Requesting review of paper for corrections and to be sure th

Requesting review of paper for corrections and to be sure there is no plagiarism.Original Paper:Information technology /security gaps identified.It was noted that with the aid of an external consultant, Bank Solutions had their current data center DRBC Plan written down in the year 2007 and was last tested in the same year. The testing was a shallow table-top walk-through with no intensive assessments to ensure dependability and compliance to industry standard security frameworks. The plan has taken long before being updated hence some elements of the plan may not be addressed wholly as purposed. With an acute increment and unprecedented growth in information technology and security systems over the years, the outdated DRBCP would prove ineffective at the face of an information security breach or a disaster. This is due to the use of outdated elements such as outdated hardware and software.One of the potentially risk-posing conditions for Bank Solutions is the fact that plan participants do not have copies of the DRBCP. Moreover, the participants have not been trained on how to use the plan, following the procedures therein and having an accurate detailed conversancy with the implementation of the plan. As the immediate arm of the organization, the plan participants team ought to be well conversant and updated with the full information contained in the plan, having received accurate sufficient training on the statutory implementation of the plan. This stands to compromise Bank Solution’s ability to recover from a disaster and get back on business continuation due to unknowledgeable and uninformed human resource handling the recovery process. With time as a key component for production, there would be Despite having implemented a robust host-based IDS and detailed logging event reporting capabilities, Bank Solutions have failed to develop and implement policies, guidelines and procedures that directly address security incident handling steps, including escalation points of contact and procedures for conserving the forensic qualities of logical evidence. This possess as a serious risk which would result in loss of critical data due to unavailability of proper capture of, conservation and retrievement of business process information. Eventually, the organization would have to incur revenues decline as a result of poor customer relations on the basis of compromised confidentiality.It is a great security measure enacted by Bank Solutions where event logging is performed after power users perform specific privileged activities on production servers and selected administrative back office systems. However, several of the same power users whose actions are recorded onto event logs also have write access to the logs themselves. This poses as an inevitable risk in a case where a user’s trustworthiness and credibility is in question. The users with the benefits and authorization of writing event logs would alter with the logs hence breach information for personal interests or undeliberately. This would interfere with accurate storage and transmission of item processing data in the organization. As a result, Bank Solutions would lose credibility as a result of differing entries in critical forms with those of customers, hence a decrease in the revenues.It was also found out that from time to time, at one item processing facility backup jobs have routinely failed due to unknown causes. The IT Manager on duty was not able to account for and explain this mishap. When the topic was discussed, he shrugged the failures off noting the core financial institution transaction data and images are transmitted to and archived at the Bank Solutions Data Center East on a daily basis. Consequentially, Bank Solutions may have to incur huge losses due to unreliable item processing facility due to lack of timely availability of the facility. Moreover, data security during backup to the Data Center is not guaranteed hence prone to alteration as a result of poor security control.At the item processing facilities, the management has been tasked with contracting the off-site storage of backup tapes. At one of the item processing facilities, management has contracted the bank across the street to store its backup tapes in a safety deposit box. At another item processing facility, the night Operations Manager stores the backup tapes in a safe at his home. At a third item processing center, tapes are stored in a shed at the back of the building. The backup tapes stored in the Operation Manager’s safe at his home are subject to destruction or theft, worse for the tapes stored in a shed at the back of a building. In these practices, integrity and professionalism have been highly compromised with lack of implementation of industry standard security framework. This would arise in cases of data loss, hence negatively affect consumer confidentiality in Bank Solutions. As a result of poor consumer relations, Bank Solutions would have to face high revenue reduction.Security strategy to mitigate the issues and challenges identified.The current Data Center DRBC Plan which was written in the year 2007 is supposed to be updated with the latest information pertaining the various elements, some of them which are latest software in the marketplace, efficient hardware, consumer contracts, contacts and critical forms. Moreover, a process for routinely updating the DRBS Plan ought to be enacted to ensure it is always up to date hence availability and readiness for implementation during a disaster. The Plan is also to be tested and vulnerability assessment carried out regularly for efficiency and accuracy during implementation at the face of a disaster. This is to ensure promptness and availability.Bank Solutions need to develop a training program where plan participants are enlightened on how to effectively leverage on the DRBC Plan. The participants ought to be well conversant with the elements of the emergency and crisis response procedure, business recovery procedure and “return to normal” procedures. This will facilitate for timely response to disasters at their occurrence as well as accurately implement the plan for the welfare of the organization.In order to curb hitches about development and implementation of policies, guidelines and procedures that directly address security incident handling steps, including escalation points of contact and procedures for conserving the forensic qualities of logical evidence, Bank Solutions should implement metrics specifications that will enhance maintenance, monitoring and analysis of logs. Data protection and recovery controls should also be leveraged. Bank Solutions also need to adopt better security controls replacing them with the older ones that will monitor escalation points of contact and be able to conserve forensic qualities of logical evidences.Due to the presence of power users whose actions are recorded onto event logs and also have write access to the logs themselves, Bank Solutions need to enact controlled use of administrative privileges as account monitoring and control of these users. Moreover, the organization needs to leverage on the latest state-of-the-art security controls that would deny access for change of event logs of a user by the same user. This would facilitate security of logs hence correct entry and backup of event logs.For the failure of the one item processing facility, Bank Solutions should use the other item processing facilities as a backup, as they check for secure configurations for network devices enabling malware and boundary defenses to deal with the chances of a cyber-attack and unauthorized application software.Bank Solutions ought to deploy cloud data storage enhanced with wireless access control, data protection, limitation and control of protocols and services as well as network ports. This is majorly to curb the storage of backup tapes is bank safes, house safes and sheds as currently being done by the organization, posing a great threat to backup tapes disfunctionalities due to damage, the tapes being tampered with by the users with administrative privileges to handle them, or even loss.ReferencesMark Egan. April 2005. Identify security gaps Retrieved from http://www.computerweekly.com/opinion/Identify-sec…Kondakci, S. (2008, September). A composite network security assessment. In Information Assurance and Security, 2008. ISIAS’08. Fourth International Conference on (pp. 249-254). IEEE.Chris Sell. January 2015. How To Conduct An Information Security Gap Analysis Retrieved from http://www.cio.com/article/2876708/security0/how-t…Susan Moore. August 2016. 5 Steps to Closing SaaS Security Gaps Retrieved from http://www.gartner.com/smarterwithgartner/five-ste…Bernard, R. (2007). Information Lifecycle Security Risk Assessment: A tool for closing security gaps. Computers & Security, 26(1), 26-30.