Our Services

Get 15% Discount on your First Order

[rank_math_breadcrumb]

CSIA 485

Project #1: Cybersecurity Strategy & Plan of Action

Your Task:

You have been assigned to support the Padgett-Beale Merger & Acquisition (M&A) team working under the direct supervision of Padgett-Beale’s Chief Information Security Officer (CISO). The M&A team is in the planning stages for how it will integrate a new acquisition, Island Banking Services, into the company as its financial services arm (PBI-FS). Initially, PBI-FS will function as a wholly owned subsidiary which means that it must have its own separate cybersecurity program.

Your first major task (Project #1) will be to help develop a Cybersecurity Strategy & Plan of Action for PBI-FS. Island Banking Services never had a formal cybersecurity program so you’re starting from scratch. You will need to research best practices as well as relying heavily upon what you learned in your undergraduate studies in Cybersecurity Management and Policy. The CISO has provided detailed instructions for this task. (These appear after the Background section below.)

Background

After five years of operation, Island Banking Services — a non-U.S. firm — was forced into bankruptcy after criminal money laundering charges were filed against the company and its officers. Padgett-Beale, Inc. purchased the digital assets and records of this financial services firm from the bankruptcy courts. The purchased assets include licenses for office productivity software, financial transactions processing software, database software, and operating systems for workstations and servers. Additional assets included in the sale include the hardware, software, and licensing required to operate the company’s internal computer networks.

Figure 1. Island Banking Services IT Infrastructure Purchased by Padgett-Beale, Inc.

Padgett-Beale’s legal counsel successfully negotiated with the bankruptcy court and the criminal courts for the return of copies of the company’s records so that it could restart Island Banking Service’s operations. The courts agreed to do so after Padgett-Beale committed in writing to reopening the customer service call center (but not the branch offices) on the island. Reopening the call center will provide continued employment for 10 island residents including 2 call center supervisors. Padgett-Beale intends to relocate the call center to a company owned property approximately 10 miles away from the current location and adjacent to a newly opened Padgett-Beale resort.

Padgett-Beale’s Risk Manager has recommended that the Merger & Acquisition plan be amended such that Island Banking Services would be operated as a wholly owned subsidiary for a period of 5 years rather than being immediately and fully integrated as an operating element of Padgett-Beale. The company’s attorneys agreed that this would be the best approach given the potential for additional legal troubles related to the actions of the previous owners and employees. The Board of Directors has signed off on this amendment to the M&A plan and stipulated that the new subsidiary will be named PBI Financial Services (PBI-FS). The company officers and senior managers for PBI-FS will be named at a later date. For now, the leader of the M&A Team will serve as the Chief Operating Officer. Padgett-Beale’s Chief Information Security Officer will be loaned to PBI-FS while a search is conducted for a dedicated CISO for the subsidiary.

CISO’s Detailed Instructions to You

The CISO has given you and your team mates a set of instructions (below) which you should follow as you complete this task.

Task #1: Read and Analyze the Background Materials

If you have not already done so, read the Background information in this file. Next, review the Padgett-Beale M&A Profile 2020 which was posted to the LEO classroom. You should also review all materials from the classroom for Weeks 1 – 4 as these provide needed information about the Financial Services industry and the legal and regulatory requirements which apply to this industry.

Task #2: Perform a Gap Analysis & Construct a Risk Register

Using the information available to you, determine the most likely information technology/security gaps which existed at Island Banking Services prior to its being acquired by PBI. Next, determine which of these, if not addressed, will likely exist in the newly formed subsidiary PBI-FS. Document your analysis and evaluation in a Gap Analysis.

Your Gap Analysis should address operating issues relating to confidentiality, integrity, and availability (CIA) of information, information systems, and information infrastructures owned or used by PBI-FS. Your analysis should also consider and use the
People, Process, and Technology framework.

Step 1: Identify 10 or more significant cybersecurity issues/challenges/risks which the background information and M&A profile indicate currently exist at PBI-FS / Island Banking Services. You are allowed to “read between the lines” but must be able to map your analysis and findings to specific statements from these documents. These items will become your “Gaps” for the
Gap Analysis. Use one or more cybersecurity frameworks or standards (e.g. NIST CSF; People, Processes, and Technologies; Confidentiality, integrity, availability) to organize your analysis.

Note: there was significant criminal behavior found at Island Banking Services. Your analysis must address internal weaknesses which allowed this to occur without being discovered by the employees who were not involved in the crimes.

Step 2: Using your Gap Analysis (step 1) create a Risk Register (see Table 1 at the end of this file) in which you list 10 or more specific and separate risks. For each risk, assign a category (confidentiality, integrity, availability, people, process, technology) and a severity (impact level using a 1 – 5 scale with 5 being the highest potential impact).

Step 3: Review the laws and regulatory guidance which apply to the Financial Services industry and companies like Island Banking Services. For each entry in your risk register, identify and record the laws, regulations, or standards which provide guidance as to how the identified risks must be addressed or mitigated. Record this in your risk register.

Step 4: Review laws and regulations which apply to all companies, i.e. Sarbanes Oxley, IRS regulations for Business Records, SEC regulations and reporting requirements, etc. Review your Risk Register and either map these requirements to existing entries in your risk register or insert new entries for significant legal or regulatory requirements which you were not able to map to your previously identified risks. (Include risk related to non-compliance.)

Step 5: Review section 1.2 Risk Management and the Cybersecurity Framework in the NIST Cybersecurity Framework v1.1 (
‌CSWP. ‌04162018.pdf)

Using this information, determine the best strategy for addressing (“treating”) each of your identified risks. Remember the four types of risk mitigation strategies (accept, avoid, control, transfer).

Consider the business impact for each of your mitigation strategies (e.g. if you applied an “avoid” strategy across the board, the company would not be able to operate in the financial services industry because it would need to shut down all operations).

Record your risk mitigation strategy for each risk in your risk register. For each of your “control” entries, include the corresponding control category and subcategory (if applicable) from the NIST
Cybersecurity Framework (see Tables 1 and 2 in version 1.1). Examples: ID.AM Asset Management or PR.AC Identity Management and Access Control. Remember to cite your sources.

Step 6: Develop a
Cybersecurity Strategy that presents five or more specific actions (strategies) that the company should take to implement your recommended risk mitigations. Include information from your gap analysis, legal and regulatory analysis, risk analysis and proposed risk mitigations. Under each strategy include information about how the strategy will affect or leverage people, policies, processes, and technologies (hardware, software, infrastructure). Include examples and other pertinent information about Island Banking Services and Padgett-Beale. You should have at least one technology related strategy which includes an updated Network Diagram. This diagram must show the to-be state of the IT infrastructure including recommended mitigating or “control” technologies, e.g. intrusion detection, firewalls, DMZ’s, etc. (start with the diagram provided in this assignment file).

Note: Your strategy will be presented to the Board of Directors by the executive who is leading the Merger & Acquisition Team so make sure that you write in appropriate language and include sufficient detail to explain your recommended strategy.

Step 7: Develop and document a proposed plan of action and implementation timeline that addresses each element of the cybersecurity strategy that you identified previously (in step 6). Provide time, effort, and cost estimates for implementing your recommended actions (include appropriate explanations of your reasoning). Include the resources (people, money, etc.) necessary for completing each task in the timeline.

Step 8: Develop a set of 5 or more high-level summary of recommendations regarding the next steps to take in mitigating the risks that you identified in steps 1-7. These recommendations should logically flow from your analysis and be supported by your Cybersecurity Strategy and Plan of Action.

Putting It All Together

1.
Format your work for Steps 1-7 as a
Cybersecurity Strategy and Plan of Action.
The six major elements listed below should appear
in this order in a single file. Your MS Word format document file must include:

· Introduction (what is in this document and to what organization does it apply)

· Gap Analysis (Step 1)

· Legal & Regulatory Requirements Analysis (Steps 3, 4)

· Risk Analysis & Risk Register (Steps 2, 3, 4, 5)

· Cybersecurity Strategy (Step 6)

· Plan of Action and Implementation Timeline (Step 7)

The
Cybersecurity Strategy and Plan of Action is a comprehensive MS Word document that includes a separate title page followed by the six major elements (see list under step 7) and ending with a reference list. Your document must include a reference list and appropriate citations throughout.
You will need 10 – 12 pages to fully document your strategy and plan. Use section headings and sub headings to organize your work. You may use internal title pages (section titles) to make it clear where each of the major elements begins and ends. Title pages and reference pages are not included in the recommended length.

2.
Format your recommendations from Step 8 as a Cover Letter / Recommendations Memo to accompany your Security Strategy document.

The Recommendation Memo is a 2 page, professionally formatted memorandum addressed to the Merger & Acquisition Team. This cover letter / memo should summarize why this package is being forwarded to the M&A team for “review and action.” The memo should introduce and provide a brief summary of the purpose and contents of the
Cybersecurity Strategy and Plan of Action (name and describe each of the major sections). Use a professional format for your memo (consider using one of the MS Word templates). The memo does not include citations or references but, you may need to name laws or regulations.

Notes on Constructing Your Network Diagram (for step 6):

Your diagram must be based upon the provided network diagram with additions or deletions that are clearly your own work. You may use MS Word’s drawing tools, Power Point, or other drawing program. When you have completed your diagram, you may find it helpful to take a screen snapshot and then pasted that into your deliverable file(s).

You may use commercial or “free” clip-art to represent individual end point devices or network appliances such as routers, firewalls, IDPS, etc.) Clip art does not need to be cited provided that it is clip art (not screen captures from another author’s work).

Additional Information

1. Consult the grading rubric for specific content and formatting requirements for this assignment.

2. Your paper should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper.

3. Your paper should use standard terms and definitions for cybersecurity.

4. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Paper_Template(TOC+TOF,2021).docx.  

5. All submission files must begin with a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file.

6. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. 

7. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).

CSIA 485: Practical Applications in Cybersecurity Management & Policy

Copyright © 2022 by University of Maryland Global Campus. All rights reserved.

Table 1. Risk Profile Table (example)

Risk ID

Risk

Category

Severity

Applicable Laws, Regulations, Standards

Risk Mitigation Strategy (description)

Implementation: Required Technologies, Products, or Services

NIST Cybersecurity Framework Category and Sub Category Identifier (e.g. ID.AM-1)

Sub-Category Description

001

Theft of customer information from online transactions

Encrypt all communications between customers and the company’s online ordering system.

Implement Transport Layer Security; purchase and deploy digital certificates to use to encrypt communications.

PR.DS-2

Data-in-transit is protected.

002

003

004

005

006

007

008

009

010

image1.png

image2.png

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Related Questions

4/6pg

Your company Acme Logistics has recently been experiencing some thefts of equipment during the business day. All employees have been asked about the thefts and no one is claiming that they are responsible. Your facilities has three doors that are not locked during business hours and currently have no identification

Computer program

Kenya Forestry College [email protected] P.O. BOX 8 -20203, Londiani Tel .No.0202349901, 07232262 APPLICATION FOR TRAINING PROGRAMMES 2019/2020 Applications are invited for the following training programmes to be offered at Kenya Forestry College, Londiani commencing on the given dates. S/ n Programme Entry Requirements Duration Commencement Date Total Cost (Ksh) 1

Wk5_492

Need help with a question. Imagine that you are hired as an Ethical Hacking Consultant by your organization. You are asked by the top management to compare two object-oriented programming languages and create a presentation about your findings and suggestions. Use your problem-solving skills and  integrate your knowledge of web application testing

Computer Science

What is computer science  Science? what is the benefit of computer science?

6/8p

Running head: GUIDED IMAGERY AND PROGRESSIVE MUSCLE RELAXATION 2 Research Paper Topic: · Legal and legislative issues associated with biometric industry Instructions: · Prepare a 6-8 page paper in Microsoft Word using approved APA format. · The minimum page count cannot not include your Title page and Reference list. ·

week 7 Discussion and Replies

Please review the instructions for the assignment     WK7 Discussion Instructions: Database Failures and Timestamp Protocol  250 words total, answer the questions below with 4 evidence base scholarly articles. APA format, due 19 Dec 24.  1. Discuss the different types of failures. What is meant by catastrophic failure? 2.

Capstone B

Assessment 1 & 4 This file is too large to display.View in new window

hrmt

  how can organizations address change management in the workplace such that healthy stress is created? Be creative in your answer! You may find appropriate articles at the end of each chapter, and/or identify articles through the APUS online Library. Finally, be sure that all discussions are answered in full,

help

can u build a project for me based on the description given  below

help

can u build a project for me based on the description given  below

apple vs fbi

read this article Explain, based on the article and additional research, whether you agree with the FBI or Apple and why. Describe a possible compromise to the issue for future cases that would allow the investigation to continue. Take a position on whether technology is moving too fast for the

excel module 3

who can complete homework  assignment  by 4pm today  excel module 3 Documentation Shelly Cashman Excel 2019 | Module 3: SAM Project 1a Raybridge Recruiting CREATE A SALES REPORT Author: Theresa Cobb Note: Do not edit this sheet. If your name does not appear in cell B6, please download a new

excel module2

who can complete this assignment by 4pm today  Documentation Shelly Cashman Excel 2019 | Module 2: SAM Project 1a Roadrunner Online FORMAT WORKSHEETS Author: Theresa Cobb Note: Do not edit this sheet. If your name does not appear in cell B6, please download a new copy of the file from

Excel module 1

can anyone complete this ASAP or by tomorrow Documentation Shelly Cashman Excel 2019 | Module 1: SAM Project 1a New Era Medical COMPLETE A BUDGET SUMMARY WORKSHEET Author: Theresa Cobb Note: Do not edit this sheet. If your name does not appear in cell B6, please download a new copy

bcis

IfSuccessful_Status GA_Status_Icon SAM_Logo true false ID FirstName LastName AssignmentGUID UserID false rohan maharjan {308B14B0-E32E-42D1-BE7D-54EE2E09B8CD} {308B14B0-E32E-42D1-BE7D-54EE2E09B8CD} ID FirstName LastName ProjectName SubmissionNum MaxScore Score EngineVersion ID StepNumber Description IfSuccessful StepScore StepMaxScore ErrorText ActionName StepActionOrder ConsultantID FirstName Last 110345 Jenette Masterson 110347 Victorina Hogg 110349 Marguerite Hathcock 110351 Sid Ortiz 110352 Glenn Testani

WK6 Discussion

Please see attachment instructions to complete the assignment.     WK6 Discussion Instructions: Cost Functions and Record Lengths    250 words total, answer the questions below with 4 evidence base scholarly articles. APA format, due 15 Nov 24.  1. Discuss the different types of parameters that are used in cost

Enterprise Networking

ICT3051 Enterprise Networking Week-8 Laboratory Practicum 1 Configuring Quality of Service Task Use the following video to configure your own packet tracer file. Make sure everything in it works. Name the file with your name and student id. Reflect on the configuration experience by explaining what kind of problems you

Scott Tyree (2002)

You have been asked to conduct research on a past forensic case to analyze how digital data was used to solve the case Scott Tyree (2002). Summarize the case, pertinent actors, evidence, and facts. Outline the specific digital evidence used in the case. Describe the procedures and tools used to