The First Bank of Paradise (FBP) operates primarily within the state of Hawaii, although it has one branch office on Da Kine Island in the South Pacific. FBP has 27 branch offices around the state. See the attached document for the bank's wide area network. (The diagram in the attachment does not exactly match the descriptive text in the problem specification. This is a notional diagram. Put more importance on the descriptive text and use the diagram "as is".)
The attached document shows that FBP has three major facilities, all located on
the island of Oahu.
? Headquarters is a downtown office building that houses the administrative staff.
? Operations is a building in an industrial area that houses the bank's mainframe operations and other back-office technical functions. It also has most of the bank's IT staff, including its networking staff.
? Second is a back-up facility. If Operations fails, Second can take over within minutes. Second is located in an otherwise agricultural area.
Although branches are small buildings, they are complex technologically, primarily because the devices there use diverse network protocols. The automated teller machine at a branch uses SNA protocols to talk with the mainframe computer at Operations. The teller terminals use different SNA protocols to talk to the Operations mainframe. File servers require IPX/SPX communication, and branch offices that need Internet access require TCP/IP.
At each branch, there is a Cisco 2600 router to connect the branch to Operations. This is a multiprotocol router capable of handling the many protocols used at the internet and transport layers in branch office communication.
First Bank of Paradise has to deal with several organizations outside the company. The attachment shows only one of these-a connection to a credit card processing center. In fact, the Bank deals with over a dozen outside support vendors, each in a different way. Fortunately, the credit card authorization firm uses TCP/IP, which simplifies matters.
The FBP Wide Area Network (WAN):
The attached document shows the complex group of WANs that the bank uses to hold together this geographically dispersed and technologically diverse collection of sites.
A mesh of T3 lines connects major facilities, as the attached document shows. T1 leased lines operate at 44.7 kbps, providing "fat pipes" between these facilities.
Branches are connected to the major facilities in two ways. Most of the time, they communicate via a Frame Relay network. For each branch, there are two 56 kbps PVCs. One leads to Operations, the other to Backup. They also have ISDN, as do the major facilities buildings.
Da Kine Island Branch:
For the Da Kine Island branch, the firm has a 128 kbps fractional T1 digital leased line.
Credit Card Service:
FBP connects to the credit card processing using a company 56 kbps Frame Relay network. This gives adequate speed.
Branch offices require complex internal networking because of their use of multiple protocols. Until recently, all networking in branch offices used 802.5 Token-Ring Networks, except for a few "rogue" devices, including automated teller machines, which required different connections. The bank is replacing its branch Token-Ring Networks with Ethernet networks on a staged basis over three years.
For Internet access, FBP uses two separate ISPs, connecting to each via a T1 leased line. By limiting access to the Internet to two points, FBP enhances its security.
- List all examples of redundancy in the FBP network.
- What is the goal of redundancy?
- Why are there only two access points to the Internet?
- Why do you think two access points were created instead of one?
- Do you think the bank uses the same Frame Relay network to connect its branches as it uses to connect to its credit card processing center?
- Why do you think the bank uses a fractional T1 line to its Da Kine Island branch
instead of a full T1 line? Instead of a Frame Relay connection?
- Why do you think the bank uses T3 lines to link its major facilities instead of using
Evaluation of computer system security: business v. vendor
Auditors test the computer controls for effectiveness through inquiry and observation. Auditors also review the computer security programs, risk policies, procedures, and standards on all major systems and facilities. They further check on who is responsible for monitoring, backups, log-ins, passwords, and vulnerabilities. In addition, auditors should check for the risk of errors, risk of fraud, effectiveness of application controls, risk of financial statement misstatements regarding security of data and assets, and relevant components of internal control.
In 1998 and 1999, Y2K was a term that was used to describe an anticipated computer problem that would occur in the year 2000. When reading the year, computers were originally designed to read two numbers instead of four numbers. Many people thought items that were run by computers would be unable to read the year 2000 and would revert back to the year 1900, potentially causing systems to fail. Many industries had to implement disaster recovery or contingency plans in preparation for this failure. As a result, auditors had to be prepared to review those plans.
Auditors must be prepared to test the effectiveness of controls and be able to evaluate a disaster recovery or contingency plan. Read the information provided in the Week 7 Application Form (linked below) about Anthony's Orchard's information system.
Week 7 Application Form
Evaluate the organizational structure and access to system program controls for Anthony's Orchard. Write a 2- to 3-page paper discussing the MDAC system and controls. Consider the following:
How would you delegate duties differently?
Did the organization use enough methods of asset protection and control provided by those methods?
What are the risks associated with the system?
What would you have done differently with system program control to improve asset protection?
Overall, does Anthony's Orchard have an effective disaster recovery/contingency plan? Your 2- to 3-page paper should reflect the application of the resources presented this week, as well as knowledge gained from previous weeks' required or optional readings.View Full Posting Details