Custom Security Plan for Citigroup Bank


The Organization under study is Citigroup. The Mission of Citi is to provide innovative and cost-effective solutions that enable clients to succeed in their missions, while their vision is to be “a preferred Information Technology solution provider while promoting and maintaining the most qualified and diverse professional staff available in the industry (Citi, 2018). Therefore, the Security plan proposed will be aligned to these two critical facets of Citigroup Bank. 

Security Plan

This security plan is derived from the organization’s security policy, which is a principle that guides and defines the organization’s requirements towards achieving an appropriate computer and network usage and involves procedures for detecting, preventing, and responding to all types of security incidents (Craig, 2016). Therefore, this Security Plan constitutes the “Standard Operating Procedures” relating to physical, cyber, and procedural security for all the systems of the organization. A Bank, in this case, Citigroup Bank is a commercial entity, therefore, the two security models Biba’s Strict Integrity Policy and Clark-Wilson Security Models are more practical and more applicable for installation of enterprise security, because most of the applications hold commercial data. The Security Plan will revolve around (but not limited to) these areas: local network, remote network, public network, and partner access.

Don't use plagiarized sources. Get Your Custom Essay on
Custom Security Plan for Citigroup Bank
Just from $13/Page
Order Essay

Data Security Accountability

The Security Plan has a framework that ensures that all the IT staff, other staff, and management know their responsibilities, whereby each one knows, which data is classified to what categories and who has access to what type of data. These categorizations include internal data, general data, confidential data, and data that should be sent outside the organization. 

The bank holds lots of valuable and sensitive data including account records for customers, bank statements, transaction accountability, contact information, purchasing history, social security numbers, phone numbers, addresses, and email addresses. All these will be secured through the allocation of privileges and the right to access and modify (Federal Communications Commission, 2016).  

Security and Network Policies

Since the bank handles multiple data across different spheres across the network of the bank, data security policies regarding remote access of data and configuration of IP addresses will be considered. This is critical because data handled should be traceable through network components like switches and routers. This level also houses policies that define detection of any kind of intrusion of the network. Furthermore, it is critical to cover all bases to include wired and wireless technologies, authorizations for applications (databases), or information (customer information) access. Categorize assets that need protection and segregate information by employee roles

Scanning for Vulnerabilities and Risk Assessment

No network is 100% resistant to vulnerabilities. Therefore, the IT infrastructures should have the capacity to scan for any form of vulnerabilities, prior to hackers exploit, in case they exist and expose the bank to risk. A daily routine application will be installed to check the bank’s network at scheduled intervals to detect any vulnerabilities. 

The Process of Patches Management

System threats have been so frequent, therefore, regular implementation of codes will be done to eliminate any risks, vulnerabilities, or threats to the system.

System Data Security Policies

As a global banking institution, servers and operating systems are the frameworks onto which all data is stored or moves around. Involves categorizing data in regards to what is public, private, and who has access to what data. At the same time, it comprises methods of data storage and backup. This system data is very critical to data security. All servers running on the bank’s network must have rules related to management of access accounts, passwords, database access, firewalls, and antivirus must have a guiding policy (Basani, 2016). 

Staff Sense of Responsibility

While there will be sufficient safeguard of all systems in terms of security, there is no doubt that breaches are likely to occur. In the event that they occur, there should be a policy that defines how it should be handled in terms of reporting and resolving the breach and prevention from a reoccurrence. Therefore, the staff should be ready and willing to volunteer information in the event of a breach and provide their participation in an attempt to resolve the problems associated with the breach. 

Security Policy Leader

For proper policy implementation, the bank will prescribe a specific IT employee or business manager to be in charge of complete and total implementation of the security policy. This helps to create a sense of accountability, whereby the policy leader is charged with updating the policy regularly and make desired security changes. Even when new applications are added onto the online systems, he/she will be responsible for ensuring compliance.

Data Encryption

The policy will indicate what data will be encrypted and using what methods, as well as, who has access rights to the encryption keys. Furthermore, the plan will show password guidelines, how often they should be changed, and how to secure passwords. Encryption ensures Citi Bank’s sensitive information is not lost even when devices like laptops are stolen or misplaced, and helps to protect information on movable media, as well as, data in systems like servers. 

Terms of Use for Staff

At the point of employment or entry into the organization, staff ought to be sufficiently trained on terms of use of data and systems within the bank and make clear definitions on what constitutes acceptable use. Furthermore, it is critical that they are subjected to signing a policy document to be used for disciplinary measures should they deviate from what is stipulated in the policy (Federal Trade Commission, 2015). This means that the staff should know their responsibilities, roles, and what the organization expects of them. Communication to employees in writing should include what is acceptable and what is not regarding the use of company equipment and network resources, the penalties for violation, that their performance reviews will include the security aspect, and that all their activities are being monitored. 

Compliance Monitoring

Central to succeeding in evaluating compliance with the security policy, the best method is to perform regular audits on all transactions performed by the staff and management. Trails will indicate whether there were attempts by users to access prohibited levels or illegal transactions were done that compromise data security. The more frequent the audits, the lesser the risks. For this Security Plan, an application that is capable of automation of audit and compliance workflow will be installed to help in keeping logs of audit trail and generating scheduled reports. Monitoring is not surveillance per se, but it is about detecting whether compliance is being met or violated (Ferry, 2015). 

Account Monitoring and Control

It is not a coincidence that some or most of the security compromises constitute legitimate or inactive users within the systems. This occurs when for example some staff members are no longer working with the bank, but their accounts still exist and their might still have valid access to the same systems either remotely or via online platforms. The same people can exploit this loophole and continue to access the company’s systems and compromise the system. Therefore, there should be specific personnel within the IT department to monitor and control user accounts diligently, hence preventing illegal activity.


Security policies have capacities to include a variety of features and issues, like how the interrelated networks can be segments to hold different types of data, like in the case of the bank: ATM servers, versus other transactions’ server. However, the most critical aspect of a security plan is that it has to clearly stipulate how the entire security of the organization, including monitoring all activities across the information technology infrastructure, with the capability to detect any strange or suspicious activities. Secondly, this security plan will continue to be reviewed after every six (6) months, and it will undergo appropriate upgrades as soon as it is required by the changing organization’s software and infrastructure. In sum, preventing cyber-attacks can be achieved through the creation of a custom policy that links data security and data privacy.


Basani, V. (2016). Elements to Corporate Data Security Policies that Protect Data Privacy. Security Magazine. Available at

Citi (2018). About Citi: Mission and Vision. Retrieved from

Craig, A. (2016). Developing a Security Plan. Retrieved from

Federal Communications Commission (n.d.). Cyber Security and Planning Guide. Available at:

Federal Trade Commission (2015). Careful Connections: Building Security in the Internet of Things. Retrieved from

Ferry, P. (2015). Essential Elements of Continuous Monitoring (and why it matters). Available at

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
The price is based on these factors:
Academic level
Number of pages
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Confidentiality Guarantee

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

24/7 Support

Our specialists are always online to help you! We are available 24/7 via live chat, WhatsApp, and phone to answer questions, correct mistakes, or just address your academic fears.

See our T&Cs
Live Chat+1(978) 822-0999EmailWhatsApp

Order your essay today and save 30% with the discount code ESSAYHELP