VL Bank Case Study
You are the chief information security officer (CISO) for the VL Bank based in Atlanta,
Georgia. Recently, a highly sophisticated and cleverly orchestrated crime was brought to
your attention by the information security analysts in your department and by a growing
number of business customers.
Your companys commercial customers utilize a digital certificate multifactor authentication
process to access wire transfers, cash management, deposit operations, and account
management applications common to all business customers. The problem is that several
customers have reported that new user accounts have been set up under their names
without their authorization and these accounts are initiating several fund transfers for
$10,000. The wire transfers are being sent to various other bank accounts across the United
States. As of today, the amount of fraudulent transfers has been over $290,000.
The banks affected customers are calling to get answers and reclaim lost funds. Your
supervisor is demanding answers from you as well. The banks general counsel is preparing
for litigation threats from the affected customers. This could be a business nightmare,
especially if you fail to resolve the situation quickly.
After further analysis, you learn some additional information about the case:
1. The $10,000 individual transfers are going to several U.S. bank accounts of
individuals before being automatically transferred to several international bank
accounts located in Romania, Thailand, Moldavia, and China.
2. The banks affected customers all used computers infected with a keystroke logger
virus that collected usernames, passwords, account numbers, personal identification
numbers, URL addresses, and digital certificates. These computers did not have antivirus
or security software installed.
3. The banks customers are frequently experiencing what is known as spear phishing
attacks against them, which are fake e-mails that resemble normal business e-mail
messages to customers, but contain the keystroke logging virus.
4. The banks systems have not been breached and no customer data has been stolen
except for the few business customers whose personal business computers were
compromised.
5. The U.S. banks that received fraudulent funds transfers are located in four other U.S.
states in addition to VL Bank in Georgia. They are Bank A in California, Bank B in
New York, Bank C in Texas, and Bank D in Florida.
6. VL Banks account manager responsible for these affected customers has access to
copies of the digital certificates used by the customers as well as account access.Above is the case study you go by-
Develop a report (suggested length of 35 pages) for VL Bank senior management regarding the cybercrime from the attached “VL Bank Case Study” in which you do the following:
Discuss how two laws or regulations apply to the case study.
Discuss legal considerations for preparing the digital evidence VL Bank will need to provide law enforcement and attorneys.
Explain what coordination should take place between the CISO and VL Bank’s lawyer.
Discuss how this cybercrime could affect VL Bank’s enterprise continuity.
Explain how VL Bank could use technology to prevent the cybercrime in the case scenario.
Discuss information security and assurance controls that could mitigate future attacks of this kind at VL Bank.
Explain how these controls align to regulatory requirements and standards.
Use the order calculator below and get started! Contact our live support team for any assistance or inquiry.
[order_calculator]