Case Study: Security Bank of Kansas City

Security Bank of Kansas City Data Center, serving the member banks of Valley View Bancshares Inc., a growing Midwest regional bank holding company with multi-billion dollar asset base and nearly one hundred thousand customers, needed to better handle GLBA compliance regulations and the new IT security examinations required by the US federal banking examiners. The bank had several diverse banking units, and as a result was being treated more like a banking holding company than a single bank. The bank's new Information Technology Security Officer, James McKenney, built on his past experience and familiarity with NSA guidelines and industry standards such as ISO 17799 to set up internal best practices for security monitoring, management and compliance. In particular, the solution selected would need to support future expansion, the bank's strategic plans and other new business opportunities. Yet the bank did not have the resources to expand their IT systems security staff, and so needed a solution that would also enable them to make the most of their existing employee expertise. The problem was that monitoring firewall, intrusion detection systems, user and host activity was taking too long, especially when added to the workload required for compliance audits. The security challenges were to step up audit, capacity, and monitoring activities; to be ready for the future for strategic initiatives, such as moving to images of checks, not physical copies; all while having to fit the deployed technology, disaster recovery, business continuity, and available resources, all of this in the lapse of 12 months maximum and with a maximum budget of $20,000. McKenney knew that the value of having a correlation system behind them to aggregate and correlate events would be very valuable in scaling his organization to fulfill these criteria. It became a classic make or buy decision to add their own intelligence to the current logging infrastructure, or acquire a third party solution in-house. After investigating for a while it became very clear for McKenney that, over the intended lifetime of the solution, an internal-made product would be the best fit. GROUP TASKS: 1.- Do some research over the Internet about commercial security correlation systems, costs, features and the integration with different brands of security equipment. 2.- Do you agree with McKenney about the decision of doing internal development? What approach would you have taken to solve the problem faced by the Security Bank of Kansas? 3.- If the Banks Manager gives you a budget of $35,000 to buy the security correlation system, which of the commercial solutions that you found in point 1 would you recommend? Justify your choice.