...Security Policy for McBride Financial Services Introduction to Information Systems Security Management CMGT 441 December 06, 2011 Security Policy for McBride Financial Services The following document was developed to respond to a request by McBride Financial Services for a security policy based perceived needs associated within the loan department and issues in implementing online loan applications (OLA). The security policy will address the current need along with any issues that may arise with their online loan application process. The majority of McBride’s customers are comprised of an affluent demographic of professionals, families looking to purchase a home, and retiree’s requesting mortgages (University of Phoenix, 2005). McBride’s customer base is largely well educated individuals who generally keep an eye on personal information and financial records and would most likely be aware of any unauthorized changes. Therefore, it is of extreme importance that McBride Financial secures this data. The areas included in the security policy for the loan department will include the following: • Physical Security Policy • Account Access Controls Policy • Data Backup Policy • Non-Compliance Policy The implementation of electronic key cards will be recommended to McBride as a source of control in the physical security area. This will restrict employees only to have access to areas they are authorized to be in. Any employee accessing an unauthorized area of the...
Words: 596 - Pages: 3
...Security Policy Marc Johnson CMGT/441 December 21, 2014 Praful Dixit Security Policy for McBride Financial Services Information Technology (IT) Security Policy I. SCOPE This IT Security Policy has been undertaken In order to safeguard sensitive, confidential, and proprietary information that is passed through the network of McBride Financial Services. The safety and security of such information is vital to the success of McBride Financial Services and any sensitive information that is compromised would be harmful to McBride Financial Services and its efforts as an organization. Use of information technology networks by employees of McBride Financial Services is permitted and encouraged where such use supports the goals and objectives of the organization. However, McBride Financial Services has a policy for the security of the information that is shared trough these networks. Employees must ensure that they: * Comply With the current IT Security policy, * Use information technology networks in an acceptable, safe, and responsible manner, and * Do not create unnecessary risk to McBride Financial Services by their misuse of information technology networks. II. POLICY STATEMENT All members, employees, guests, and individuals are responsible for adhering to this IT policy and maintaining the security of proprietary information shared on the information technology networks of McBride Financial Services. This IT Security Policy is applicable...
Words: 711 - Pages: 3
...This document is to describe the Information Security requirements of Online Application Services and Application Service Providers that engage in business with McBride Financial Services. This policy applies to any use of Online Loan Applications (OLA) and any outsourcing to Application Service Providers (ASP) by McBride Financial Services, independent of where hosted. The Online Loan Application or Application Service Provider's Sponsor must first establish that its project is an appropriate one for the OLA/ASP model, prior to engaging in any additional infrastructure teams within McBride Financial Services or any external Application Service Providers. The department wanting to use an Online Loan Application or any Application Service Providers service must confirm that the Application Service Providers chosen to host the loan applications of McBride Financial Services complies with this policy. The Business Function to be outsourced must be evaluated against the following. The requester must go through the OLA/ASP engagement process with the Information Security Department to ensure affected parties are properly engaged. In the event that McBride Financial Services data or loan applications are to be manipulated by, or hosted at, any ASP's service, the ASP sponsor must have written, explicit permission from the data/application owners. A copy of this permission must be provided to the Information Security. The information to be hosted by an ASP must fall under...
Words: 528 - Pages: 3
...Security Policy Wendy Lee CMGT/441 July 11, 2013 Marilyn Harris Security Policy A security policy is developed based on perceived needs associated within the loan department and any issues in implementing online application. McBride Financial Services located in the virtual organizations needs a security policy to protect customer information against hackers. Hackers are finding new ways to hack customer information. Identity theft is a leading crime in the world. Developing a security policy for McBride Financial Services can be demanding. Hugh McBride and Abram LaBelle of Smith’s consulting discuss the priorities for safeguarding personal information on a secure website. McBride needs a security policy to satisfy the business needs of McBride Financial Services. McBride discusses securing personal information from both external and internal threats. Majority of McBride customers are families looking to purchase a home. Loan applications are processed online. While processing loan applications, McBride Financial Services has to collect a large amount of customer information. This information may include social security numbers, birthdate, address, credit card information, background information, bank information, credit score, and etc. It is important to secure McBride financial data because McBride’s customer base is well educated individuals, who will keep an eye on personal information and financial needs. The customers will know of any unauthorized changes...
Words: 601 - Pages: 3
...McBride Financial Security Policy To bring McBride’s electronic key online will provide a great source of control in their area of physical security. Employees will only have access to areas that their work in and access to information according to their rank in McBride facility. Any unauthorized access to any area of any McBride facility will be punishable in accordance with McBride's Non-Compliance Policy. If an access card, key are lost or stolen or is not returned a fee will be charged for a new item. When an access card is lost, it will be deactivated immediately until a new card is issued. When processing a loan application, McBride is in control of large amount of sensitive customer information including the customer’s credit report and history. The protection of this information is very important. To protect data from loss, equipment failure, or intentional destruction, all mortgage applications and associated data will be backed up to magnetic tape as well as archived to a remote server daily. Magnetic tape backups will be performed every evening (except for Sunday when tape drives will be cleaned and maintained). All data backups will be perform only by an authorized member of McBride's in-house IT department. Another way that McBride will now protect sensitive data is through account access controls. Passwords, encryption, and pertinent classification of data are a few measures that will be implemented to ensure this protection. Every procedure and process...
Words: 663 - Pages: 3
...McBride Financial Risk Assessment Information Systems Security Risk Management McBride Financial Risk Assessment Overview The purpose of Risk Assessment is to identify potential risks that could impact the operation of the business of McBride Financial Services. This will analyze the approaches to be implemented for omission of avoidable risks and the minimization of the risks that are unavoidable. In this quest, team B has chosen Sioux Falls office of McBride Financial Services, which will involve a risk assessment overview of several different topics. The discussions will be the use of toxic chemicals in the vicinity of business, public transportation facilities that might handle the carriage of dangerous or hazardous substances, any potential targets of criminal activities and potential targets of terrorist activity. Toxic Chemicals Chemicals are a necessary part of any work location. They can be used in work processes, for cleaning, and other functions. Chemicals can be found in solid, dust, liquid, and gas or vapor forms. "Industrial chemicals can be described by the physical form of the chemical (that is, whether it is a dust, fume, vapor, gas, etc.)." (Chemicals in the Workplace) The company needs to identify all the chemicals used at the McBride facility. The individual chemical components should be listed for a safety review. Material Safety and Data Sheets (MSDS) will be obtained and stored onsite for all chemicals used. MSDS is available for all chemicals...
Words: 2674 - Pages: 11
...Security Policy 1. Introduction The McBride Security Policy is intended to protect its digital and physical assets as well as protect the rights and privacy of McBride Financial. This policy details best practices, company guidelines, and regulations which are to be implemented and followed from inside the scope of Information Technology. The security team has created this document to protect users from virus attacks, compromise of network systems, and any legal ramifications that may occur because of this. While responsibility is on IT security to provide these tools, McBride Financial employees must know these guidelines and follow them as they may be held liable for any violation of the contents of this policy. 2. General Use and Ownership 1. All data created by McBride's employees is the property of McBride Financial Services. McBride's data should never be placed on an unauthorized device, moved, altered, deleted, or sold without the consent of IT Security. 2. Employees are required to use good judgment when on the internet. While IT Security has implemented UTM systems to restrict the personal use of internet, employees are still responsible for any rogue executables or malware in which they download from their e-mail. If an employee feels they are visiting a website in which they should not be allowed, they should contact IT security immediately at itsecurity@mcbridefinancial.com immediately. 3. McBride IT Security has the right to monitor...
Words: 792 - Pages: 4
...McBride Financial Website Security Plan Reggi CMGT/441 April 7, 2014 University of Phoenix McBride Financial Website Security Plan Introduction McBride financial services is upgrading their website to be more interactive with clients. The goal is to create self-serve options for clients though the website and through kiosks located in the offices. McBride wants to reduce the number of employees needed to handle client accounts using this new business plan. The new plan will increase the need for data protection to ensure that customer’s personal data is kept same during all points of the application and loan process. Implementing online loan applications means customer information will be input into web forms and then transferred to the company database. This creates the potential for hackers to steal or corrupt the data and to use it to gain access to other company servers. In order to prevent this from occurring and limiting the damage done in the case of a successful attack McBride must implement a Prevention, Detection, and Recovery plan. Prevention A prevention plan for McBride will be need to include protection for the company servers and protection for client information. The first step in this plan is to establish a demilitarized zone (DMZ) to separate the web server from the company databases and other company servers. The most secure way to implement this is to use two firewalls. The first one will be set to allow necessary traffic to the web server...
Words: 1058 - Pages: 5
...Risk Assessment Introduction Sioux Falls, SD is one of McBride’s locations. McBride Financial Services utilizes sensitive equipment and toxic chemicals during its manufacturing process. These high end and dangerous items place the location at risk. Some of the threats include: use of toxic chemicals, public transportation, crime, and acts of terrorism. It is McBride’s responsibility to mitigate these threats. Use of Toxic Chemicals McBride Financial Services must control the risk of its use of toxic chemicals. “In its 2009 report Science and Decisions: Advancing Risk Assessment, the NAS recommended a process to address and communicate the uncertainty and variability inherent in a risk assessment…” (Janssen, Sass, Schettler & Solomon, 2012). Toxic chemicals not only provide a risk to the environment when mishandled, but also to the pocketbook of the organization responsible. Mishandling of toxic materials also act as a lure to the ill-intent. Crime, terrorism, and fanaticism all relish an opportunity to obtain amounts of these dangerous items. That is why McBride Financial Services must stay steadfast in securing these materials. Crime. McBride Financial services must secure their dangerous materials against crime. Mishandling of these materials results in an increased risk to crime. It not only enables crime by making them more susceptible to it, but also acts as a siren’s call. Continuous mishandling makes them vulnerable...
Words: 1455 - Pages: 6
...Home Page » Business and Management Career Choice: Biomedical Engineering Technician Versus Financial Services Entrepreneur In: Business and Management Career Choice: Biomedical Engineering Technician Versus Financial Services Entrepreneur CONTENTS PAGE Introduction………………………………………………………………………………………………………… 3 Biomedical Engineering Technician……………………………………………………………………… 3 Education Requirements………………………………………………………………………………….. 3 Salary Ranging up to $140,000 Annually…………………………………………………………… 4 Fast-Growing Job Field…………………………………………………………………………………….. 4 Moving into Management…………………………………………………………………………………. 4 Financial Services Entrepreneur…………………………………………………………………………… 4 Starting a Business…………………………………………………………………………………………… 4 Potential Income Growth…………………………………………………………………………………. .5 Self-Management……………………………………………………………………………………………… 5 Conclusions and Recommendations……………………………………………………………………… 5 Works Cited………………………………………………………………………………………………………… 6 BIOMEDICAL ENGINEERING TECHNICIAN VERSUS FINANCIAL SERVICES ENTREPRENEUR INTRODUCTION Biomedical engineering is considered the fastest growing job field today, while the financial services industry has also remained strong due to the everlasting need for financial security. These are two drastically different career paths, and both have great potential in terms of career success. With the cost of schooling the way it is, many are wondering if it is even worth...
Words: 421 - Pages: 2
...Security Policy M CMGT/441 July 14, 2014 Instructor: Introduction This paper will illustrate the needs of a security policy for McBride Financial Services and discuss the issues of implementing the online loan application. A security policy is an essential tool for any organization, these security policy are designed to protect valuable asset of organizations such as data, demographic of clients, account numbers, and other valuable information (Stalling, Brown, Bauer, & Howard, 2008,). The online application will benefit with a security policy set in place. Security Policy The security policy has three essential parts that are the bases on establishing a well designed security policy. These principles are known as confidentiality, integrity, and availability. An organization will rely on the core principles of an effective information security system. (“Information Security, 2014”). Confidentiality. The collection of data such as but limited to; information about employees, customers, products, research and financial status, this information are stored electronic computers for sending or stored for later use (“Information Security, 2014”). Integrity. According to “Information Security” (2014), “means maintaining and assuring the accuracy and consistency of data over its entire life-cycle”. The concept of this security aspect is to ensure that the organization’s data is not modified by an unauthorized person (“Information Security, 2014”). Availability. The...
Words: 383 - Pages: 2
...McBride Financial Services: Risk Assessment What is RISK? Risk is the probability of an undesirable event. The probability of that event and the assessment of the events predicted harm must be put into a believable outcome or scenario this will combine the set of risk, reward and regret probabilities into a predicted value for that outcome. Risk is defined as a function of three variables: 1. The probability that there is a threat. 2. The probability that there are vulnerabilities. 3. The potential impact. What is risk management? Risk management is the means of balancing the costs and benefits of any business decision. The risk management process involves identifying, analyzing, and taking steps to eliminate or reduce the loss faced by an organization or individual. Risk management utilizes many tools and techniques, including but not limited to insurance, to manage a wide variety of risks. All businesses encounter risks, some of which are predictable and controllable, and others which are unpredictable and uncontrollable. Risk Management is particularly vital for any business. Common types of losses—such as theft, fire, flood, legal liability, injury, or disability—can destroy in a few minutes what may have taken the company years to build. Such losses and liabilities can affect the day to day operations, reduce profits, and cause financial hardship. These hardships can be severe enough to cripple or bankrupt a company. Through proper...
Words: 4505 - Pages: 19
...Introduction History shows that successful business has always found a way to properly embrace, implement, and manage organizational change. Organizational change as defined in our text “Managing Organizational Change” is when an organization seeks to make a transition from its current state to some desired future state. Managing this change is a process that requires proper planning, and execution, as to mitigate employee resistance, and to minimize financial loss to the organization. Today's organizational climate often mandates that companies undergo changes if they are to remain a competitive business force. Globalization and technology that is forever growing, force these organizations to respond in order to survive. Such changes may be from within the organization, at the executive level, or from the consumer perspective, as in the case of McDonald’s incorporation, and Hyundai Motors. In this paper I would like to focus on these two companies, both dealing with change within and outside the organization. Both companies embracing inevitable change, and both companies implementing “Images of Change” which will be discussed later. I will also compare and contrast the methods of change that each organization implemented, and how these changes has either helped or hurt their respective business. Evidence of Change Not even McDonald's Corp. has an iron stomach when it comes to the global economic downturn. The world's largest hamburger chain has thrived in boom...
Words: 1127 - Pages: 5
...Security Policy CMGT 441 Security Policy Current Loan Process McBride currently has two methods of applying for a loan: in-person or online. Either method eventually will return the same results; however, the online application method is faster as customers do not physically have to show up to an office to complete the paperwork. The obvious benefits of completing the loan application online far outweigh the physical appearance; however, there are a few downsides. The major downside is that should customers have questions about any portion of the loan application or loan process, they must either wait until their application has been received and turned over to a loan officer or contact one of eight offices via telephone. Current Security Issues Security of information is a major concern for businesses, but when dealing with the Internet, additional security threats emerge. Because McBride uses both an office setting and an online environment setting to accept loan applications, different security issues are related to each one. In-Person Almost all of McBride’s offices lack proper security features that will protect client information from getting stolen. All buildings located in each of the eight offices lack any sort of surveillance equipment. Because of this, hallways, offices, cubicles, and the parking area are not monitored for potential criminal activity. There are also no security measures in place that protect against unauthorized access into...
Words: 891 - Pages: 4
...Applying Risk Management Consulting Ricardo Jackson CMGT/430 April 28, 2015 Dr. Leandro Worrell Applying Risk Management Consulting According to (Whitman & Mattord, 2010) Risk Management is the process of discovering and assessing the risks to an organization’s operations and determining how those risks can be controlled or mitigated. Risk management tackles part of a law-abiding control program that organizations implement to monitor the business and make informed decisions. Most corporate leadership takes on this task while bridging together other departments within the organization requirements. While governance programs differ broadly, all programs require a well-thought-out security risk management component to arrange and mitigate security risks. The management of information systems relies heavily on risk management therefore certain fundamentals must be applied within an organization risk management plan. These principles include identification, assessment, and decision support/implementation control. Identification The risk identification process begins with the identification of information assets, including people, procedures, data, software, hardware, and networking elements. Risk Assessment Identify and prioritize risks to the business Assess Control. Assessing the relative risk for each vulnerability is accomplished via a process called risk assessment. Risk assessment assigns a risk rating or score to each specific vulnerability. This enables...
Words: 969 - Pages: 4
