Purpose
This is report which retrospectively looks at the various actions the financial industry has undertaken to secure their information resources. The industry has had a fair share of data breach, compromise and other things which it has been profiling and providing solutions. The After Action Report (AAR), looks at those actions, evaluates them in the hope of enhancing the available options. The purpose of this report is therefore to review the tactics that have been put in place, checking their availability and efficiency, their exploitation tactics and doing a thorough analysis of their success or otherwise.
Scope
The AAR report will review the essence of protecting information resource in the financial industry. The AAR will also have a look at the confidentiality and the integrity of information resources in the industry. Despite high-level protection, some malicious attackers have led successful attacks, the report will look at that instance, and the lessons were drawn from such acts in the past. Lastly, there is a concept of ethical hacking and how successful it has been in enabling firms identify their system vulnerable areas. It would also be important to review some risks directly posed to the financial sector. The report does not include actions outside the financial industry.
Confidentiality/Integrity/Availability
The Confidentiality, Integrity and Availability (CIA) triad is an important concept in data protection. However, the concept takes varying routes based on the sector. Even though all the three elements are somehow important in every sector, it is possible to find one or two important than the other, based on the sector under consideration. The three applies in the financial service sector and below is a review on how each plays its role in the protection of information in the field.
Confidentiality
The CIA goal of confidentiality is more important than other goals when the value of the information depends on limiting access to it (Henderson, 2017). Just before referring back to the financial sector, just reflect on the military and its data, which is highly confidential. The data is highly valued by various malicious groups, from terror gangs, business competitors to various foreign governments competing with others. That demonstrates the essence of confidentiality and why businesses or organizations ensure their data is highly secured (Niekerk, & Solms, 2010). However, in financial services, the goal of confidentiality might be more important than other goals in cases of protecting proprietary information of the company. Various organizations have information that is not in public domain and intend to continue keeping it so. This is a culture that has enabled the United States Corporations to record significant success in science, mathematics, and technology. They protect many of their innovations until the obtain copyrights, and everyone including the government must lead in helping them prevent unauthorized use and access of these data. In cases where the information is shared, the parties have a responsibility to protect the data, and often, bound from making unauthorized use of information. A perfect case example is academic and other intellectual properties, which should only be used with express permission of the owners. Confidentiality is also critical when the information involves people’s data. Banks, based on the highly sensitive issues they deal with often collect all customers data, some critical to their political and economic lives. Banks are bound to keep these data confidential and desist from making unauthorized use. In other words, financial institutions are only allowed to use the information the extent allowed by law and permitted by the clients themselves. For companies to guarantee confidentiality in the financial services sector, communications methods must be properly monitored and secured to prevent unauthorized access.