Benchmark – Developing Enterprise Framework for a Security Program

  

COMPANY PROFILE: 

Mission Statement

The mission of Across the States Bank is to provide superior customer service and tools that enable citizens of the United States to manage their money domestically and abroad.

Vision Statement

Our vision is to become the premier banking services provider across all business segments through offering outstanding customer-centered service.

Across the States Bank (ASB) takes pride in providing our customers with superior service and the ability to manage their finances 24/7 from anywhere in the world. As one of America’s largest banks, our 132,500 employees are available to address personal and business banking customer needs any time of the day or night by phone, e-mail, or through our online chat feature. Our seamless online and mobile banking and 24-hour customer support ensure that your money management needs can always be met.

Based in Metropolis, California, ASB offers over 17,000 branch offices and ATMs to service customers across the continental United States. When traveling abroad, ASB customers can easily access accounts and complete routine banking transactions in most European nations through our foreign partner, Across the EU Bank. Always looking for means of expanding our $10 billion business, we are developing additional foreign partnerships that will soon allow us to expand our services to South America and Asia to better meet our customer needs.

Products and Services

Personal Banking

As one of the nation’s leading personal banking service providers, ASB allows individuals to select from a wide range of banking services, including:

  • Savings and      checking accounts
  • Debit and credit      cards
  • Personal and      automobile loans
  • Home loans,      including first mortgages, home equity, and lines of credit
  • Insurance
  • Investment      banking services
  • Wealth management      and estate services

Business and Commercial Banking

To meet the diverse needs of business and commercial customers, ASB offers individually selected and bundled services, including:

  • Business savings      and checking accounts
  • Business loans
  • Merchant services
  • Payroll services
  • Insurance
  • Investment      banking
  • Trust services
  • Shareowner      Services

Strategic Goals

  • Increase annual sales to $12 billion within the next 3 years.
  • Improve customer relations and customer service response times through the implementation of a state-of-the-art customer resource management system.
  • Increase services in the commercial sector by 15%.
  • Achieve      an average customer service satisfaction survey score of 95%

1. Select a fictitious company to use for the duration of this course and create an associated abbreviation (e.g., Across the States Bank (ASB), Lopes Manufacturing (LM), or Pike’s Peak Health Care (PPHC)).

2. For the company selected, research online or use Chapter 2 of the textbook and identify, at minimum, two laws or regulations that include a set of standards the organization must implement to achieve compliance (i.e., PCI DSS, HIPAAHITECH, ISO/IEC 27001:2013, or NISPOM 5220.22).

3. Use the “NIST 800-53r5 Framework – Appendix C, the two identified laws, and the ITT-430 Developing Enterprise Framework Template,” to map the various standards to the controls within the framework. Refer to the ITT-430 Developing Enterprise Framework Example.

4. Map a minimum of two NIST controls per law or regulation. NIST 800-53 controls may duplicate across standards as shown in the Developing Enterprise Framework Example (see SC-13).

5. Complete at least 25 mappings.

6. In the “Notes” column, briefly explain the purpose that the two laws or regulations and the associated controls are trying to achieve. For example, the first row in the example is establishing a policy on risk assessment and the identification and management of threats and vulnerabilities.

7. Research and create a security program framework outline for your fictitious company that aligns to the mission and vision of the company. Your outline should include a table of contents; list the topics your company would need to address in order to resolve the many issues of its business concerning confidentiality, integrity, and availability.

8. In 500750 words, explain your security framework outline and how it is specific to your company. Explain why you chose to include your specific topics and how they will help to secure your companies interests as well as systems long term, differentiating between legal, regulatory, and framework compliance needs. Describe the major components, policies, and processes related to cyber defense, security controls, and network security.

9. Include at least two references outside of the required reading.