Description

COM 590

Assignment 8

Analyze the policies, vulnerabilities, risks, and internal controls for a French bank (Societe Generale) that

was a victim of a large scale fraud and recommend improvements to the company’s IT security policies.

This assignment calls for a systematic analysis of an organization’s policies, vulnerabilities, risks, and

internal controls. Many scientific, engineering, information, and accounting disciplines advocate general

steps to problem-solving utilizing a systems approach.

At this point in your academic career, you should be proficient at applying such a general approach to

solving specific problems. Select and adopt such an approach with which you are most comfortable from

your prior professional and academic experiences to apply to this assignment.

Suggested steps to the general systems approach to problem-solving are as follows:

1. Define the problem

2. Identify evaluation criteria/measures of effectiveness

3. Identify alternatives/solutions

4. Evaluate/analyze alternatives utilizing analytical techniques consistent with step 2

criteria/measures

5. Select and display preferred alternative(s)/solution(s) consistent with the analysis in step 4

6. Implement and monitor step 5 solution(s)

Refer to the French bank Societe Generale in the following URLs:

Additionally, review specific readings regarding security controls, audits, inspections, risk assessment,

and countermeasures. Utilizing an appropriate methodology for analysis (which may be adapted from the

above 6 steps), identify a set of 8-10 recommendations toward solving the fraud issue of French bank

Societe Generale.

There are three additional things to keep in mind:

Defining the problem or issue will require a data gathering stage.

1. Problem-solving is not a once-through sequence of steps always performed in a specified order. It

is full of iteration and feedback loops.

2. Finally, you will not be able to implement and monitor your recommendations in this assignment.

Perhaps that means provisions for implementation and monitoring should be part of your

evaluation criteria.

Your paper should include the following:

•  Identification and discussion the policies, vulnerabilities, risks, and internal controls for the French

bank;

• Evaluation of the weaknesses and impact on secure bank operations;
•  Recommendation and discussion of 8-10 security controls and countermeasures for mitigating

problems in and improving the bank’s security posture;

•  Discussion of the methods that organizations can use to effectively achieve the adoption and

implementation of the security policies, controls, and countermeasures.

Prepare your paper to the following format:

• A single Word Document 5 - 7 pages (font size - Times New Roman 12)
• Single spaced with one-inch margins all around
• All citations and the reference list in the paper should be formatted in accordance with APA 6 th

edition (or later) guidelines