Adapting network infrastructure
Adapting the network infrastructure after an audit
Abstract
In its final report, the supervisory authority criticized inadequate network security at a cooperative bank and demanded measures to be implemented within 18 months.
Initial situation and problem definition
ECB audit: Need for adaptation of the network infrastructure of a German cooperative bank
Audit report contains concrete measures and other less clearly defined proposals for improvement
The audit report requires improved network security
Timetable requires ECB approval
Objectives, project scope and benefits
Closure of the security gaps criticized in report
Definition of further measures for network security
Adaptation of operating processes to new network infrastructure measures
Transfer of operations successfully completed
SLAs adapted between customer and service provider
Procedure
Clarification of the assignment and agreement on responsibilities
Definition of work packages, individual activities and schedule
Development of solution scenarios and implementation concepts to improve network security
Support and execution of the operational implementation
Regular activity reporting to the customer
Preparation of final reports
Results achieved and outlook
ECB report on the implementation of defined measures
The following concepts prepared and measures implemented:
- Data encryption within Campus
- Port security management
- LAN and WLAN authentication
- Dual vendor strategy for partner firewall
- Demand- and risk-oriented zoning concept