PROJECT CYBERSECURITY

I have attached the instruction.

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

2/17/22, 5:36 PMRubric Assessment – CSIA 485 6380 Practical Applications in Cybe…y Management and Policy (2222) – UMGC Learning Management System

Page 1 of 3https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assess…5246&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0

Project #2

Implementa!on Plan

Save Time On Research and Writing
Hire a Pro to Write You a 100% Plagiarism-Free Paper.
Get My Paper

Course: CSIA 485 6380 Prac!cal Applica!ons in Cybersecurity Management and Policy (2222)

Criteria Excellent Outstanding Acceptable Needs Improvement
Needs Significant
Improvement

Missing or Unacceptable

Business Context /

Use of Scenario

Introduc!on or

Overview for the

Implementa!on Plan

for Security

Strategy

(for Designated

Company)

Goals & Objec!ves

for

Implementa!on

Plan (for Designated

Company)

Scope, Assump!ons,

& Constraints for

Implementa!on Plan

(for designated

company)

1

0 points

Implementa!on plan

clearly, concisely, and

accurately incorporated

informa!on about the

designated business

context and scenario

informa!on as presented

in

the course readings.

No evidence present

indica!ng use of previous

course

scenarios.

8 points

Implementa!on plan

clearly and accurately

incorporated informa!on

about the designated

business context and

scenario informa!on as

presented in the course

readings. No evidence

present indica!ng use of

previous course

scenarios.

7 points

Implementa!on plan
accurately incorporated
informa!on about the
designated business
context and scenario
informa!on as presented
in the course readings.
No evidence present
indica!ng use of previous

course scenarios.

4 points

Implementa!on plan

used relevant informa!on

from the designated

business context and

scenario as presented in

the course readings.

2 points

Deliverable used some

informa!on related to

the

designated company

or industry.

0 points

Deliverable did not

incorporate informa!on

from the designated

business context /

scenario as presented in
the course readings.

10 points

Provided an excellent

overview of the

implementa!on plan. The

introduc!on was clear,

concise, and accurate.

Writer appropriately

used informa!on from 3

or

more authorita!ve

sources

8 points

Provided an outstanding

overview of the

implementa!on plan.

The introduc!on was

clear and accurate.

Writer appropriately

used informa!on from at

least 2 authorita!ve

sources
7 points

Provided an acceptable

overview of the

implementa!on plan.

Writer appropriately

used informa!on from

authorita!ve sources

6 points

Provided an overview but

the sec!on lacked

important details.

Informa!on from

authorita!ve sources was

cited and used in the

overview.

4 points

A”empted to provide an

introduc!on to the

implementa!on plan but

this sec!on lacked detail,

was off topic, and/or was

not

well supported by

informa!on drawn from

authorita!ve

sources.

0 points

The introduc!on and/or

overview sec!ons of the

paper were missing.

10 points

Clearly iden!fied (a) 3 or

more business goals and

objec!ves and (b) 3 or

more project goals and

objec!ves. Explana!on of

goals established the

rela!onship between the

security strategy for the

designated company

(project #1) and this

project. Goals and

objec!ves were stated in

a clear, concise, and

accurate manner.

Appropriately used

informa!on from 3 or

more authorita!ve
sources.
8 points

Clearly iden!fied (a) 2 or

more business goals and

objec!ves and (b) 2 or

more project goals and
objec!ves. Explana!on of
goals established the
rela!onship between the
security strategy for the
designated company
(project #1) and this
project. Goals and
objec!ves were stated in

a clear and accurate

manner. Appropriately

used informa!on from 3

or more authorita!ve

sources.
7 points

Clearly iden!fied (a) 1 or

more business goals and

objec!ves and (b) 1 or

more project goals and
objec!ves. Explana!on of
goals established the
rela!onship between the
security strategy for the
designated company
(project #1) and this

project. Appropriately

used informa!on from 3
or more authorita!ve
sources.
6 points

Provided a discussion

about goals and

objec!ves for the

implementa!on plan.
Informa!on from
authorita!ve sources was

cited and used.

4 points

A”empted to provide

informa!on about goals

and objec!ves for the

plan.

The discussion was

significantly lacking in

detail and/or was not

well supported by
informa!on drawn from

authorita!ve sources.

0 points

This sec!on was missing,

off topic, or failed to

provide relevant

informa!on.

1

5 points

Provided an excellent

analysis of the scope for

the implementa!on

project (including

explana!on of items that

are beyond the scope).

Clearly and concisely

listed 6 or more

assump!ons (2),

constraints (2), and

barriers to success (2).

Appropriately used

13.5 points

Provided an outstanding
analysis of the scope for
the implementa!on
project (including
explana!on of items that
are beyond the scope).
Clearly and concisely

listed 5 or more

assump!ons, constraints,

and barriers to success

(at least one item in each

category). Appropriately

12 points

Provided an acceptable
analysis of the scope for
the implementa!on
project (including
explana!on of items that
are beyond the scope).
Clearly and concisely

listed 3 or more

assump!ons, constraints,
and barriers to success
(at least one item in each
category). Appropriately
6 points

Provided a discussion of

the

scope, assump!ons,

and constraints for the

implementa!on plan for

the security strategy for

the designated company.

Informa!on from
authorita!ve sources was
cited and used.
4 points
A”empted to provide
informa!on about the
scope, assump!ons,

and/or constraints for

the implementa!on plan.

The discussion was
significantly lacking in
detail and/or was not
well supported by
informa!on drawn from
authorita!ve sources.
0 points
This sec!on was missing,
off topic, or failed to
provide relevant

informa!on.

2/17/22, 5:36 PMRubric Assessment – CSIA 485 6380 Practical Applications in Cybe…y Management and Policy (2222) – UMGC Learning Management System

Page 2 of 3https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assess…5246&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0

Project Management

Plan (People,

Processes,

Technologies)

Strategy
Implementa!on

Enterprise IT

Architecture (for the

designated company)

informa!on from 3 or
more authorita!ve
sources.
used informa!on from 3
or more authorita!ve
sources.
used informa!on from 3
or more authorita!ve
sources.
15 points
Provided an excellent

descrip!on of the project

management plan

suppor!ng

implementa!on of the

security strategy. Clearly

and concisely iden!fied

and described the

required management

and monitoring

structures using the

people,

processes, and

technologies

framework.

Appropriately used
informa!on from 3 or
more authorita!ve
sources.
13.5 points
Provided an outstanding
descrip!on of the project
management plan
suppor!ng
implementa!on of the

security strategy.

Iden!fied the required

management and

monitoring structures

using the people,

processes, and
technologies framework.
Appropriately used
informa!on from 3 or
more authorita!ve
sources.
12 points
Provided an acceptable
descrip!on of the project

management plan for

implemen!ng the

security strategy. Used

the people, processes,

and technologies

framework.
Appropriately used
informa!on from 3 or
more authorita!ve
sources.
6 points
Provided a discussion of

project management

ac!ons required for

implementa!on of the
security strategy.
Informa!on from
authorita!ve sources was
cited and used.
4 points
A”empted to provide

informa!on about project

management. OR, the

discussion was not well

supported by informa!on

from authorita!ve

sources.
0 points
This sec!on was missing,
off topic, or failed to
provide relevant
informa!on.
15 points

Provided an excellent
documentation package
detailing the security controls
required to implement the
strategy. Provided a phased
implementation schedule
with timeline diagram using
the System Development
Lifecycle (SDLC)
gates/phases and including
milestones and resources
required for each phase
(people, money). Narrative
documentation was clear,
concise, and accurate.
Appropriately used
information from 3 or more
authoritative sources.

13.5 points

Provided an outstanding
documentation package
detailing the security controls
required to implement the
strategy. Provided a phased
implementation schedule
with timeline diagram using
the System Development
Lifecycle (SDLC)
gates/phases and including
milestones and resources
required for each phase
(people, money). Narrative
documentation was clear and
accurate. Appropriately used
information from 3 or more
authoritative sources.

12 points

Provided an acceptable
documentation package
listing the security controls
required to implement the
strategy. Provided a phased
implementation schedule
with timeline diagram that
includes milestones and
resources required for each
phase (people, money).
Provided some information
about the System
Development Lifecycle
(SDLC). Narrative
documentation was clear and
easy to understand.
Appropriately used
information from 3 or more
authoritative sources.

6 points

Provided a discussion of the
actions required to implement
the security strategy.
Mentioned controls,
schedules, resource
requirements. Information
from authoritative sources
was cited and used.

4 points

Attempted to provide
summary information about
the strategy implementation
but this section lacked
important details. OR, the
discussion was not well
supported by information
from authoritative sources.

0 points

This section was missing, off
topic, or failed to provide
relevant information.

15 points

Provided an excellent
documentation package
detailing the hardware,
software, network
infrastructure, and
cybersecurity defenses
required to implement the
cybersecurity strategy.
Narrative documentation of
the architecture was clear,
concise, and accurate.
Provided an updated Network
Diagram showing the to-be
state of the IT infrastructure
including all mitigating or
“control” technologies (e.g.
firewalls, IDPS, DMZ, etc.).
Appropriately used
information from 3 or more
authoritative sources.

13.5 points

Provided an outstanding
documentation package
detailing the hardware,
software, network
infrastructure, and
cybersecurity defenses
required to implement the
cybersecurity strategy.
Narrative documentation of
the architecture was clear and
accurate. Provided an
updated Network Diagram
showing the to-be state of the
IT infrastructure including all
mitigating or “control”
technologies (e.g. firewalls,
IDPS, DMZ, etc.).
Appropriately used
information from 3 or more
authoritative sources.

12 points

Provided an acceptable
documentation package
documenting the hardware,
software, network
infrastructure, and
cybersecurity defenses
required to implement the
cybersecurity strategy.
Provided an updated Network
Diagram showing the to-be
state of the IT infrastructure.
Appropriately used
information from 3 or more
authoritative sources.

6 points

Provided a discussion of the
recommended Enterprise IT
Architecture for the
designated company.
Network diagram was
missing or not updated to
show added technologies and
controls. Information from
authoritative sources was
cited and used.

4 points

Attempted to provide
summary information about
an enterprise IT architecture.
OR, the discussion was not
well supported by
information from
authoritative sources.

0 points
This section was missing, off
topic, or failed to provide
relevant information.

5 points 4 points 3 points 2 points 1 point 0 points

2/17/22, 5:36 PMRubric Assessment – CSIA 485 6380 Practical Applications in Cybe…y Management and Policy (2222) – UMGC Learning Management System

Page 3 of 3https://learn.umgc.edu/d2l/lms/competencies/rubric/rubrics_assess…5246&groupId=0&d2l_body_type=5&closeButton=1&showRubricHeadings=0

Total

Overall Score

Professionalism:

Consistent Use and

Forma$ng for

Cita!ons and

Reference List

Professionalism:

Organiza!on,

Appearance, &

Execu!on

Work contains a reference list
containing entries for all
cited resources. Sufficient
information is provided to
allow a reader to find and
retrieve the cited sources.
Reference list entries and in-
text citations are consistently
and correctly formatted using
an appropriate citation style
(APA, MLA, etc.).

Work contains a reference list
containing entries for all
cited resources. Sufficient
information is provided to
allow a reader to find and
retrieve the cited sources.
One or two inconsistencies or
errors in format for in-text
citations and/or reference list
entries.

Work contains a reference list
containing entries for all
cited resources. Sufficient
information is provided to
allow a reader to find and
retrieve the cited sources. No
more than 5 inconsistencies
or errors in format for in-text
citations and/or reference list
entries.

Work has no more than three
paragraphs with omissions of
citations crediting sources for
facts and information. Work
contains a reference list
containing entries for cited
resources. Work contains no
more than 10 inconsistencies
or errors in format.

Work attempts to credit
sources but demonstrates a
fundamental failure to
understand and/or
consistently apply a
professional formatting style
for the reference list and/or
citations.

Reference list is missing.
Work demonstrates an overall
failure to incorporate and/or
credit authoritative sources
for information used in the
paper.

5 points

Submitted work shows
outstanding organization and
the use of color, fonts, titles,
headings and sub-headings,
etc. is appropriate to the
assignment type. No
formatting, grammar,
spelling, or punctuation
errors.

4 points

Submitted work has minor
style or formatting flaws but
still presents a professional
appearance. Submitted work
is well organized and
appropriately uses color,
fonts, and section headings.
Work contains minor errors
in formatting, grammar,
spelling or punctuation which
do not significantly impact
professional appearance.

3 points

Organization and/or
appearance of submitted
work needs improvement.
Errors in formatting, spelling,
grammar, or punctuation
which detract from
professional appearance of
the submitted work.

2 points

Submitted work has multiple
significant errors in style or
formatting, spelling,
grammar, and/or punctuation.
Work is unprofessional in
appearance. Work requires
substantial rewrite to improve
professional appearance.

1 point

Submitted work is difficult to
read / understand and has
significant errors in
formatting, spelling,
grammar, punctuation, or
word usage. Work is
disorganized and needs to be
rewritten for readability and
professional appearance.

0 points

No work submitted.

Do Not Use This Box
0 points minimum

Project #2: Cybersecurity Implementation Plan

Your Task:

The Acquisition of Island Banking Services has moved from the strategy development phase to the integration phase. In this phase, the M&A team will develop transition and implementation plans. Padgett-Beale’s Chief Information Security Officer (CISO) has recommended that a separate Cybersecurity Management Program be established for the Padgett-Beale Financial Services (PBI-FS) subsidiary to isolate as much risk as possible to the PBI-FS organization. This management program will require the establishment of policies, plans, and procedures which are customized to the financial service industry and the operating structure of PBI-FS.

The CISO has asked you to continue supporting the Merger & Acquisition team’s efforts. Your specific tasking is to assist in developing an implementation plan for the previously developed Cybersecurity strategy (Project #1). Since there have been additional developments in the M&A strategy overall, you should pay close attention to the Background Information provided later in this document.

Using your prior work (Project 1), develop a high-level plan for implementing a Cybersecurity Management Plan that will allow PBI-FS to begin operations in its new, on-island location. (The plan for the U.S. headquarters is being developed separately from your efforts.) This plan must take into account compliance requirements for U.S. banking laws, regulations, and standards. It must also include recommendations for required security controls, replacement of outdated hardware and software, and other measures necessary to reduce risk to an acceptable level. You must specifically address measures to reduce risks associated with both insider threats and external threats and threat actors.

Note: you MUST use the implementation plan outline provided later in this document.

You may need to perform additional analysis to address issues specific to the findings from the M&A team regarding the as-is state of the purchased assets which comprise the existing IT infrastructure.

Your high-level plan should include the system development life cycle (SDLC) gates/decision points and relevant tasks required to implement changes in the company’s hardware, software, and infrastructure. See

https://www.sebokwiki.org/wiki/System_Life_Cycle_Process_Models:_Vee

for more information about the gates & decision points.

You must also address any systems or software interoperability issues which may arise (especially those associated with the company’s existing custom software applications). You do not need to prepare a comprehensive Interoperability Assessment but, you should identify key issues and concerns. See the following resources for definitions and guidance:

·

https://www.smartgrid.gov/recovery_act/overview/standards_interoperability.html

·

https://www.fcc.gov/general/interoperability

You must clearly show that you have applied the following frameworks and concepts in your analysis and planning:

· Cybersecurity Principles: confidentiality, integrity, availability, non-repudiation, authentication, auditability, accountability

· NIST Cybersecurity Framework (see

https://‌nvlpubs. ‌nist.gov/‌nistpubs/‌CSWP/‌NIST. ‌CSWP. ‌04162018

)

· NIST Security and Privacy Controls (see NIST SP 800-53) OR Center for Internet Security (CIS) 20 Critical Security Controls for Effective Cyber Defense (see

https://www.tripwire.com/state-of-security/security-data-protection/security-controls/cis-top-20-critical-security-controls/

)

· Information Security Management Systems (ISMS) – ISO 27001/27002 (see

https://www.praxiom.com/toc35.htm

and

https://www.praxiom.com/iso-27001.htm

)

Note: Make sure that you include (in detail) the steps you would take to secure the new infrastructure.

Background:

As part of the purchase agreement for Island Banking Services, Padgett-Beale made a commitment to the bankruptcy court to operate the call center and transaction processing center on the island for the next five years. The Padgett-Beale, Inc. Merger and Acquisition Strategy for Island Banking Services has been updated and now includes the following stipulations which are derived from requirements to comply with U.S. laws and regulations while also implementing the contractual agreement to continue some operations on the island.

1. Island Banking Services will become Padgett-Beale, Inc – Financial Services (PBI-FS).

2. PBI-FS will operate as a wholly owned subsidiary with its own management structure.

3. PBI-FS’s will be incorporated as a U.S. corporation and will comply with all applicable laws and regulations.

4. PBI-FS’s headquarters unit and executive staff (including the CEO, COO, and CFO) will have separate offices from PBI but will be located within a 5 mile radius of the PBI Headquarters.

5. PBI-FS’s call center and transactions processing center will remain on the island but will move to a vacant office building adjacent to the existing Padgett-Beale resort property.

6. The deputy CISO from Padgett-Beale will serve as the interim CISO for PBI-FS.

7. The CISO from Padgett-Beale will serve as a consultant to PBI-FS for all matters relating to the establishment of the subsidiary’s Cybersecurity Management Program.

As part of its due diligence efforts, the Padgett-Beale M&A team reviewed the existing cybersecurity posture for Island Banking Services. This review determined that, while there were some IT security protections in place, Island Banking Services never had a formal IT security program. Instead, the company outsourced management of its hardware, software, and networks to an islander owned and operated IT services company. This company installed and managed the networking equipment, firewalls, and workstations. Some workstations were used by tellers to conduct financial transactions using a web-based interface to a back-end database. The M&A team is suspicious of the existing software and databases due to the level of criminal activity that was uncovered during the police investigation into money laundering.

The M&A team also reviewed the inventory of digital assets (HW/SW/Licenses) included in the purchase of Island Banking Services. The team also reviewed existing contracts for services related to those assets. It has determined:

1. Telecommunications. Undersea fiber optic cables connect the island to the global Internet. These cables are managed by a consortium of companies that contract with national and regional governments to provide telecommunications services (voice, video, and data) to a country or region. On-island access to Internet, cable television, and land-line telephone service are provided to residents and businesses on a contract basis by a government owned Communications Services company. The island’s local communications infrastructure was upgraded to buried fiber optic cables providing broad-band service after a hurricane destroyed the previous above ground copper cable infrastructure. Island Banking Services’ contract for communications services includes Voice over IP telephone service, one physical telecommunications connection via fiber optic cable, and one static IP address associated with that connection. Domain name services for the company’s Internet presence are provided by the island’s Communications Services company. The company uses network address translation services provided by the premises router to assign internal IP addresses to workstations and servers.

2. Network Equipment. The network equipment is more than five years old and should be replaced. Since the company is moving PBI-FS’s operations to a new physical location, the entire network infrastructure from cables to routers to firewalls to wireless access points will be replaced. The network equipment closet also contains a special purpose access control system that uses hard wired RFID badge readers and RFID badges to control employee access to exterior and interior doors. This equipment is out of date and will need to be replaced once the company moves.

3. Workstations. The computer workstations are more than five years old and currently run Windows 8.1. The workstations were custom built using refurbished components. All copies of Windows have an OEM license installed.

a. Licenses for Office 2019 were included in the purchased assets.

b. Three business licenses for an anti-virus program were included in the purchased assets. These licenses were installed on computers that were seized and taken into evidence as part of the ongoing law enforcement investigation. It is unclear whether these licenses will be usable in the future.

c. More than 10 computer workstations were found to be using “free” versions of an anti-virus application. These licenses state “for non-commercial or personal, home use only.”

4. Banking Applications Database & Servers (Hardware & Software). The current banking applications software uses a custom browser-based interface built on an Apache Web server connected to a MySQL database. The Apache Web server also hosted the company’s internal web site. The server software licenses, the code for the custom browser-based interface, and the web server and database server hardware were included in the purchased digital assets. The storage media (hard disk drives) containing the Linux operating system, applications software, and database files were seized as part of the investigation and have not yet been returned to the company.

5. Electronic Mail and Public Web Server. At the time of purchase, Island Banking Services was in the middle of converting from an internally hosted email server based on Linux/Exim to individual Gmail accounts (not owned or managed by the company). The company had recently moved its public website from the internal Apache server to the Wix hosting service. This public website provides customers with access to the company’s custom built, web-based mobile banking services application.

6. Data Backups and Data Recovery Services. The system administrator for Island Banking Services used a commercial image backup utility to manually backup the company’s servers on a weekly basis. The image backups were written to multiple Solid State Disks (SSDs) that were connected to a Linux server connected to the company’s internal network. The financial transactions software (custom written) used electronic journaling to create copies of each transaction record in a MySQL instance hosted in a private cloud (Platform as a Service). The entire transactions database was copied to this private cloud once every 12 hours. Transaction records were copied to the cloud database every 30 minutes.

Figure 1. Island Banking Services IT Infrastructure (as-is).

Putting It All Together

Your plan will be a combination of a paper and a detailed list of steps and resources that you would follow to implement and complete this project. Think about all of the actions, resources, and tasks that you would need to ensure a successful implementation of the “to-be” state for the PBI-FS cybersecurity program and infrastructure. These should also be included as part of the plan. The minimum structure for this assignment is below:

· INTRODUCTION

· Purpose of Plan (implementation of the security strategy)

· GOALS AND OBJECTIVES

· Business Goals and Objectives

· Project Goals and Objectives

· SCOPE

· Scope Definition

· Items Beyond Scope

· ASSUMPTIONS

· Project Assumptions

· CONSTRAINTS

· Project Constraints

· Barriers to Success

· PROJECT MANAGEMENT PLAN (for implementation of the security strategy)

· People

· Processes

· Technologies

· STRATEGY IMPLEMENTATION

· Security Controls

· Baseline (mandatory controls)

· Compensatory Controls (Administrative, Operational, Tactical)

· System Development Life Cycle/Schedule

· The 7 phases are: planning, requirements, design, development, testing, deployment, and maintenance

· Milestones

· Resource Requirements (People, Finances)

· ENTERPRISE IT ARCHITECTURE (“To-Be” – must include overview diagram)

· Hardware

· Software

· Network Infrastructure

· Cybersecurity Defenses

Additional Information

1. Consult the grading rubric for specific content and formatting requirements for this assignment.

2. Your 10-12 page Implementation Plan should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper. The listed page length is a recommended target. You should not, however, exceed double that page count (i.e. no more than 25 pages including diagrams, tables, and lists).

3. Your deliverable should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts Review for recommended resources.

4. Your Enterprise IT Architecture Overview diagram may be constructed using commercial clip art but you may not copy / glue together architecture diagrams from other sources. MS Word and Power Point both provide drawing tools and clip art which you can use to construct your diagram. See Figure 1 in this file for an example of the type of diagram / level of detail required.

5. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Paper_Template(TOC+TOF,2021) x.  

6. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.

7. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 

8. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.). Note: you may use footnotes to credit sources when doing so will improve the readability of the deliverable.

Order a unique copy of this paper

600 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
Top Academic Writers Ready to Help
with Your Research Proposal

Order your essay today and save 25% with the discount code GREEN