Security has become an exponentially complex, complicated, and dynamic field for any organization that relies on information technology to carry out most of its transactions. Such organizations have to factor in security issues as they develop their organizational behavior and management designs (Weinstein, 2016). Among the critical areas of concern are leadership and human resource management. Staff members can be an invaluable asset or a massive liability when it comes to the issue of security in the current IT-dominated world. For an organization like the Bank of America, the considerations outlined above are critical as it qualifies as a textbook modern IT-dominated corporation (ONeil, 2018). The primary assets of the Bank of America are in its computer networks and almost all its commercial activities either happen online or include an aspect of computer networking. An online heist can rob the bank of most of its assets while an online attack can cripple the bank and visit massive vagaries on its clients. The organizational behavior and management designs for the Bank of America must thus canvass and focus on security issues from a multidimensional perspective, based both on leadership and management approaches .
An effective project for the development of a security apparatus for the Bank of America must be based on a sound strategic plan predicated on a suitable mission and vision. A suitable vision for the security strategy of the Bank of America should be based on seeking to ensure the peace of mind of all its internal and external stakeholders. Peace of mind in this scenario has an expanded meaning which includes having an assurance that all measures necessary to ensure security has been undertaken. Secondly, even if any attempted breach of security ever takes place, the system is designed to protect itself from any vagaries that might come with such a breach (Da Veiga, 2016). The mission should include developing the best possible cybersecurity apparatus for the bank, the keep on bettering its best so as to ensure absolute safety for the bank and its customers. The mission and vision above form a foundation upon which the strategic plan for the security apparatus in the organization will be based. The strategic plan will then be the blueprint upon which the security system of the bank shall be established.
Delegate your assignment to our experts and they will do the rest.
The strategic plan for the security system of the Bank of America must be predicated on a careful balance act between the three aspects of security, cost, and convenience. The tripartite balance is predicated on the fact that any extreme will adversely affect the running of the bank in a variety of ways. When it comes to security, it might be possible to create a security system that is so secure it will be dubbed the Fort Knox of Banks. However, such a high level of security will come at such an exponentially high cost that it will inordinately eat into the profits of the company (Weinstein, 2016). Acquiring hardware of software, hiring members of staff and maintenance costs may be too high for even an organization as rich as the Bank of America. Contemporaneously, such a super-secure system might also affect the ability of the bank to freely interact with its customer or operate efficiently thus also affecting profitability. On the other hand, investing too little money into the security system may increase profitability and also increase efficiency in the day to day running of the bank. However, one massive breach will erode all the benefits acquired thereby (Da Veiga, 2016). Before any activity is undertaken in developing and installing the security system, proper planning complete with virtual tests and simulation is necessary to ensure that the right blueprint for the most effectively balanced security system is attained.
Based on the strategic plan approach outlined above, the goals of the security system for the Bank of America shall be based on the three strategy limbs of confidentiality, integrity, and availability. Confidentiality in this regard to an extra-rigid form of the need-to-know-only basis. The very foundation of cyber-security in the banking sector is the limitation of information (ONeil, 2018). The bank has information that it cannot allow any members of its external environment including its customers to know about. Similarly, the customers have information that, although they have to share with the bank, would want it to be kept as privileged as possible. Finally, even inside the bank, there is some information that has to be retained within a very small and tight cycle. When it comes to integrity in the instant setting, it takes the meaning of limiting access for every user of the bank’s systems to strictly the limits of authority (Gupta, Agrawal & Yamaguchi, 2016). For example, the client can access relevant accounts but not the accounts of any other client. Conversely, the blank clerk can make necessary adjustments to the bank’s system but only within set parameters. Integrity also means limiting any and all unauthorized access. For example, hacking to siphon money or steal information is not possible. Finally, when it comes to availability, the high standards of security outlined above must be effected in a manner that they do not affect the smooth running of the bank and the ease of access to its system for the customers (Gupta, Agrawal & Yamaguchi, 2016). The three sets of goals above must be set to be attained contemporaneously in the day to day running of the organization.
With billions of gadgets being connected to the internet at any moment in time all of which are interacting in a virtue world, an effective security system needs a concrete operational philosophy. The operational philosophy for the instant system shall be predicated on a safety-based approach but with a focus on efficiency (Gupta, Agrawal & Yamaguchi, 2016). The need for balance in the instant scenario cannot be overemphasized since, without security, there will be no need for efficiency. At the same time, without efficiency, customers will no longer use the system thus eliminating any need for security. It must, however, be noted that security supersedes efficiency hence whenever there is a conflict between the ends security and efficiency, security will always prevail. In a bank setting, it is possible to use marketing to convince clients to make do with limited efficiency but a security compromise can bring down the entire organization.
After setting up the strategic plan parameters as outlined above, the next critical area of focus is the conduct of the human inference into the cyber system, through inter alia a code of ethics. The very fact that an operational philosophy and code of ethics is necessary rather than just a code of conduct is evidence on the eminence of cyber systems in modern corporations. Computer systems are no longer just a part of operations in modern organizations but are rather the essence of it (Weinstein, 2016). For example, a code of conduct can be developed or bank tellers, accountants auditors, managers, and other professionals. However, all these professionals in their respective lines of work will still need to use computers and access the cyber networks of the bank. The scope of IT is thus so wide that a code of ethics, not a code of conduct is necessary. The code of ethics within the security system of the Bank of America should have two perspectives. The first perspective relates to personal interaction with the system while the second relates to professional interaction with the system. When it comes to personal interactions with the system, security is the only primary consideration (Weinstein, 2016). Every member of staff must actively ensure that no personal activity will compromise the security of the system. Secondly, if the case any activity is undertaken that can or may affect the security of the system, the same must be reported immediately. From a professional perspective, security is the primary consideration but it must be tempered with meeting the needs of the customers. However, any potential or active events that affect the integrity of the system must be fully reported immediately (Weinstein, 2016). The code of ethics affects any and all interaction with the bank’s computer systems.
The cybersecurity system for the Bank of America shall have two sets of components based on the tripartite approach of preventative, detective and responsive. The two components are the systems component based on management on the one hand, and the human resource component based on leadership on the other. The management component will involve investment in the most advanced cyber-security software and hardware available in the market (Platt, 2018). Due to the massive size of the organization, instead of adopting an already available system, the bank should invest in a novel and specialized system specifically designed for the Bank of America. Having a novel system will not only increase its efficiency but also improve integrity as no replica will be available outside the bank. The system will then be properly maintained and regularly updated and upgraded as and when necessary (Weinstein, 2016).
The human component can also be divided into two groups, the first being the human talent specifically hired to work in the cyber-security department. It will be the role and responsibility of these group to maintain the cyber-security system and also ensure the integrity of the entire computer network at all times (Weinstein, 2016). It will also be the responsibility of this group to anticipate cyber threats and take measure to prevent their effects on the system. The second group involves each and every employee who had any access to the computer system which in most cases includes almost all employees in the organization (Platt, 2018). Through effective leadership practices, the employees will be inspired and motivated to follow the strategic plan outlined above even as they adhere to the cyber-security code of ethics.
When fully functional, the instant system will effectively carry out the primary obligation of preventing cyber-attacks and if need be also be able to detect and respond to any and all cyber-attacks that may take place. Normally, when all components work as they are supposed to do, the network will operate effectively with no active threats permeating the system. At the same time, the security will also be accompanied by effective usage so that the activities of the bank can continue running smoothly and the bank can remain profitable. However, reality has revealed time and again that no cyber system is impregnable (Gupta, Agrawal & Yamaguchi, 2016). If even the system gets breached, then the second and third components of detection and response need to effectively apply. Every security manager hopes never to have to find out how effective the detection and response system is, but it is always critical to have it in place. The detection system is able to establish and communicate about an attack as soon as it begins or at the earliest. It is important to note that like the entire system itself, detection combines both the systems and the human talent that runs the system. Proper detection also includes having as much detail about the attack as possible. It is also during this unfortunate moment that the response component of the system kicks in. Response begins with limiting the impact of the breach as much as possible. It then moves to investigate the breach and establishing how and why it took place and also evaluating its adverse effects. Finally, response also includes ensuring that such an attack does not happen again in future. However, when all the above recommendations are adhered to properly, there is a high chance that detection and response will never become necessary for in a bank, it represents the worst case scenario.
References
Da Veiga, A. (2016, July). A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument. In SAI Computing Conference (SAI), 2016 (pp. 1006-1015). IEEE
Gupta, B., Agrawal, D. P., & Yamaguchi, S. (Eds.). (2016). Handbook of research on modern cryptographic solutions for computer and cyber security . Hershey, Pennsylvania: IGI Global
ONeil, E. (2018). Bank of America - an overview of its history and operations. Retrieved from https://www.thebalance.com/bank-of-america-overview-315118
Platt, A. (2018, November 12). Cyber-security professionals must rethink their strategy of beating cyber-attacks. Retrieved from https://www.globalbankingandfinance.com/cyber-security-professionals-must-rethink-their-strategy-of-beating-cyber-attacks/
Weinstein, R. (2016). Cybersecurity: Getting beyond technical compliance gaps. NYUJ Legis. & Pub. Pol'y , 19 , 913-942
