Cyber practices in an organization

Cyber practices in an organization

As technology continues to grow, so does the need for secure cyber practices in an organization. Cyber threats are increasing, and attackers are focusing on all organizations, including the small-scale organizations from Finger Lakes community bank to government agencies such as Customs and Protection (CBP). For an organization to succeed in ensuring efficient cyber protection, the executives must invest in security and provide the necessary support to implement adequate security measures in the organization. Security is all about knowing system vulnerabilities and the recommendations to take in case a cybersecurity incident happens. Many cases of cyber-attacks have been witnessed as the human user is the most vulnerable resource in an organization, especially when a hacker doesn’t have the software, hardware, or operating system in a specific environment. Social engineering is much useful because, as we speak, people have been noted to be the weakest and most vulnerable assets in a network/system. Hackers use sophisticated tactics as well as communication skills to breach organizational security. The first step is determining system/ network vulnerabilities, a hacker approach geared towards exploiting the existing system vulnerabilities. In other words, thethe process of owning the system. An awareness of campaign alerting top officials, employees, and their parties is essential in ensuring safety. Finger Lakes community bank has been experiencing cyber challenges,, and the management doesn’t have a clear understanding of the benefits of ensuring quality cybersecurity infrastructure. This has contributed to exploitation of the bank system by external parties including hackers to disrupt normal operations of the business. This Report identifies legal and regulatory policy issues and recommends cybersecurity approaches that will help the bank operate smoothly in detecting and responding to security incidences in the future and guidelines of ensuring that all relevant audiences understand what’s needs to be done and how to do it.

Executive summary

This incident response plan comes with lots of benefits and boosts organization preparedness for any anticipated attack. The incident response plan is a detailed security plan with a complete incident process approach that outlines several measures to be taken in case of a cybersecurity incident. These include detection, response, communication, reporting, and prevention of future incidents. Each of these phases has been broken into several steps accompanied by an incident response process diagram with clearly outlined roles and responsibilities that relates to that step. The diagram, identifies a logical sequence of actions to be taken by the shareholder in addressing a scenario and a rationale behind each situation.

Following is a course of action table which describes logical steps to an attack from beginning to end, detection methods, and detection location for different attack patterns and the achievement expected in any incident. The stakeholders can see how the security measure map with the features of the adversarial threat.

Finally, this Report provides countermeasures analysis. The countermeasures analysis offers a narration on how the security measures captured in the course of action table will be useful in addressing the stated attacks. The Report explains how the countermeasures will minimize the negative impacts of aggression in an organization and organization operations and how a rationale on countermeasures at the personnel level. Designing a security strategy is a critical approach that ensures that the company is always ready for any attack. This involves building full-fledged in-house security capabilities that address all the identified cybersecurity risks and mitigation to those risks. Support from management is essential to ensure action plans have been set to mitigate cyberattacks risk.’

Legal, Regulatory, and Policy Compliance

Finger Lakes community bank is a financial organization. This means that the regulations and guidelines affecting the organization are those that have been defined by the Financial Industry Regulatory Authority (FINRA). This authority is an independent self-regulatory organization authorized by the United States Congress for broker-dealers doing business in the United States. FINRA regulations outlines several rules for detection and mitigation of several threats and incidents that possess a threat or can compromise consumer identities and mandates that policies and procedures be submitted in regards to the protection of consumer data from cyber incidences. FINRA’s Report presents several recommendations regarding main cybersecurity topics such as insider attacks, phishing, penetrations testing programs, controls in branch offices, and handling mobile devices.

Besides, the firm is a financial firm in the state of New York. It is required to comply with 23 NYCRR 500 cybersecurity laws defined by the department of financial services. NYCRR 500 cybersecurity policy covers all entities under the department of financial services. This regulation demands financial companies to implement a detailed strategy and measure to ensure consumer data privacy. In summary, 23 NYCRR requires established entities to assess their cybersecurity risk profiles and make the implementation of a detailed plan that lists the risks and an approach to mitigate those risks. The policy provides several minimum regulatory standards to assists entities in preventing data branches.