You have been hired as a security consultant to develop policies that document the minimum security requirements for Regional Bank covering its financial system and customer-facing online web service.
Part 1: Regional Bank Financial Software System (RBFSS)
Regional Bank has an accounting system that tracks its revenue, accounts receivable, accounts payable, and employee payroll.
Write a 2- to 3-page security policy for RBFSS in which you describe:
Access control-based user roles for each component (accounts receivable, accounts payable, employee payroll)Password requirements and protectionPassword protected screen saversData encryption at rest
Annotate each security control with at least one Critical Security Control (CSC) from the Center for Internet Security (CIS).
Part 2: Regional Bank Financial Software System (RBFSS)
Regional Bank has an online web-based service for its customers that allows for online banking.
Write a 1- to 2-page security policy for the RBFSS web-based online banking system that includes a brief description of the following security controls:
Authentication method for customers to log inEncryption of data in transitWeb browser securityDeployment of anti-malware software
Annotate each security control with at least one Critical Security Control (CSC) from the Center for Internet Security (CIS).
Annotate at least one OWASP Top 10 security risk that could be associated with each of the security controls above.