Introduction
There has been a great change going on in the world technologically. Technology has helped people find easier ways to perform different tasks and duties. It has reduced the time people take to perform the different tasks and duties. Technology has been embraced and applied in different areas. An example is in the production and manufacturing industries, where there are better machines that help reduce overall production cost, time, and manpower. The paper, however, focuses on information technology. Sending and receiving information has become a lot easier and faster.
Some challenges come up from the technology. When it comes to information, some information is so sensitive and need high-level protection. When information lands in the wrong hands, it would be used for wrong purposes. An example is a communication between different military leaders. If terrorists got such information, it would probably lead to a breach of information security. There is a great need to protect information (Cappelli et al., 2012). Different methods can be used to protect data while sending it over a network. Data can be encrypted while sending and the receiver can then decrypt the information. Another method is the use of firewalls among others (Cappelli et al., 2012). The paper discusses authorization as a way of protecting data. It involves giving rights to people to access certain data and denying access to those who don't need it (Ahmad et al., 2014).
Where the countermeasure would be applied
The information a customer can access is their account details. For example, their account balance, make deposits and withdrawals, check their loan limits, apply and take loans and also repay the loans. They should also be in a position to view their bank statements and even download the same. All this is their personal information. It should not be accessed by other parties.
There are also other customers who have joint accounts. These accounts have different access modes as compared to individual accounts. An individual may make a deposit by themselves. However, depending on the type of agreement the members have, one of the users may withdraw money from the account. In other situations, it requires that no withdraws can be made unless there are at least three signatories. In such a situation, therefore, a single person can't make the withdrawals. All the conditions have to be met.
The tellers can have access to different type of information. They can access the personal information of their clients. The information includes their names, age, identification number or passport number, addresses, signatures and nationality among others. The information helps to verify if the clients are genuine while accessing services at the bank.
Managers, on the other hand, have access to a different form of information. For example the number of customers the bank has the types of accounts they have, the total amount of money the clients have at the bank, the total amount of money that has been loaned and the total amount of defaulted loans. The information helps managers make different decisions for the bank. Decisions such as increasing or decreasing the interest on loans, as well as what to do to loan defaulters so as to help reduce the losses the bank could make. It also helps them ensure that the bank doesn't run short of money.
Vulnerability it would mitigate
There are several vulnerabilities it would mitigate. Customers would have their information maintained privately. It is hard for other people accessing their account information, thus lowering the chances of losing their money. When money is lost, it is probably to a person working at the bank. It is easy for the bank to trace the culprit and they can deal with the culprit.
The method also helps loss of money for the bank. For example, when the tellers verify the identity of their customers, it reduces the chances of individuals withdrawing money that doesn't belong to them. Having the customers' information also helps the bank make contact with people who may default to pay their loans or fail to pay their loans on time. Another thing is that with the system, managers can evaluate the bank's situation and make necessary changes or take certain steps to ensure the bank's continuity and also avoid making losses.
Limitations of the authorization strategy
The method also has certain limitations. The users need passwords to access information and manipulate/ edit information on the system. One of the limitations comes from the password because when an individual learns another's password, they can use it to access the information they aren't meant to (Ahmad et al., 2014). The problem, however, can be solved by encouraging the users to change their passwords from time to time. The users can also use the system generated passwords. The system should generate passwords and send the new password to the user's email from time to time. It prevents a third party from learning the password due to the constant change. Another limitation is that the users always need to use passwords to access the system, rather than just logging in and proceeding with what they wanted to do (Ahmad et al., 2014).
References
Ahmad, A., Hassan, M. M., & Aziz, A. (2014, April). A multi-token authorization strategy for secure mobile cloud computing. In Mobile Cloud Computing, Services, and Engineering (MobileCloud), 2014 2nd IEEE International Conference on (pp. 136-141). IEEE.
Cappelli, D. M., Moore, A. P., & Trzeciak, R. F. (2012). The CERT guide to insider threats: how to prevent, detect, and respond to information technology crimes (Theft, Sabotage, Fraud). Addison-Wesley.
