writing instruction requirements. Place a New Order using the button below.

WE GUARANTEE, THAT YOUR PAPER WILL BE WRITTEN FROM SCRATCH AND WITHIN A DEADLINE.

Order Now