IT Security for Revuelto Financial Services | Security Presentation - Mohamed Riham .pptx

MohamedRiham4 7 views 21 slides Oct 30, 2025
Slide 1
Slide 1 of 21
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21

About This Presentation

The presentation addresses security concerns at Revuelto Financial Services, a financial institution that has suffered recent security breaches, resulting in reputational damage and a loss of client confidence due to data breaches and financial theft.

The document outlines:

Types of Security Risks...

Size: 141.12 KB
Language: en
Added: Oct 30, 2025
Slides: 21 pages

Slide Content

IT Security for Revuelto Financial Services Mohamed Ansar Mohamed Riham 1028401 Security

Introduction Revuelto Financial Services is a trusted financial institution handling sensitive client information. Unfortunately, recent security breaches have compromised this trust. Data breaches and financial theft have led to reputational damage and a loss of client confidence.

Types of Security risks Unauthorized Access Malware (Viruses, Ransomware) Phishing Attacks Denial of Service (DoS) Social Engineering Insider Threats

Assessment of rfs security procedures Lack of Network Monitoring Weak Password Policies Insufficient User Training Outdated Security Software Excessive User Privileges Physical Security Weaknesses

Benefits of network monitoring systems Improved threat detection. Real-time monitoring of network activity. Identification of suspicious traffic patterns. Ability to investigate anomalies and potential breaches.

Security impact of incorrect firewall policies Firewalls act as a barrier between trusted and untrusted networks Incorrect configuration can leave vulnerabilities Overly permissive rules allow unauthorized access Overly restrictive rules can disrupt legitimate traffic

Security impact of third-party vpn misconfiguration VPN’s (Virtual Private Network) create secure tunnels for remote access Misconfigured VPN clients/servers expose vulnerabilities Weak encryption can be cracked, allowing data interception Lack of authentication exposes the network to unauthorized access

Security benefits of a demilitarized zone (dmz) Isolates public-facing servers from internal network Improves security by facing an additional layer of protection Public servers can be compromised without compromising the internal network Reduces attacks surface for internal systems

Security benefits of static ip Static IPs are fixed, unlike dynamic IPs assigned by DHCP Easier to monitor and manage specific devices Facilitates implementing security rules for specific IP addresses Useful for remote access and server management

Security benefits of network address translation (nat) NAT translates private IP addresses to a public address Protection internal IP addresses from exposure on the internet Reduces the attack surface for internal devices Can be used for network overload protection

IT Security risk assessment methodology Identify IT assets and classify them based on criticality (data classification) Analyze threats and vulnerabilities associated with each asset Evaluate existing security controls and identify gaps

Risk treatment methods Classify: Classify the risk high priority to Low priority Avoid : Eliminate the risk by removing the vulnerable asset. Transfer: Transfer the risk to avoid third party (cyber insurance). Mitigate: Reduce the impact of the risk ( implementing security controls). Accept: Accept the residual risk if the cost of mitigation outweighs the potential impact.

Security countermeasures to ensure data security Data Encryption: Protect data at rest and in transit ( SSL / TLS ). Access Controls: Restrict access to data based on the principle of least privilege. Data Backups and Disaster Recovery: Ensure data can be recovered in case of incidents. Regular Security Audits and Penetration Testing: identify and address vulnerabilities.

Security countermeasures to ensure Operational Continuity Network Security: Firewalls, intrusion detection / prevention systems ( IDS / IPS ). System Hardening: Security operation systems and applications with updates and patches. User Education and Awareness Training: Empower users to identify and avoid security threats. Incident Response Plan: Establishing a clear process for responding to security incidents

Revuelto’s security policy Strong Passwords & Data Protection Create complex passwords and follow data security protocols. Report Suspicious Activity Report any suspicious activity or potential breaches immediately. Secure Networks & Physical Security Use social media responsibily and safeguard physical access to IT equipment

Stakeholder engagement for security Everyone at Revuelto Financial Services plays a role in Cybersecurity. Employees – Trained to identify threats, use strong passwords, and report incidents. Management – Champions security, allows resources ,and leads by example. Contractors – Aware of security protocols and access limitations for RFS.

Organizational integrity Data Security – Ensuring data confidentiality, integrity, and availability. Operational Continuance – implementing disaster recovery plans and regular backups.

Conclusion Summary Risks : Unauthorized access, financial theft, malware. Countermeasures: Firewall / VPN configs, DMZ, Static IP, NAT. Data Security: Confidentiality, integrity, availability, encryption. Continuance: Disaster recovery, backups, testing, redundancy. Next Steps Immediate: Update firewall / VPN, implement monitoring. Long – term: Regular audits, improve policies, engage, stakeholders.

Thank you

References Anon., 2021. RSI Security. [Online] Available at: https://blog.rsisecurity.com/types-of-security-threats-to-organizations/ [Accessed 20 07 2024]. Anon., 2024. Fortra . [Online] Available at: https://www.fortra.com/blog/top-benefits-network-monitorings [Accessed 01 08 2024]. Anon., 2024. Linkedin . [Online] Available at: https://www.linkedin.com/advice/0/what-most-common-vpn-configuration-mistakes-bt28f#:~:text=DNS%20leaks%20can%20occur%20due,use%20a%20trusted%20DNS%20provider.&text=DNS%20leaks%20in%20VPNs%20expose%20browsing%20data [Accessed 01 08 2024]. Anon., n.d. Fortinet. [Online] Available at: https://www.fortinet.com/lat/resources/cyberglossary/network-address-translation#:~:text=One%20way%20that%20NAT%20can,a%20level%20of%20traffic%20filtering [Accessed 01 08 2024]. Anon., n.d. Fullerton. [Online] Available at: https://hr.fullerton.edu/risk-management/information-and-document-requests/information-management/essential-techniques-of-risk-management.php [Accessed 01 08 2024]. Anon., n.d. Ipstack . [Online] Available at: https://ipstack.com/definition-of-static-ip-address#:~:text=Static%20IP%20addresses%20can%20enhance,lead%20to%20improved%20network%20performance [Accessed 01 08 2024]. Anon., n.d. Kiteworks . [Online] Available at: https://www.kiteworks.com/risk-compliance-glossary/security-misconfigurations/#:~:text=Misconfigured%20Firewalls%20or%20Network%20Settings,-Firewalls%20and%20other&text=For%20example%2C%20if%20a%20network,gain%20access%20to%20the%20system [Accessed 01 08 2024]. Anon., n.d. Science Direct. [Online] Available at: https://www.sciencedirect.com/topics/computer-science/security-procedure [Accessed 29 07 2024]. Anon., n.d. Springer. [Online] Available at: https://link.springer.com/chapter/10.1007/978-3-540-70818-6_9#:~:text=Organizational%20integrity%20refers%20to%20the,results%20within%20a%20given%20organization [Accessed 01 08 2024].

References Babati , B., 2020. Hoxhunt . [Online] Available at: https://www.hoxhunt.com/blog/security-engagement#:~:text=Security%20engagement%20is%20a%20form,simulating%20real-life%20attack%20types [Accessed 01 08 2024]. BasuMallick , C., 2022. Spiceworks. [Online] Available at: https://www.spiceworks.com/it-security/network-security/articles/what-is-demilitarized-zone/ [Accessed 01 08 2024]. Lenaerts-Bergmans , B., 2023. CrowdStrike. [Online] Available at: https://www.crowdstrike.com/cybersecurity-101/types-of-social-engineering-attacks/ [Accessed 01 08 2024]. RiskOptics , 2023. Reciprocity. [Online] Available at: https://reciprocity.com/risky-business-risk-assessments-101/ [Accessed 01 08 2024]. Schedt ., A., 2023. Comptia . [Online] Available at: https://www.comptia.org/blog/what-is-a-countermeasure-in-computer-security#:~:text=Countermeasures%20often%20refer%20to%20a,confidentiality%20and%20availability%20of%20data [Accessed 01 08 2024].
Tags
security mohamed riham nismy mohamed nismy it bcas campus risk risk management management data security presentation information security
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 7
  • Slides 21
  • Age 31 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
44 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views
View More in This Category