Question A) Do they have an internet that uses Transmission Control Protocol / I
ID: 3913876 • Letter: Q
Question
Question A) Do they have an internet that uses Transmission Control Protocol / Internet protocol (TCP/IP) heavily? B) Do they have any security software installed? C) What would be your major security concerns? urity Issues (ase 10: Real-Wire re u in Chicago. It is currently under contract to the Department of Treasury wo public electronic funds transfer (EFT) network with its head office and major com- and EFT initiatives when federal systems are overloaded. They have handled Wire is a pater switch sist in e-commerce to the Department of Ireasury to which has increased their workload by 15-20% on occasions. The company vitches in each capital city throughout the United States, including Alaska and e linked into a national communications network. Approximately 200 financial (banks, building societies, and credit unions) use the network to provide automatic EFT hat audit evidence is computer sv Hawal i, which are lle machine and point-of-sale services to their customers Ral-Wire has only been in operation for 15 years, but during that time it has been very suc stil.When the United States began to deregulate its financial markets in 1985 and foreign anks began to enter the marketplace, Real-Wire obtained substantial new business because it ould offer these financial institutions immediate EFT services key system. Y As a consultant specializing in computer controls and audit, you have been hired by the man- stem or invest in ging director of Real-Wire to examine the state of controls within the EFT system. She explains you that an increasing number of potential customers are requesting some type of independent ner. The syscm urance that controls within the system are reliable. Accordingly, she has decided to initiate a ent of the cmauatrols review of the entire system so that a third-party "letter of comfort" can be provided to run. Your com- ptential customers part of your controls review focuses on the main switch in Chicago. As part of your planning for the switch. In terms of short-term you examine the status of disaster recovery controls appear to be in place and working. Backup tapes for all data and prog protocols rt of the CPAThe rams are of-site to enable recovery if programs and data are lost for some reason. In or short-term recovery are well documented, and operators seem familiar with n these protocols. From time to time they have to exercise these protocols because lawsuit?
Explanation / Answer
Information Technology Audit
An IT audit is carried out to evaluate the performance of the IT infrastructure in the organisation to ensure that it is reliable and not vulnerable to any attacks or contain any potential risks which leads to system failures and outages.
The following are the benefits of an IT audit:
Process of carrying out an audit:
For the given scenario, the Real Wire company is a banking and finance sector company that is responsible for carrying out Electronic Fund Transfer(EFT) activities on behalf of its clients.
The major responsibility of the company is to assist e-commerce activities and deliver EFT whenever the federal systems get overloaded.This activity adds additional workload that is around 15 – 20% according to the usage demand.
All these activities are carried out on national communications network, which is being used concurrently by approximately 200 financial companies to deliver services such as ATM or POS to their customers
The company upgraded its services recently due to the restrictions by the federal government laws, which offer instant EFT services to its clients.
EFT(Electronic Fund Transfer)
It is the process of exchanging money digitally from one bank to another without the intervention or involvement of the bank staff.this can be done thrugh the following methods:
Most of the EFT based applications used secure data storage and access protocols to ensure reliability of data which is being most sensitive that needs to be handled with utmost care so that it is not misused at any case during or after the transaction
For this reason, several protocols (like E-cash,Netcash,CAFE) have been designed especially for the use of banking and finance transaction that frequently handle sensitive information that is related to the customers bank accounts. Along with this strong encryption driven algorithms ensure the data authentication and security.
Special kind of network hardware such as transaction switches and hubs are used instead of the general purpose network switches and hubs. These hardware devices are designed to ensure security of the data by enforcing security by hardware encryption protocols so that the data can be encrypted and decrypted at the terminals and the encrypted data is passed over the network.So by using this kind of devices , Legacy networks such as TCP/IP over dial – up or even broadband can be used to perform banking transactions securely from any computer connected to the network
The problems identified in the given scenario are:
Potential Risks:
A) Do they have an internet that uses Transmission Control Protocol / Internet protocol (TCP/IP) heavily?
Yes, but as specified in the scenario there is a significant load on the network as there is a surge in the utilisation of the entire bandwidth for the business activities and maintenance on the same available network .It also adds additional load to the network switch due to the increase in the flow of data during backup recovery which transfers the data from the data backup server .The protocol being used can probably be TCP/IP as the transaction arrive from ATM / POS devices from the company’s clients
B) Do they have any security software installed?
It was not specifically mentioned in the given scenario but its was mentioned that the short term recovery methods are well documented and protected and the operators are familiar with the protocols-which clearly says that the security mechanism are implemented (as the transactions are related to banking activities).
C) What would be your major security concerns?
The solution to the above problems could be arranging another dedicated switch to handle backup transfers separately to speed up the disaster recovery process thereby reducing the down - time .Also by adding backup network providers to perform business activities incase of network failures