PROJECT

I have attached the instruction

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

CSIA 485: Practical Applications in Cybersecurity Management & Policy

Project #3: Presentation for Board of Directors

Your Task:

Padgett-Beale’s Chief Information Security Officer (CISO) has tasked you to continue supporting the Merger & Acquisition team’s efforts to bring Island Banking Services’ security program into compliance with U.S. laws and regulations. The M&A team has provisionally accepted the draft cybersecurity strategy and draft implementation plan which you prepared previously. The M&A team has now requested that you contribute a set of summary slides for the M&A team’s Decision Briefing (presentation) to the Padgett-Beale Board of Directors. This briefing is one of the final steps in obtaining approval for the M&A team’s plan for integrating the newly purchased company – Island Banking Services – into Padgett-Beale as Padgett-Beale, Inc Financial Services (PBI-FS).

Before you begin developing your presentation, review your work products from Projects 1 & 2. As you do so, identify the most likely or most significant barriers to success (factors which increase the risk of failure). These can include barriers arising from external factors as well as issues arising from internal company sources. Consider culture and organizational conflict as well as legal and regulatory issues. For each factor, identify a countermeasure or compensatory action which the company could take to reduce the risk of failure. Select the five most significant barriers to success from your analysis. You will include these in your presentation slides.

Develop Your Presentation:

Using your prior work (Projects 1 & 2), develop a high-level summary presentation of your Cybersecurity Strategy and the Implementation Plan. You will need between 20-30 slides to fully address the requirements listed below; this slide count includes the slides for titles, section titles, and references. Remember to include speaker notes for the agenda slide, section title slides, and content slides. Your notes should be at least 20 words / one paragraph but no longer than 150 words / 3 paragraphs per slide.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Your presentation must include the following:

· Title Slide with title, your name, the date, and this course

· Agenda Slide

· Overview of the M&A effort (multiple slides – use the assignment overviews / background sections to put together a summary that answers: who, what, where, why, how)

· Section Title Slide: Cybersecurity Strategy

· Content Slides: provide a summary of your proposed Cybersecurity Strategy (Project 1)

· Section Title Slide: Cybersecurity Implementation Plan

· Content Slides: provide a summary of your proposed Cybersecurity Implementation Plan

· Section Title Slide: Barriers to Success

· Content Slides: five separate slides – one for each factor (identify each barrier to success and provide a recommended countermeasure or compensating action that the company could implement to reduce the risk of failure). This section will expand upon your “barriers to success” as discussed in Project #2.

· Section Title Slide: Summary & Recommendations

· Content Slide: present a recommendation that the strategy & implementation plan be approved by the Board of Directors for adoption and implementation by the company. Include 5 major business benefits of adoption and implementation. This may be new content (not previously included in projects 1 & 2).

· Section Title Slide: References

· Content Slides(s) that include reference list entries for your resources. Do not cite your own work for Projects 1 & 2.

Putting It All Together

MS Power Point .pptx format is the preferred delivery format; this application can be accessed via the Web or downloaded from UMGC under the university’s enterprise license for student use of Office 365. For more information see:

https://www.umgc.edu/help/help-topic.cfm?‌id=‌kA00W000000sZpeSAE‌&table=‌FAQ_IT__‌kav&action‌=getArticle

If you are unable to use Power Point, you may use another presentation application to create your slides and speaker notes. After you have done so, print your presentation slides to PDF and deliver the assignment as a PDF document. If you deliver as PDF, you must make sure that your speaker notes are visible and accompany each slide.

Additional Information

1. Consult the grading rubric for specific content and formatting requirements for this assignment.

2. Your presentation should be professional in appearance with consistent use of fonts, font sizes, margins, etc.

3. You must include a title slide with the assignment title, your name, and the due date. Your reference list must be on a separate slide at the end of your file.

4. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.

5. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.). To reduce visual clutter, you may put citations for sources into footnotes at the bottom of your slides (instead of putting citations at the ends of bullet points).

2/22/22, 8:04 PMRubric Assessment – CSIA 485 6380 Practical Applications in Cybe… Management and Policy (2222) – UMGC Learning Management System

Page 1 of 3https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assess…5247&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0

Project #3: Summary Presenta!on
Course: CSIA 485 6380 Prac!cal Applica!ons in Cybersecurity Management and Policy (2222)

Criteria Excellent Outstanding Acceptable Needs Improvement
Needs Significant
Improvement

Missing or Unacceptable

Business Context /

Use of Scenario

Overview for M&A

Effort

Cybersecurity

Strategy

Implementa!on Plan

1

0 points

Implementa!on plan

clearly, concisely, and

accurately incorporated

informa!on about the

designated business

context and scenario

informa!on as presented

in

the course readings.

No evidence present

indica!ng use of previous

course

scenarios.

8 points

Implementa!on plan

clearly and accurately

incorporated informa!on

about the designated

business context and

scenario informa!on as

presented in the course

readings. No evidence

present indica!ng use of

previous course

scenarios.

7 points

Implementa!on plan
accurately incorporated
informa!on about the
designated business
context and scenario
informa!on as presented
in the course readings.
No evidence present
indica!ng use of previous

course scenarios.

4 points

Implementa!on plan

used relevant informa!on

from the designated

business context and

scenario as presented in

the course readings.

2 points

Deliverable used some

informa!on related to

the designated company

or industry.

0 points

Deliverable did not

incorporate informa!on

from the designated

business context /

scenario as presented in
the course readings.

20 points

Provided an excellent

overview of the M&A

effort using informa!on

from the company

profile, weekly

descrip!ons,

assignments, and course

readings. Included at

least 10 slides in this

sec!on and answered the

5

important ques!ons:

who, what, where, why,

and

how.

18 points

Provided an outstanding

overview of the M&A
effort using informa!on
from the company
profile, weekly
descrip!ons,
assignments, and course

readings. Included 8 or

more slides in this

sec!on and answered

these important

ques!ons: who, what,

where,

and why.

1

6 points

Provided an acceptable

overview of the M&A
effort using informa!on
from the company
profile, weekly
descrip!ons,
assignments, and course

readings. Included 6 or

more slides in this
sec!on and answered
these important
ques!ons: who, what,
and why.

10 points

Provided an overview for

the M&A effort but the

sec!on lacked important

details.

Informa!on from

authorita!ve sources was

cited and used in the

overview.

4 points

A#empted to provide an

introduc!on to the M& A

effort but this sec!on

lacked detail, was off

topic, and/or was not

well supported by

informa!on drawn from

authorita!ve sources.

0 points

This sec!on was missing,

off topic, or failed to

provide relevant

informa!on.

1

5 points

Provided an excellent

summary of

the proposed

Cybersecurity Strategy

using informa!on from

the company profile,

weekly descrip!ons,

discussion papers,

course readings and

Project #1. Included at

least 10 slides in this
sec!on and answered the

5 important ques!ons:

who, what, where, why,
and how.

13.5 points

Provided an outstanding
summary of the proposed
Cybersecurity Strategy
using informa!on from
the company profile,
weekly descrip!ons,

discussion papers, course

readings, and Project #1.

Included 8 or more slides

in this sec!on and

answered these

important ques!ons:

what, where, why, and

how.

12 points

Provided an acceptable
summary of the proposed
Cybersecurity Strategy
using informa!on from
the company profile,
weekly descrip!ons,
discussion papers, course
readings, and Project #1.

Included 6 or more slides

in this sec!on and
answered these
important ques!ons:

what, why, and how.

6 points

Provided a summary for

the Cybersecurity

Strategy (Project #1) but

the sec!on lacked

important details.

Informa!on from
authorita!ve sources was
cited and used in the
overview.
4 points

A#empted to provide

informa!on about the

Cybersecurity Strategy.

The

discussion was

significantly lacking in

detail and/or was not

well supported by
informa!on drawn from
authorita!ve sources.
0 points
This sec!on was missing,
off topic, or failed to

provide relevant

informa!on.

15 points

Provided an excellent
summary of the proposed
Implementa!on Plan
using informa!on from
the company profile,
weekly descrip!ons,
discussion papers,
course readings and

Project #2. Included at

least 10 slides in this
sec!on and answered the
5 important ques!ons:
13.5 points
Provided an outstanding
summary of the proposed
Implementa!on Plan
using informa!on from
the company profile,
weekly descrip!ons,
discussion papers, course

readings, and Project #2.

Included 8 or more slides
in this sec!on and
answered these
important ques!ons:
12 points
Provided an acceptable
summary of the proposed
Implementa!on Plan
using informa!on from
the company profile,
weekly descrip!ons,
discussion papers, course
readings, and Project #2.
Included 6 or more slides
in this sec!on and
answered these
important ques!ons:
6 points
Provided a summary for
the Cybersecurity

Strategy (Project #2) but

the sec!on lacked
important details.
Informa!on from
authorita!ve sources was
cited and used in the
overview.
4 points
A#empted to provide
informa!on about the

scope, assump!ons,

and/or constraints for

the

implementa!on plan.

The discussion was
significantly lacking in
detail and/or was not
well supported by
informa!on drawn from
authorita!ve sources.
0 points
This sec!on was missing,
off topic, or failed to
provide relevant
informa!on.

2/22/22, 8:04 PMRubric Assessment – CSIA 485 6380 Practical Applications in Cybe… Management and Policy (2222) – UMGC Learning Management System

Page 2 of 3https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assess…5247&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0

Barriers to Success

Summary and

Recommenda!ons

Professionalism:

Consistent Use and

Forma$ng for

Cita!ons and

Reference List

Professionalism:

Organiza!on,

Appearance, &

Execu!on (including

slide notes)

who, what, where, why,

and how. Slides included

an overview diagram for

the Enterprise

Architecture.

what, where, why, and

how.

Slides included an

overview diagram for the

Enterprise Architecture.

what, why, and how.
Slides included an
overview diagram for the
Enterprise Architecture.
10 points

Clearly and concisely

presented 5 or more

barriers to successful

implementa!on of the

Cybersecurity Strategy

and Implementa!on Plan.

Included at least 5 slides

in this sec!on and

answered the 5

important ques!ons for

each barrier to success:

who, what, where, why,

and

how to overcome

(compensatory

controls).

8.5 points

Presented 5 or more

barriers to successful
implementa!on of the
Cybersecurity Strategy
and Implementa!on Plan.
Included at least 5 slides
in this sec!on and

answered these

important ques!ons for
each barrier to success:
what, where, why, and
how to overcome
(compensatory controls).
7 points

Presented 3 or more

barriers to successful
implementa!on of the
Cybersecurity Strategy
and Implementa!on Plan.

Included at least 3 slides

in this sec!on and
answered these
important ques!ons for
each barrier to success:

what, why, and how to

overcome (compensatory

controls).
4 points

Provided a summary of

barriers to successful
implementa!on of the

security strategy and

implementa!on plan.
Informa!on from
authorita!ve sources was

cited and used.

2 points
A#empted to provide

informa!on about

barriers to success. The

discussion was
significantly lacking in
detail and/or was not
well supported by
informa!on drawn from
authorita!ve sources.
0 points
This sec!on was missing,
off topic, or failed to
provide relevant
informa!on.
10 points

Provided a summary

sec!on which clearly and

concisely presented a

recommenda!on for

approval and adop!on of

the proposed

cybersecurity strategy

and the proposed

implementa!on plan.

Presented at least 5

major business benefits

for adop!on and

implementa!on.

8.5 points
Provided an outstanding

summary sec!on which

included a

recommenda!on for
approval and adop!on of
the proposed
cybersecurity strategy
and the proposed
implementa!on plan.

Presented at least 3

major business benefits
for adop!on and
implementa!on.
7 points
Provided an acceptable
summary sec!on which
included a
recommenda!on for
approval and adop!on of
the proposed
cybersecurity strategy
and the proposed
implementa!on plan.

Presented at least 1

major business benefit of

the adop!on and

implementa!on.
4 points

Provided a summary slide

which included a

recommenda!on for
approval and adop!on of
the proposed
cybersecurity strategy
and the proposed
implementa!on plan.
2 points

A#empted to provide a

summary for the

presenta!on. The

discussion was
significantly lacking in
detail and/or was not
well supported by
informa!on drawn from
authorita!ve sources.
0 points
5 points

Work contains a reference list
containing entries for all
cited resources. Sufficient
information is provided to
allow a reader to find and
retrieve the cited sources.
Reference list entries and in-
text citations are consistently
and correctly formatted using
an appropriate citation style
(APA, MLA, etc.).

4 points

Work contains a reference list
containing entries for all
cited resources. Sufficient
information is provided to
allow a reader to find and
retrieve the cited sources.
One or two inconsistencies or
errors in format for in-text
citations and/or reference list
entries.

3 points

Work contains a reference list
containing entries for all
cited resources. Sufficient
information is provided to
allow a reader to find and
retrieve the cited sources. No
more than 5 inconsistencies
or errors in format for in-text
citations and/or reference list
entries.

2 points

Work has no more than three
paragraphs with omissions of
citations crediting sources for
facts and information. Work
contains a reference list
containing entries for cited
resources. Work contains no
more than 10 inconsistencies
or errors in format.

1 point

Work attempts to credit
sources but demonstrates a
fundamental failure to
understand and/or
consistently apply a
professional formatting style
for the reference list and/or
citations.

0 points

Reference list is missing.
Work demonstrates an overall
failure to incorporate and/or
credit authoritative sources
for information used in the
paper.

15 points

Provided an excellent
presentation containing a title
slide, section title slides, and
30 or more content slides
with slide notes. Slide design
was appropriate for an
executive audience.
Submitted work shows
outstanding organization and
the use of color, fonts, titles,
headings and sub-headings,
etc. is appropriate to the
assignment type. No
formatting, grammar,
spelling, or punctuation

13.5 points

Provided an outstanding
presentation containing a title
slide, section title slides, and
15 or more content slides
with slide notes. Slide design
was appropriate for an
executive audience.
Submitted work has minor
style or formatting flaws but
still presents a professional
appearance. Submitted work
is well organized and
appropriately uses color,
fonts, and section headings.
Work contains minor errors

12 points

Provided an acceptable
presentation containing a title
slide, section title slides, and
12 or more content slides
with slide notes. Slide design
was appropriate for an
executive audience.
Organization and/or
appearance of submitted
work needs improvement.
Errors in formatting, spelling,
grammar, or punctuation
which detract from
professional appearance of
the submitted work.

6 points

Presentation had 11 or fewer
slides or had no slide notes.
Submitted work has multiple
significant errors in style or
formatting, spelling,
grammar, and/or punctuation.
Work is unprofessional in
appearance. Work requires
substantial rewrite to improve
professional appearance.

4 points

Submitted work is difficult to
read / understand and has
significant errors in
formatting, spelling,
grammar, punctuation, or
word usage. Work is
disorganized and needs to be
rewritten for readability and
professional appearance.

0 points

No work submitted.

2/22/22, 8:04 PMRubric Assessment – CSIA 485 6380 Practical Applications in Cybe… Management and Policy (2222) – UMGC Learning Management System

Page 3 of 3https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assess…5247&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0

Total

Overall Score

errors. in formatting, grammar,
spelling or punctuation which
do not significantly impact
professional appearance.

Do Not Use This Box
0 points minimum

RunningHead: CYBERSECURITY STRATEGY AND ACTION PLAN

1

CYBERSECURITY STRATEGY AND ACTION PLAN 17

Project 1: Cybersecurity Strategy and Action Plan

February 8,

2

022

Introduction

Based on the case study’s information, Padget solutions has established various branches across the globe in offering services related to hotel and business management companies. Additionally, through analysis of the financial statement, the Island Banking Services has been declared bankruptcy after engaging in a money laundering scenario. Bankruptcy is a situation whereby an organization cannot settle all its debts using the available resources. Due to the case of the failing company, it has attracted many companies for buyout through acquisition and merger. Padgett-Beale can benefit from purchasing various technological infrastructures from the falling company. The Padgett-Beale Company will pay by licenses, software, operating systems, and hardware from the bankrupt Island banking Services. Based on the case study, it is clear that the merger between the Inland Banking Services will make the Padgett-Beale a subsidiary company reading to a company named PBI Financial Service (PBI-FS).

Based on various statistics, a company needs to engage in acquisitions deals, and the merger should understand the strengths and weaknesses to be inherited (Barrett, 2018). Merger and acquisitions decisions on cyber security should be made by a third party such as an external inspector if the company does not have a comprehensive infrastructure to assess the various vulnerabilities in the technological infrastructure. Based on the case study, the Padgett-Beale Solutions Company agreed to work under Island Banking Services bankruptcy in the same business center and fully integrate most of its operations. It is predicted that the PSI-FS will operate as a fully owned subsidiary in the next five years and operate its cybersecurity programs separately from its main activities. The new company must educate its employees on making comprehensive cybersecurity decisions throughout their operations (Kshetri, 2017). The education program should focus more on the information from the key stakeholders, such as information from the financial service industry and legal and regulatory standards that the Island Banking Services violated.

Therefore, it is critical to identify the loopholes in the cybersecurity infrastructure that will aid in developing strategies to secure the most vital and sensitive information of the company. The Padgett-Beale Company needs to be proactive and aggressive in securing the finance accounts while ensuring that the company has involved the external experts in reducing the chances of black hat hackers from penetrating through the company’s technological infrastructure to compromise, destroy or steal some data that may jeopardize the activities of the organization. The company has a great responsibility to comply with the cybersecurity rules and regulations to avoid huge penalties. The entire organization, including the junior employees, should be incorporated during the decision-making to ensure that the whole organization is moving in the same direction in the fight against cybercrimes. Therefore, the first step will require PBI-FS to identify the risks and vulnerabilities affecting the technological infrastructure. Based on the case study, the Island Banking Services lacked specialized personnel to monitor the database and servers regularly. The other risk was insider threat that may be associated with employees who could leak sensitive data to a third party without the consent of the senior management. The second step would involve establishing a risk register that will allocate duties and prioritize what is supposed to be addressed first.

Step 1: Gap Analysis

A gap analysis is when a company or an enterprise conducts a comprehensive analysis to uncover gaps in the technical infrastructure to develop infrastructure to secure the most sensitive data of an organization. Risk identification is critical since it allows an organization to make the most effective decision in securing its software and operating systems. The NIST framework is the most effective technological methodology to identify gaps in cybersecurity. The gap analysis focuses on efficiency, reducing shortcomings, and providing real-time data through evidence-based information to the key stakeholders such as the sponsors.

The PBI-FS should conduct a gap analysis based on the previous cyber security challenges and the information provided during the merger and acquisition of the new company. Therefore, Padgett-Beale Merger and acquisition should ensure that all the gaps that affected the Island banking Services are addressed before starting the operation in the new deal. For instance, the case study indicates that the Island Banking Service was outsourcing various products and services from the Island-operated company, such as managing the network, hardware, and software, which could have created some vulnerability to the system.

Through the gap analysis, there are approximately ten risks and cybersecurity issues that need immediate address by the PBI-FS. The risks and issues created vulnerability to the Island Banking Company. The first step for the PBI-FS is to operate with the laid standard provided by the National Institute of Standards and Technology (NIST) cybersecurity framework. Therefore, it is critical to address the gaps since Island Banking lacks cybersecurity programs. Thus, the risk and gaps include a lack of protection

technology

and risk management and the risk management strategy, insider threats, shortage of a competent and qualified IT professional, using the third party to control most of the technological products, and lack of encryptions on major internet devices.

Step 2: Cyber Security Issues

Inability to establish a cybersecurity program

Island Banking Services faced a data breach mainly due to the lack of a cyber security program. The absence of the cyber security program creates vulnerability to an organization’s data that lack protection software and up-to-date infrastructure. The PBI-FS should prioritize developing cybersecurity programs that are up to date and controlled by a registered software developer. The Island Banking Service had various vulnerabilities in the financial institutions through the case study, thus creating poor customer service. Therefore, the Chief Information Security Officer at PBI-FS should be aggressive and proactive in developing a cybersecurity program based on federal and state laws and regulations. Additionally, the program should comply with the Bank Secrecy Act (BSA).

Utilizing the services of a third party

Through the third-party point of access, the black hat hackers have a wider way to penetrate through the company’s technological infrastructure. For instance, the black hat hackers can access the financial systems through the third-party infrastructure or penetrate through the system by hacking many databases and servers within the organization. The third party can also create vulnerability through insider threats, while Island Banking Company has little control of the third party’s action.

Inability to develop encryptions on data on its devices

Encryption technology is among the best protective technologies protecting sensitive data from hacking. The data are stored in a language that a human cannot understand through technology. Therefore, even if the black hat hackers steal the data, they will not benefit since they will not interpret the information. The encryptions technology will enhance data security, particularly related to customers, by minimizing the potential interceptions.

Inability to develop infrastructure to prevent the endpoint threats

The endpoint threat noted in the Inland banking Company contributed to the data breach. PBI-FS must develop a computer system that will lose data through endpoint security attributes. The endpoint threats may occur through phishing attacks and calculations such as unpatched vulnerabilities. Phishing attacks mainly access an organization’s password to servers and databases directed to employees and entice them to provide sensitive information by directing them to software that extracts the passwords.

The other threat noted was a violation of confidentiality.

In most cases, employees and other key stakeholders forget to delete their personal information from the existing software. Since PBI-FS is required to buy all the technological infrastructure such as software and hardware and other digital assets such as word

process

ing documents, electronic emails, presentations, and logos, it is important for Island Banking to forward all the digital assets. Based on the case study, the Island Banking Company was forced to open storage devices and digital media through the search warrant after it had declined to open the infrastructure by the technology enforcement agency.

Data theft

The Island Banking Company is vulnerable in sharing the most sensitive data with the employees. The employees are more likely to share some data for the enterprise for a fee to the main competitors and the black hat hackers. The main reason for the data theft is to destroy the integrity and confidentiality of data safety. The most effective method f ensuring minimal access of data to the employees is through biometric technologies such as iris and face scanning.

The potential hacking on cybersecurity

The Island Banking Company had sold the financial transactions processing software to another company based on the case study. The software contains much information about an organization thus could be an avenue for a third party to compromise the remaining data in the database and servers. The PBI-FS must involve the IT professionals before selling any program to a third party.

The other risk is the lack of IT professionals.

The case study shows that Island Banking Company lacks internal IT professionals to monitor the financial services. The internal IT personnel can conduct regular testing to identify vulnerabilities and advice the institution on the best measures to protect data in an organization (Lamba, 2018). Additionally, it is critical to incorporate the external IT Company to assist in a data breach.

Utilization of the same cybersecurity software from Island Banking Company

The case study shows that even after the establishment of PBI-FS, the company continued to use some of the software utilized by the Island Banking Company. The PBI-FS needs to update the software and replace some that are outdated. The analysis shows that PBI-FS is still intended to operate systems, database software, transaction processing software, and productivity software.

Inside threat

Most of the employees from Padgett-Beale and the Island Banking Services Company were not involved during the merger of the two companies. Therefore, most of them are not happy are more likely not to support the PBI-FS projects. Thus they are likely to share most of the sensitive information from the company. PBI-FS is supposed to implement biometric technology that will prevent employees from accessing databases and servers’ rooms.

Proper asset management

The case study shows that Island Banking Services lacks proper inventory for its applications and software. Since the company was declared bankrupt due to engaging in money laundering activities, there is a gap between responsibilities and their actual implementations and cybersecurity.

Step

3

: risk register

Risk ID

Risk

Category

Severity

Applicable Laws, Regulations, Standards

Risk Mitigation Strategy (description)

Implementation: Required Technologies, Products, or Services

NIST Cybersecurity Framework Category and Sub Category Identifier (e.g., ID.AM-1)

Sub-Category

Description

001

Theft of customer information from online transactions

Encrypt all communications between customers and the company’s online ordering system.

Implement Transport Layer Security; purchase and deploy digital certificates to encrypt communications.

PR.DS

-2

Data-in-transit is protected.

002

Threats from within the organization

Employee

5

BSA 31 USC 531

Prevent and avoid

Enhance the training on the best adoption method to protect the data, particularly through phishing attacks

N/A

N/A

003

Implementation of protective software

technology 1

BSA 31 USC 531

Transfer

The company should implement audit and log procedure

PR.PT

PR.PT-1 and PR.PT 2

004

Protection processes and procedure

process 3

Compliance to OFAC 31 CFR 500 and CFR part 103

Data mitigation

Use a backup policy such as the implementation of cloud computing technology to enhance safety and privacy

PR.IP

PR.PT-2, PR.PT 4 and PR.PT 5

005

Data privacy and security

Availability and integrity

3

BSA 31 USC 531

Mitigation

of the data

Implementation of removal, transfer, prevention while ensuring enough data for analysis

PR.DS

PR.PT-3, PR.PT 4 and PR.PT 5

006

Training and awareness

Complying with the existing rules and regulations

2

OFAC 31CFR 500,103 and BSA 31 USC 531

avoidance

Training and making awareness to PBI-SF employees

PR>AT

PR.AT-1

007

Analysis for the chain risk

Confidentiality and integrity

1

Section 21.11 and amp;163.180

Risk transfer

Establishment and implementation of SCRM for the employees to adopt and embrace

ID.SC

ID.SC-1

008

Management of the anticipated risk

Procedure and process

3

BSA 31 USC 531

Mitigation

Involving the employees in the development of policies to mitigate data breach

ID.RM

ID.RM-1, ID.RM-2

009

Management of asset risk

Integrity, availability, and confidentiality

3

BSA 31 USC 531

Acceptance

Management of the data through the internal and external IT professional

ID.RA

ID.RA-1, ID.RA-3 and ID.RA-6

010

Governance

Process and people

5

OFAC 31 CFR 500 and BSA 31 USC 531

Mitigation

Complying with the legal and regulatory policies

ID.GV

ID.GV-3 and ID.GV-1

Step 4: reviewing the laws and regulations

The effective laws to regulate the relationship between the two companies

Island Banking Services and Padgett-Beale Solutions Company should develop policies and rules that will define the acquisitions and mergers. The policy will enable the organization to develop rules that will hold specific employees responsible and accountable for the data breach, including data theft and fraud.

Policy statements

Due to the nature of the activities conducted by Padgett Beale Solutions, understand the need for quality services to customers by securing their data, particularly the financial information. Data privacy and integrity is critical for effective decision-making. The policy should adhere to the two companies by incorporating views and opinions from employees on the entire PBI-FS personnel. The key stakeholder should accept the policies and develop penalties and fines for the party that will violate the laid guidelines.

Management of cookies

The PBI-FS should use the emerging technology to attract and maintain trust among the customers. PBI-FS should develop a website containing critical information about the organization. Cookies technology has been common among major industries and companies to track and follow customers who have shown interest in a company’s product by visiting and exploring the website (Sander, 2020).

Step 5: Risk management and the cyber security framework in the NIST cyber security

The National Institute of Standard and Technology (NIST) provides a framework for identifying, detecting, protecting, responding, and mitigating data breach cases (NIST CSF, 2018). The NIST provides more than nine hundred cybersecurity solutions that fit the nature of any organization across the globe. Data security improves the development of the organization and enhances the career progress of the employees. Based on the nature of PBI-FS, the NIST provide various recommendations, such as the implementation of intrusion prevention and instruction detection systems.

There should be effective policies regarding internet devices in an organization. For instance, employees should not be allowed to use the organization’s internet devices such as smartphones and laptops to conduct personal business. Secondly, employees should only use the organization’s email to run an organization’s official company. Acceptance means that the data risk is within the acceptable level based on the risk management responses, and the organization can handle the risk without involving external IT experts. On the other hand, transfer indicates that data is vulnerable and not within the acceptable level; thus, a third party such as an insurance company needs to be incorporated to take part in the risk. Mitigation means that PBI-FS can use the available technology to reduce the impact of a data breach. Avoid means that some risks can lead to adverse effects to the information in an organization; thus, should be avoided at all costs.

Step 6: Cybersecurity strategy that Padgett Beale Solutions should be taken

The first recommendation is to create awareness and train employees to detect security vulnerability and data breaches and communicate to the relevant authorities. The second recommendation is to implement data encryptions through IBM Guardian (Choi, Jeon & Kim, 2019). The encryption technologies will enhance data security and privacy even if the data may land in the wrong people’s hands. The third measure is to implement a backup solution. The most effective technology infrastructure for data safety is cloud computing technology since it is less vulnerable to attacks. The fourth recommendation implementation of the updated Barracuda CloudGen Firewall solution process will enable PBI-FS to protect the organization’s computers from external threats. The fifth measure would be implementing a Demilitarized Users Zone, which collaborates with the firewall to prevent malware (CRT, 2019).

Step 7: a proposed plan of action and Implementation timetable

Action description

Resources

Timeline

Budget estimate $

Description

Intrusion prevention and detection

IT personnel and internet devices such as laptops

Three days

450,000

Intrusion prevention and detection will require highly specialized personnel and powerful laptops.

Development of strategic leadership

Employees

Three days

310,000

Training is needed to enlighten the employees on effective strategic leadership to identify and manage vulnerabilities.

Implementation of encryption technology

IT specialist and computers

Five days

300,000

Implementation of encryption technology will ensure that even if critical data were stolen, it would not be of any use to the third party.

Implementation of 2-factors authentication

It will involve the IT professional and scanner

One day

150,000

No third party will access data without the verification code from the authorized user.

Implementation of the firewall

The IT specialist

One week

350,000

The employees should also be trained to update the firewall based on the recommendation from the software developer.

Step 8: summary and recommendation

Based on the analysis, the PBI-FS has various cybersecurity issues inherited from Island Banking Services. If the PBI-FS undertakes no measures, the company will also be vulnerable to a data breach. Therefore, the following recommendations are critical in enhancing data privacy, integrity, and confidentially. The first recommendation is that the PBI-FS review the laws and develop policies to adhere to rules and regulations governing the team’s acquisition and merger. Secondly, the company should assess the competence of the IT professionals and ascertain whether they are competent enough to secure the organization’s data using the available resources. I also recommend PBI-FS involve the employees during the planning and implementation of the technology. Researches show that employees are more likely to support projects engaged in thorough planning and implementation. The fourth recommendation is that there should be effective communication in addressing the strategies and policies concerning access control. Effective communication is essential in any organization to put everybody on the board. Lastly is to communicate the available resources required to implement an effective technological policy.

Memorandum

To: PBI-FS

From: computer expert

Date: 4 February 2022

Subject: Mitigation recommendation for the cybersecurity risks

I am taking this chance to recommend based on the gap analysis following PBI-FS Company formed after the merger between Padgett-Bealee and Island Banking Services Company since the Island Banking Company has been declared bankruptcy through cyber insecurity and money laundering, there are various risks associated with the transfer of hardware, software, and files.

Throughout my analysis have emphasized about comply with the laid rules and regulations from the federal government to enhance data security. My analysis has also included the plan of action where I have given the timelines, people responsible, and the budget required to implement the changes. The timeline is short of ensuring that the company will not create more vulnerability during the project implementation. The estimated cost will enable the company to seek sponsors and grants if there is an insufficient fund within the organization.

The key stakeholders at PBI-FS should review the rules and regulations to enhance compliance and avoid penalties and fines from the relevant authority. Therefore, I recommend PBI-FS check how to handle data breaches based on Federal Information Security Management Act (FISMA). The IT professionals should be recruited based on experience and merit to ensure detective systems, firewall, and 2-factor authentication technologies are well installed and regularly monitored.

References

Barrett, M. P. (2018). Framework for improving critical infrastructure cybersecurity. National Institute of Standards and Technology, Gaithersburg, MD, USA, Tech. Rep.

Choi, J. P., Jeon, D. S., & Kim, B. C. (2019). Privacy and personal data collection with information externalities. Journal of Public Economics, 173, 113-124.

CRT, (n.d.). (2019). Barracuda Firewall: An In-Depth Review. CR-T. Retrieved from,

https://crt.com/blog/barracuda-firewall-an-in-depth-review/

Kshetri, N. (2017). Blockchain’s roles in strengthening cybersecurity and protecting privacy. Telecommunications policy, 41(10), 1027-1038.

Lamba, A. (2018). Protecting ‘Cybersecurity & Resiliency’of Nation’s Critical Infrastructure– Energy, Oil & Gas. International Journal of Current Research, 10, 76865-76876.

NIST CSF, (2018). Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology

Sander, J. (2020). How to Handle Cyber Security during Mergers and Acquisitions. Finance Digest. Retrieved 22 February 2021, from https://www.financedigest.com/how-to-handlecyber-security-during-mergers-and-acquisitions.html.

RunningHead: PROJECT 2:

IMPLEMENTATION PLAN

1

IMPLEMENTATION PLAN

2

Project 2: Implementation Plan

February 22, 2022

1. Introduction

In the increased advancement of technology and other innovations, the world has recorded many cases of cyber security threats, particularly in 2020/2021. As per the cyber security statistics in 2021, it was found that in 2021 alone cyber security data breach cost tremendously increased from $3.86 million to $4.24 million. This will be an exponential increase that has never been witnessed over the last 17 years. As provided by extensive research conducted by Cybersecurity Ventures, it is estimated cyber security attacks are expected to rise (Aliman & Kester, 2020). As per the report prepared by Cybersecurity Ventures, in every 11 seconds, there is at least one cyber security attack noted across the globe. The increasing rise of cyber security attacks can be attributed to technological advancement which has made it easy for cybercriminals to come up with new complex techniques of launching their attacks without being detected. Also, new forms of malware and ransomware along with other cyber-attack approaches have been invented an aspect that has provided it difficult for the organization with obsolesce technology to be able to effectively monitor, detect and perhaps prevent such attacks.

In recent days, cyber threats have become more pronounced in the financial and banking industry. among the top three cyber security threats and risks in the banking and finance industry include mobile apps which have increased the number of online users who can access their banking information via a single click on their mobile devices (Aliman & Kester, 2020). Lack of effective and reliable security in such mobile devices along with the banking apps installed in the said phones has made it easy for cybercriminals to take the advantage of device vulnerability to exploit personal and sensitive data about banking and other important financial transactions. Secondly, there are also third-party data breaches. As more and more online services and applications are developed and implemented for use in executing various business and monetary-related transactions, hackers have found a new way of obtaining confidential information from online banking services users. Cybercriminals are now using shared banking systems along with third-party networks to launch attacks since many of these systems and networks are not amply secured from potential internal and external attacks. Lastly their cryptocurrency hacks. Upon invention in 2009, up to date much has not been done to secure decentralized currency markets, in each year financial and banking instructions have been counting losses of valuable information and lots of money through cryptocurrency hacking.

The purpose of this report or security plan is to help Beale Financial Services (PBI-FS) organization as a custodian of money have adequate knowledge about exiting security vulnerabilities and risks in its IT department. By so doing this plan will provide insightful concepts about cyber security threats and risk management strategies that could be adopted and implemented to prevent financial losses, secure personal, sensitive, and confidential data that could be otherwise accessed and sold to the dark web by malicious cybercriminals (Aliman & Kester, 2020). Besides that, this plan aims to offer an extensive approach for cyber risk management that helps Beale Financial Services (PBI-FS) as an organization to protect and perhaps preserve its banking and financial services reputation. For the company to retain a larger customer base there is a need to build trust and assure the clients that their data and other critical information is safe and free from any possible cyber-attacks. Additionally, security controls along with other cyber threat mitigation measures that will be discussed in this report will be also beneficial to the Beale Financial Services (PBI-FS) organization in the sense that it will help the company to reduce the chances of facing lawsuits due to compliance issues. This will further prevent any possible penalties that may be imposed by cyber security compliance and regulation agencies.

2. Thesis statement.

Based on the scenarios presented for the preparation of this security plan for implementation in the Padgett-Beale Financial Services (PBI-FS) organization, this paper will focus on various security elements that need to be developed, adopted, and implemented by Padgett-Beale Financial Services (PBI-FS) organization to prevent financial losses and other potentials cyber security issues that could otherwise impact the company’s business as well as brand’s reputation. Among the key elements of the intended security, strategies meant for Padgett-Beale Financial Services (PBI-FS) will entail; business goals and project goals with respect to anticipated security strategies that should be implemented. This paper will also aim at highlighting various assumptions of cyber security strategies. Other key elements of this cybersecurity project are possible barriers, project constraints, project management plan which will be composed of people, processes, and technologies that will facilitate easy and smooth implementation of the security strategy for Padgett-Beale Financial Services (PBI-FS).

Besides that, the major aim of this project will be to provide extensive knowledge on the move for Strategy implementation in the FBI-FS company. this strategy management will be composed of various Security controls such as Baseline mandatory controls along with Compensatory controls that will be made of administrative, operational, tactical control measures. Above that, this project will also focus on proving more security details about System development life cycle/schedule (SDLC) in which case the seven phases of SDLC such as planning, requirements, design, development, testing, deployment, and maintenance will be broadly be discussed to help (PBI-FS) organization have extensive understanding in the kind of systems, technologies, and software that need to be used in banking and financial transactions to prevent any possible security threats from affecting is key IT assets. Perhaps this report will also provide insightful knowledge about Enterprise IT architecture diagrammatic presentation PBI-FS’s IT architecture, comprising of key components such as hardware, software, as well as network infrastructure. Finally, this discussion will highlight various approaches that need to be adopted by PBI-FS company as cybersecurity defenses.

3.0. Goals and objectives.

Based on the security needs of PBI-FS company it is good to note that its objectives and goals have been categorized into two; these are business goals and objectives as well as project goals and objectives. To begin with, PBI-FS company’s business objectives can be described as its daily operations and activities that must be undertaken to ensure that the company is expanding and growing financially. Among these objectives include the creation of transaction media, making loans, and increasing profit margins (Austin, 2018). On the other hand, project goals and objectives entail all the activities that are aimed at developing, adopting, and implementing cyber security approaches that could facilitate effective security ensuring the safety of its data and critical assets. For a better understanding of PBI-FS organizational business and project goals and objectives, let us consider the highlighted elements below.

3.1. Business goals and objectives.

The following are the PBI-FS business goals and objectives.

· PBI-FS will be working towards ensuring that as an organization its staff and other key stakeholders are strictly adhering to the highest level of transparency. This is the best move towards protecting the brand’s reputation by establishing trust among the community members who are key stakeholders of the company. To achieve this, the company will be advocating for progressive communication and collaboration among the staff, shareholders executives (Austin, 2018). Progressive communication and sharing of ideas will educate all members on the essence of establishing and building trust in an organization such as PBI-FS and its essence in business in attracting more investors.

· Continuous assessment of the company’s business operations to facilitate identifications of potential challenges that may negatively impact its business. Workflow, duties delegated and assigned to various staff members should be continually assessed to find out what challenges employees face and what needs to be done in order to facilitate smooth operations free of turmoil.

· Nurturing collaboration and teamwork among the staff, executives, and shareholders. Collaboration among the above-mentioned people will help PBI-FS to solve complex issues that could otherwise result in devastating impacts on business (Austin, 2018). Collaboration among various departments within the PBI-FS company will ensure that every member is well educated and made aware of Cybersecurity issues that could hamper daily business operations.

· Also, the company must be working towards ensuring business data confidentiality. Given that PBI-FS is a financial institution, its major focus and agenda number one as part of its business objectives and goals is to protect personal data and other sensitive clients’ details by reinforcing updated security approaches (Cheng et al., 2019). this can be achieved via continuous assessment of the current security state of its IT systems to assess any possible vulnerabilities and perhaps deploy effective risk mitigation measures.

· Another key business goal and objective for PBI-FS is to build trust with its clients, investors, and other financial partners. To achieve this objective the company, need to adopt and implement a robust cyber security system that will be able to, monitor, detect and resolve any potential threats (Austin, 2018). By so doing it will be able to instill trust and confidence among its stakeholders and customers

3.2. Project goals and objectives.

As mentioned earlier, project goals and objectives for PBI-FS are focused on effectively dealing with issues regarding required preparations that will facilitate implemented of appropriate cybersecurity measures that will help the company detect and mitigate cyber threats whenever they are identified.

The primary project goals and objectives for PBI-FS include;

· Designing and developing security systems; means that before the implementation of a cybersecurity management plan, it will be wise for the company to assess security vulnerabilities and security needs for its IT assets, and by so doing it will be easy to identify and select security systems that meet business needs and perhaps that is in line with legal compliance requirements. Security systems to be selected must be able to protect data integrity, confidentiality and ensure data availability whenever needed for use in business operations (Cheng et al., 2019).

· Perhaps, the project goals and objective will also be focused on designing and developing security procedures, system controls, formulating and documenting security best practices and along with solutions on how to effectively handle security incidences whenever they occur. This means that before the implementation of the Cybersecurity Management Plan (CMP). This will help the company set a security culture that best suits its business and that can ensure all the regulatory and compliances policies are followed to the latter (Cheng et al., 2019).

· Develop and implement security training programs. With increased cases of cyber security threats across various financial institutions, it will be essentially good to train and educate staff and other stakeholders on the importance of protecting business assets from both external cybercriminals and insiders, this will help reinforce and create a progressive cyber security and business risk awareness an aspect that will facilitate smooth adoption and implementation of Cybersecurity Management Plan (CMP) within the PBI-FS company (Cheng et al., 2019).

· Formulation and development of security response plans such as incidence response action plan that will provide procedures, teams members who will be given the responsibilities to provide assistance whenever there is business risk, crisis or threats. Emergency response and incidence response measures should be put in place before the implementation of the Cybersecurity Management Plan (CMP) (Daswani & Elbayadi, 2021).

4.0. Scope

As a project, the scope of the Cybersecurity Management Plan (CMP) will be limited to business activities alongside data protection strategies for Padgett-Beale Financial Services (PBI-FS). The main objective of this project is to provide security guidelines that will help Padgett-Beale Financial Services (PBI-FS) as a financial institution that will soon start operating in the United States. Since Padgett-Beale Financial Services (PBI-FS) is a newly established financial company that will be required to operate under United States cyber security laws and regulations. Given that cybersecurity threats have been on hiking in the last few years, therefore this project will focus on developing a secure network that will guarantee effective protection of Padgett-Beale Financial Services (PBI-FS) IT systems and other critical assets such as databases (Daswani & Elbayadi, 2021).

As provided in the Padgett-Beale Financial Services (PBI-FS) current cyber security status and kind of software, programs, device’s, applications, and type of operating system it uses, this project will also exert its research to provide insights that the company could adopt in order to update and upgrade its cyber security architecture to meet legal compliance requirements in its country of operation (Daswani & Elbayadi, 2021). Lastly, this project will also assess PBI-FS’s IT and security system infrastructure’s susceptibility and vulnerabilities to cyber-attacks so as to come up with the most advanced cyber threat mitigation measures that could be implemented by this company to help monitor, detect and mitigate cyber security threats whenever they are identified.

5.0. Assumptions

As per the assessment of the PBI-FS security needs the Project’s assumptions will be;

· The finance dataset will be the primary target by hackers. Given that the current security systems of PBI-FS are outdated with minimal security controls, cybercriminals will be opportunities to the existing system’s vulnerabilities and launch attacks that could otherwise lead to devastating impacts (Gupta & Mamta, 2021).

· The project also assumes that external attackers along with insider attackers may collaborate to exploit the company’s data for their malicious motives.

· Perhaps the projects will work on the assumption that PBI will be exposed to a wide range of cyber-attacks if appropriate measures are not taken at the right time (Gupta & Mamta, 2021).

· It is also assumed that the company’s reputation is at risk given that its security systems have not yet been upgraded. This may also attract lawsuits due to non-compliance to security regulations set forth to prevent exposure of sensitive financial data to cyberspace for exploitation (Gupta & Mamta, 2021).

· It also assumed that without proper training to create cyber security awareness, staff members can unintentionally expose the company to cyber threats that could gain access to sensitive data.

6.0. Constraints.

6.1. Project constraints.

There are many projects constraints that need to be considered in this aspect. Among these include;

6.1.1. Legal-related issues.

As provided by the Bank Secrecy Act (BSA) 31 USC 5311 regulations along with cyber security compliance policies with regard to the international data protection and security standards, cyber security regulation agencies like International Electrotechnical Commission (ISO/IEC) 27001 may pose some challenges to effective development and implementation of this project. This means that such regulatory bodies and Foreign Assets Control Regulations (OFAC) 31 CFR 500 will likely place some constraints for Beale Financial Services (PBI-FS) business operations (Gupta & Mamta, 202).

6.1.2Time factor.

In any project, time is considered as the primary constraint that may negatively impact the success of the project. Given that a cybersecurity management plan is a complex process, the time frame set for this project may not be sufficient enough to the guarantee success of the project (Hare, 2010).

6.2. Barriers to success.

One of the primary barriers to the success of this project is;

6.2.1 lack of sufficient Capital or finances.

A limited supply of required resources for the project development due to financial constraints will impact project success. Lack of enough capital will limit the purchase of resources such as software, applications, and systems meant for the development and implementation of the cybersecurity management plan.

7.0. Project management plan (for implementation of the security strategy)

7.1. people.

Employees pose a great risk to data security threats if not well trained and educated on how to respond to issues whenever suspected or noted. Training programs must entail;

7.1.1. Security policy.

This will involve the development and implementation of security policies and procedures that will ensure accountability and transparency while handling organizational data (Hare, 2010).

7.1.2. Access Control.

Access control approaches should include the use of strong passwords to only allow PBI-FS staff to gain authorized access to the systems and resources that only need to perform their duties.

7.1.3. Point of Contact and reporting of cybersecurity issues.

As per the IT policies for PBI-FS, any issues related to cyber threats should be reported to the IT security management department immediately it is noted. This will enable a swift move of the IT security team to deploy an appropriate mechanism to prevent further impacts (Hare, 2010).

7.1.4. Authentication.

The IT security management team should develop and implement multifactor authentications for all systems and other computer-based resources to help track employees’ actions and security vulnerability issues (Moallem, 2021).

7.2. Processes.

7.2.1. Banking Sessions.

Given that cybercriminals are focused on the vulnerability of online banking services, PBI-FS is advised to adopt HTTP Public Key Pinning (HPKP) techniques to prevent and minimize possible cases of data theft (Moallem, 2021).

7.2.2. Transactions.

With increased threats and risks of fraudulent transactions, it will be wise for PBI-FS to implement dual authorization as the first step of verifying the legitimacy of the sender and the receiver in any financial transactions (Moallem, 2021).

7.3. Technologies.

7.3.1. Firewall.

The essential of implementing firewalls in the company’s IT infrastructure is to ensure that there is maximum protection as the firewall will isolate computer resources from possible internal or external attacks. A firewall will protect the company’s data, network, application software, and computer users from potential threats (Moallem, 2021).

7.3.2. Encryption

Data encryption is the best approach to secure data in transit and data at rest. This will help keep off types of malware and malicious attacks from accessing the company database (Moallem, 2021).

7.3.3. Secure Socket Layer.

Essentially, a secure socket layer will protect data by providing a secure connection between the PBI-FS’s servers and web browsers.

7.3.4. Antivirus.

The use of Updated antivirus software will progressively monitor, detect, and mitigate any security threats noted within the company’s IT resources such as programs, devices, and application software (Moallem, 2021).

8.0 Strategy implementation.

8.1. Security controls.

PBI-FS needs to develop and implement effective security controls such as antivirus, firewalls to enable its systems to detect and manage security threats to its network and data (Moallem, 2021).

8.2. Baseline (mandatory controls).

8.2.1 Development and implementation of strict access controls.

Adoption and implementation of limited access to IT and information processing systems within the PBI-FS company. this will ensure that only people with appropriate access privileges will be able to access relevant information for business purposes only.

8.2.2. Secure encryption.

End-to-end encryption will provide PBI-FS company to gain exclusive control and protection of its assets, particularly banking data from potential snoopers.

8.2.3. Data backup.

The largest concern for PBI-FS company is the loss of critical data that may result from either natural disasters or cybercrimes triggered by insiders or external cybercriminals.

8.3. Compensatory controls (administrative, operational, tactical).

8.3.1. Virtual Private Network.

With increased cybercrimes incidences, PBI-FS will be required to implement Virtual Private Network to provide a secure connection via an encryption tunnel that will protect users’ IP addresses from malicious online cyber attackers (Moallem, 2021).

8.3.2. Incident Response Plan.

Essentially, Incident Response Plan will serve as the main protective pillar for PBI-FS IT resources as it will protect the company’s data, help the company secure its revenue as well as protect its reputation.

9.0 System development life cycle/schedule

System development life cycle is made of 7 main phases. These are Planning Stage, Feasibility or Requirements of Analysis, Design and Prototyping phase, Software Development, Software Testing Stage, Implementation and Integration, as well as Operations and Maintenance Stage  (Otero, 2018,). Each stage is important as it allows systems users to validate the effectiveness and suitability of the system with regard to the anticipated use and problem the system is intended to solve. SLDC will ensure that there is better management and control of the entire project cycle, it also ensures there is transparency, visibility and perhaps helps system developers and system users to actively collaborate in predicting the project outcomes so as to make required adjustments if any at the right stage. This will help reduce additional costs that may be incurred along the entire process.

The above Diagram represents SDLC phases.

10.0. Milestones.

After assessing the cybersecurity status of the PBI-FS company, vulnerabilities detected, and opportunities identified will be used alongside SDLC and control gates to come up with an effective threat management plan to mitigate potential security risks PBI-FS company may face. Among the key elements or milestones that will be closely monitored include; security controls, upgrading of protective devices, IT infrastructure, and development of cyber security assessment and incident response team (Otero, 2018).

11.0. Resource requirements (people, finances).

As well known to project managers and business entities that need to invest in their security resources, the success of any project requires sufficient support and supply of essential resources to facilitate the development and implementation of a suitable cybersecurity management plan, based on this, PBI-FS will be required to provide resources such as skilled and expert personnel together with financial support to facilitate the success of this project  (Otero, 2018).

12.0. Enterprise its architecture (“to-be” – must include overview diagram)

12.1. Hardware.

After the evaluation of PBI-FS’s current IT systems, there numerous changes are required for its systems. The first thing is to upgrade the company’s IT working station by purchasing new systems to replace the existing outdated and obsolesce equipment. Also, the company should take the initiative of installing VMware to ensure there are progressive automatic data backups. This will replace the current manual backup system (Otero, 2018).

12.2. Software.

In its web application, Beale Financial Services (PBI-FS) organization is advised to make use of the Secure Sockets Layer ( SSL) to develop an encrypted link between a web browser and web server. This will prevent cybercriminals from modifying information that is being shared between the PBI-FS and other external links (Sethi & Sharma, 2013).

12.3. Network infrastructure.

As mentioned early, SSL will be implemented in the PBI-FS network infrastructure to secure and keep off possible security threats that can expose sensitive data to malicious attackers.

13.0. Cybersecurity defenses.

In order for PBI-FS to protect its IT resources and maintain its reputation, it will be advisable to adopt the following security best practices and measures.

· Training & Awareness

Employees should provide the first line of cyber defense in any organization; therefore PBI-FS will be required to establish security training and education programs to enlighten all its staff on various issues regarding cyber threats. This will create cyber security awareness to enable staff members to report such incidences immediately they are noted (Sethi & Sharma, 2013).

· Intrusion Detection System.

Intrusion Detection System is the most effective network monitoring tool that will help the company detect and respond to various security threats to prevent potential intruders from accessing transit data within the company’s network system (Sethi & Sharma, 2013).

· Data Encryption.

Data at rest and in transit must be encrypted using secret codes to secure its confidentiality, availability, and integrity (Tsukerman, 2020).

References

Aliman, N., & Kester, L. (2020). Malicious design in AIVR, falsehood, and cybersecurity-oriented immersive defenses. 2020 IEEE International Conference on Artificial Intelligence and Virtual Reality (AIVR). doi:10.1109/aivr50618.2020.00031

Austin, G. (2018). Corporate cybersecurity. Cybersecurity in China, 65-79. doi:10.1007/978-3-319-68436-9_4

Cheng, L., Liljestrand, H., Ahmed, M. S., Nyman, T., Jaeger, T., Asokan, N., & Yao, D. (2019). undefined. 2019 IEEE Cybersecurity Development (SecDev). doi:10.1109/secdev.2019.00022

Daswani, N., & Elbayadi, M. (2021). Technology defenses to fight the root causes of breach: Part two. Big Breaches, 303-329. doi:10.1007/978-1-4842-6655-7_13

Gupta, B., & Mamta. (2021). undefined. Secure Searchable Encryption and Data Management, 93-98. doi:10.1201/9781003107316-ch07

Hare, C. (2010). Secure socket layer (SSL). Encyclopedia of Information Assurance, 2582-2590. doi:10.1081/e-eia-120046382

Moallem, A. (2021). Cybersecurity technologies classification. Understanding Cybersecurity Technologies, 1-4. doi:10.1201/9781003038429-1

Otero, A. R. (2018). System development life cycle. Information Technology Control and Audit, 201-236. doi:10.1201/9780429465000-8

Raymer, M. G. (2017). Application: Quantum data encryption. Quantum Physics. doi:10.1093/wentk/9780190250720.003.0003

Sethi, M., & Sharma, A. (2013). Information system and system development life cycle. Software Development Techniques for Constructive Information Systems Design, 118-127. doi:10.4018/978-1-4666-3679-8.ch007

Tsukerman, E. (2020). Network intrusion detection data. Designing a Machine Learning Intrusion Detection System. doi:10.1007/978-1-4842-6591-8_4

Order a unique copy of this paper

600 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
Top Academic Writers Ready to Help
with Your Research Proposal

Order your essay today and save 25% with the discount code GREEN