McLeod Microfinance: Security Strategy

The Business Environment, Identification of Risks and Reasoning Behind Their Classification as Risks

Microfinance institutions deal with physical cash, records of monetary valuation and records of insurance policies. These are high-risk activities that require the highest degrees of information technology security measures. McLeod Microfinance has procured the services of a proprietary financial management system which creates accounts, creates and manages customer transaction details and holds insurance policy information. The main risk facing the system is unauthorized access through staff passwords that can lead to the alteration or unlawful dissemination of critical data contained in the system. Effective security policies in the management of system access passwords will ensure risk mitigation under accepted industrial standards.

Security Policy

Access to the financial management system is crucial to the effective management and operation of the system and, therefore, the company. The installation of the financial management system will only be on company servers, and its access will only be through the company’s secure intranet on company-issued desktop computers limited to the business premises. These computers will be required to have the latest version of a pre-selected antimalware and antivirus software that will limit the range of URLs that can be run on the company intranet.

All the staff that will require to operate using the financial management system in carrying out their responsibilities in the organization must obtain their passwords in liaison with the IT department. This will be through appropriately completed ‘user creation’ requests that must be approved by section heads and the manager before being presented to the IT department. This procedure will ensure that all attempts at user creation into the system will be justified in accordance with the needs of the business and, therefore, legitimate, hence, preserving the integrity of the financial management system. Sharing of passwords by more than one user is strictly prohibited, and the owner of the password will be responsible for activities carried out using their passwords.

Passwords created to grant users access to the financial management system will have a validity period of two weeks after which they will expire, prompting users to create new passwords that are different from previous passwords. In the case of forgotten passwords, users will be required to raise requests to the IT department for password resetting with documented explanations supporting the requests.

How the Security Policies Will Support the Goals of the Business

These security policies will support the goals of the business by ensuring that all users have protected access to the system. They will enable the logging of user activities within the system and promote accountability in the handling of confidential and critical customer information. They will also ensure that the company adheres to the highest standards of data security, therefore, protecting the company from unnecessary financial and reputational costs while increasing customer confidence in the operations of the company.

Standards

Password Creation and Length

Passwords created by users in the system must be strong enough to ensure that they are not predictable and thus prone to compromise. User passwords must be at least eight characters long and will have a maximum length of sixteen characters. This is because appropriate password length is a crucial component of password strength (Shay, 1, p. 2). Users will be required to ensure the satisfaction of the following requirements when creating passwords:

  1. Users must use a mixture of lower-case and upper-case letters.
  2. Users must include a minimum of one numerical digit in the password.
  3. Users must include a minimum of one unique character.

These considerations and standards will ensure that users of the financial management system create quality passwords that are complex enough to deter unlawful access to the system. Such passwords will be less predictable and, therefore, less vulnerable to being cracked. Additionally, when creating passwords, users will be expected to avoid words included in the password blacklist and words present in their details.

Password Duration

The passwords created by users for use in accessing the financial management system will expire after every two weeks from the date of creation. Users will receive prompts of the impending password expiry two days to the expiry of their passwords, and once the passwords expire, users will get redirections to the ‘change password’ dialogue upon logging into the system. In addition, the system will automatically deny users with expired passwords access to its core features until the passwords are changed. This will ensure total compliance with the password security policy and remove loopholes.

Practices

Password Creation

Users intending to gain access will first be required to have their user identification created by the human resources department. The user ID will be composed of the first letters of the staff members’ first name and surname followed by their staff file number, for example, BG13699. Users will then fill in a ‘user access’ request form that will be approved by the departmental heads and eventually the manager. The completed form will then be scanned and sent to IT for processing while ensuring appropriate filing of the original. On the addition of a new user in the system, a temporary, one-time-password will be generated by the system and sent to their official work email.

The user will then use this password to log into the system upon which they will be required to change the password to a stronger one that meets the minimum standards. Once successful, the user will be logged out of the system and allowed to log in using the new credentials. Once users update their passwords after creation into the system, it is their responsibility to ensure that they keep the passwords secret. Sharing of passwords with other members of staff is strictly prohibited. Additionally, each user’s activities in the system will be logged using their unique user ID’s.

Password Expiry

User passwords will expire after every two weeks from the date of creation. Users will receive prompts of impending password expiry two days to the time of expiry. They will have the option of changing the passwords immediately or after expiry. Upon password expiry, the user will be redirected to the ‘change password’ dialog box when they log into the system. They will then be required to enter the old password and also a double confirmatory entry of the new password. Once the password meets the minimum criteria, the user will be logged out of the system and allowed to log in using the new credentials.

Sources

Richard Shay. 2016. Designing Password Policies for Strength and Usability. p.1-34. Web.

Cite this paper

Select style

Reference

StudyCorgi. (2022, August 26). McLeod Microfinance: Security Strategy. https://studycorgi.com/mcleod-microfinance-security-strategy/

Work Cited

"McLeod Microfinance: Security Strategy." StudyCorgi, 26 Aug. 2022, studycorgi.com/mcleod-microfinance-security-strategy/.

* Hyperlink the URL after pasting it to your document

References

StudyCorgi. (2022) 'McLeod Microfinance: Security Strategy'. 26 August.

1. StudyCorgi. "McLeod Microfinance: Security Strategy." August 26, 2022. https://studycorgi.com/mcleod-microfinance-security-strategy/.


Bibliography


StudyCorgi. "McLeod Microfinance: Security Strategy." August 26, 2022. https://studycorgi.com/mcleod-microfinance-security-strategy/.

References

StudyCorgi. 2022. "McLeod Microfinance: Security Strategy." August 26, 2022. https://studycorgi.com/mcleod-microfinance-security-strategy/.

This paper, “McLeod Microfinance: Security Strategy”, was written and voluntary submitted to our free essay database by a straight-A student. Please ensure you properly reference the paper if you're using it to write your assignment.

Before publication, the StudyCorgi editorial team proofread and checked the paper to make sure it meets the highest standards in terms of grammar, punctuation, style, fact accuracy, copyright issues, and inclusive language. Last updated: .

If you are the author of this paper and no longer wish to have it published on StudyCorgi, request the removal. Please use the “Donate your paper” form to submit an essay.