Grand Bank Corporation (GBC)—Case A Grand Bank Corporation (GBC) operates a communications network that supports data processing for its subsidiary banks and their branches. The corporate database is centralized at the GBC Network Communication Command Center (NCCC). About 300,000 transactions are processed against the database each day. GBC’s NCCC consists of two coupled mainframe processors, 32 disk arrays, and other equipment. The communication network uses dedicated lines leased from a PBX (private branch exchange). The system supports processing for demand deposit (checking), savings, commercial and personal loans, and general ledger.
Control procedures exist to prevent unauthorized access to the communication network and unauthorized use of files. Trans-actions are entered by tellers using intelligent data terminals. In the case of communication interruptions, the terminals can do limited off- line processing. At the end of each day, the terminals print transaction totals for balancing the cash drawer. A log of all transactions received during the day is reprocessed off- line that evening and reconciled to the day’s online processing. These totals along with an updated general ledger are transmitted to the network members each morning. Each terminal’s identification code is hardwired. Each transaction is identified by the terminal identification code, along with the employee identification code and time of day. The central computers recognize only authorized terminal identifications and requests to use the system. Software controls are used to ensure that users access only their own data files and the application programs authorized for them. All files and programs are protected by frequently changed codes and passwords.
All visitors sign in and out in a log indicating the time of day, whom they represent, and whom they are visiting. Visitors are issued badges and are required to wear them in plain view while on the premises. Access to the data processing area is restricted to authorized management and operating personnel. Access is con-trolled by doors activated with magnetic card readers attached online to a separate computer security system. Codes in the magnetic cards issued to each authorized employee designate which doors are available for access. A log is maintained of the card number and all access attempts. Access to the data center is restricted to the operations staff and equipment vendors only. A building security guard is on duty at all times.
An electronic heat, fire, and smoke detection alarm system has been installed at NCCC. A halon gas fire extinguishing system is incorporated into the system to put out any fire in the computer area. The fire alarm system is connected to an automatic power- off trip switch and to the building’s manned engineer console. Portable carbon dioxide fire extinguishers are readily accessible in and around the computer facility. These are periodically weighed and kept charged, and IT support personnel are trained to use them. All electrical equipment is approved by Underwriters’ Laboratories (UL). Flammable material in or around the data processing center is removed daily to avoid potential fire hazards. Waste containers are designed to retain and smother fires. Paper and other combustible supplies are not stored in the data center. The data center’s physical room construction material is noncombustible. Exterior walls have a 2- hour fire rating. A no- smoking rule is strictly enforced. There are several independently controlled air-conditioning modules distributed between two independently fused power panels. The failure of any module can be compensated for by the other modules. All air- conditioning modules are inspected monthly when filters are changed. There is a backup system for pumping water to the air- conditioning system. If one motor fails, that motor will be bypassed and pumping capacity maintained by a second motor and pump. The water softening system utilizes a dual filter to prevent clogging of water intake systems. A separate electrical power supply for the air- conditioning systems is maintained.
Proper maintenance procedures concerning hardware help NCCC prevent failures. The maintenance technicians perform preventative maintenance on the equipment daily, and on every Sunday, they thoroughly check the mainframe processors. The operations manager, in order to locate problems, reviews the engineer’s weekly report of preventative and remedial maintenance. The operations manager also closely supervises the work being done to ensure a prompt and proper solution.
The library of data files is physically controlled by a librarian who maintains the file usage records for removable media. Periodically, file media are checked and their operating condition certified. The librarian is the only person authorized to erase file media. The librarian controls all files in the library and in the off- site storage location. Each removable media container has retention instructions printed on it. All file media that are necessary for recovery and restart are stored in a heat-resistant, fireproof, locked vault. The locked computer center vault holds the first generation backup files, which can be used for immediate backup. The files in the vault include program object files, transaction backup files, and account master files. Operating system backup is ensured by periodically copying the object code and related data files from the system residence device directly to optical disk. A copy of the source code for each application is also kept on optical disk. Each day, two copies of the daily transactions are pre-pared and put on optical disk. One disk is placed in the data center vault and the other one is sent to an off- site storage location. Online and off- line month- end master files, month-to- date history, and object and source programs are sent to off- site storage twice a week and after each end- of- month processing.
Either of the two coupled processors can be used individually for running all online and off- line processing. If hard-ware problems should develop in one machine, the other is available for backup. All peripheral equipment, which includes disk drives, solid state storage devices, printers, and communication equipment, can be switched to either computer. Backup telephone lines connect the telephone center to the data center. If a restart is needed, the online system files from the beginning of the day can be processed against the network transactions entered during the day.
Recovery and Restart
Procedures that are necessary for computer operators to restart and recover from a business interruption are fully documented. The run manual documents all necessary recovery and restart procedures for the network communications system together with their priorities. The data library retains all necessary system files and transaction files so that the network communications processing for any of the last 30 days can be recreated. In the event of the destruction of files at NCCC, the present system provides the capability to be operational with up- to- date files in 24 hours. To achieve this type of recovery, files would be removed from off- site storage and the most recent master files would be processed off- line with the 1– 3 days of daily transactions required to recreate current master files. There is a 20- page set of detailed procedures and guide-lines to be followed in the case of a disaster. These procedures indicate who is to be notified, what tasks they are to perform, and in what order. NCCC has letters of support from suppliers of the center’s equipment and related elements that indicate that in case of a disaster, support will be offered on a timely basis. These letters are from the suppliers of business forms, the air- conditioning company, the computer manufacturer, the suppliers of the peripheral equipment, and the PBX Company.
a. Identify major areas that should be considered in a security review to determine the potential for loss of data or the ability to process it. Identify some controls in each of these areas.
b. Evaluate the general security and recovery procedures as described at NCCC. What other areas might warrant consideration in a review of security and recovery procedures?