VL Bank Case Study
You are the chief information security officer (CISO) for the VL Bank based in Atlanta,
Georgia. Recently, a highly sophisticated and cleverly orchestrated crime was brought to
your attention by the information security analysts in your department and by a growing
number of business customers.
Your company’s commercial customers utilize a digital certificate multifactor authentication
process to access wire transfers, cash management, deposit operations, and account
management applications common to all business customers. The problem is that several
customers have reported that new user accounts have been set up under their names
without their authorization and these accounts are initiating several fund transfers for
$10,000. The wire transfers are being sent to various other bank accounts across the United
States. As of today, the amount of fraudulent transfers has been over $290,000.
The bank’s affected customers are calling to get answers and reclaim lost funds. Your
supervisor is demanding answers from you as well. The bank’s general counsel is preparing
for litigation threats from the affected customers. This could be a business nightmare,
especially if you fail to resolve the situation quickly.
After further analysis, you learn some additional information about the case:
1. The $10,000 individual transfers are going to several U.S. bank accounts of
individuals before being automatically transferred to several international bank
accounts located in Romania, Thailand, Moldavia, and China.
2. The bank’s affected customers all used computers infected with a keystroke logger
virus that collected usernames, passwords, account numbers, personal identification
numbers, URL addresses, and digital certificates. These computers did not have antivirus
or security software installed.
3. The bank’s customers are frequently experiencing what is known as spear phishing
attacks against them, which are fake e-mails that resemble normal business e-mail
messages to customers, but contain the keystroke logging virus.
4. The bank’s systems have not been breached and no customer data has been stolen
except for the few business customers whose personal business computers were
5. The U.S. banks that received fraudulent funds transfers are located in four other U.S.
states in addition to VL Bank in Georgia. They are Bank A in California, Bank B in
New York, Bank C in Texas, and Bank D in Florida.
6. VL Bank’s account manager responsible for these affected customers has access to
copies of the digital certificates used by the customers as well as account access.
Above is the case study you go by
Develop a report (suggested length of 3–5 pages) for VL Bank senior management regarding the cybercrime from the attached “VL Bank Case Study” in which you do the following:
Discuss how two laws or regulations apply to the case study.
Discuss how VL Bank will work within the parameters of appropriate legal jurisdiction with specific bodies of law enforcement to resolve the situation.
Discuss legal considerations for preparing the digital evidence VL Bank will need to provide law enforcement and attorneys.
Explain what coordination should take place between the CISO and VL Bank’s lawyer.
Discuss how this cybercrime could affect VL Bank’s enterprise continuity.
Explain how VL Bank could use technology to prevent the cybercrime in the case scenario.
Discuss information security and assurance controls that could mitigate future attacks of this kind at VL Bank.
Explain how these controls align to regulatory requirements and standards.
When you use sources, include all in-text citations and references in APA format.