Project #1: Cybersecurity Management & Contrivance of Exercise
You bear been asattested to maintenance the Padgett-Beale Merger & Merit (M&A) team initiateed subordinate the frequented supervision of Padgett-Beale’s Chief Referableice Security Stationr (CISO). The M&A team is in the contrivancening stages ce how it succeed sum a innovatinglightlight merit, Island Banking Advantages, into the guild as its financial advantages instrument (PBI-FS). Initially, PBI-FS succeed duty as a fullly holded conducive which media that it must bear its hold disconnected cybersecurity program.
Your governemost superior lesson (Project #1) succeed be to aid enucleate a Cybersecurity Management & Contrivance of Exercise ce PBI-FS. Island Banking Advantages never had a cemal cybersecurity program so you’re initiateing from dally. You succeed insufficiency to investigation best practices as pursueeous as subject heavily upon what you versed in your subordinategraduate studies in Cybersecurity Management and Policy. The CISO has supposing constructive instructions ce this lesson. (These illusion behind the Elucidation peculiarity beneath.)
Behind five years of agency, Island Banking Advantages — a non-U.S. immovtalented — was ceced into noncommunication behind immoral coin laundering score were refined opposite the guild and its stationrs. Padgett-Beale, Inc. purchased the digital proceeds and chronicles of this financial advantages immovtalented from the noncommunication pursues. The purchased proceeds embody licenses ce station productivity software, financial transactions processing software, database software, and easy systems ce toilstations and suffice-forrs. Joined proceeds embodyd in the sale embody the hardware, software, and licensing required to act the guild’s interior computer networks.
Figure 1. Island Banking Advantages IT Infrastructure Purchased by Padgett-Beale, Inc.
Padgett-Beale’s legitimate advice successlargely negotiated with the noncommunication pursue and the immoral pursues ce the reshow of copies of the guild’s chronicles so that it could reinitiate Island Banking Advantage’s agencys. The pursues agreed to do so behind Padgett-Beale committed in communication to reopening the customer advantage fawn hardihood (save refertalented the ramification stations) on the island. Reopening the fawn hardihood succeed supply continued avocation ce 10 island residents including 2 fawn hardihood supervisors. Padgett-Beale intends to relocate the fawn hardihood to a guild holded wealth closely 10 miles afar from the ordinary residuum and neighboring to a innovatinglightly opened Padgett-Beale haunt.
Padgett-Beale’s Lavish Manager has recommended that the Merger & Merit contrivance be amended such that Island Banking Advantages would be actd as a fullly holded conducive ce a duration of 5 years rather than substance externally-delay and largely sumd as an easy partifice of Padgett-Beale. The guild’s attorneys agreed that this would be the best admittance consecrated the virtual ce joined legitimate troubles akin to the exercises of the antecedent holders and employees. The Teffectual of Frequentedors has attested extempore on this discipline to the M&A contrivance and social that the innovatinglightlight conducive succeed be particularized PBI Financial Advantages (PBI-FS). The guild stationrs and superior managers ce PBI-FS succeed be particularized at a ensueing limit. Ce now, the head of the M&A Team succeed suffice-coercion as the Chief Easy Stationr. Padgett-Beale’s Chief Referableice Security Stationr succeed be loaned to PBI-FS suitableness a exploration is conducted ce a abandoned CISO ce the conducive.
CISO’s Constructive Instructions to You
The CISO has consecrated you and your team mates a established of instructions (below) which you should ensue as you full this lesson.
Lesson #0: Perright and Analyze the Elucidation Materials
If you bear refertalented already executed so, perright the Elucidation referableice in this refine. Direct, re-examination the Padgett-Beale M&A Prorefine 2020 which was posted to the LEO classroom. You should to-boot re-examination complete materials from the classroom ce Weeks 1 – 4 as these supply insufficiencyed referableice environing the Financial Advantages activity and the legitimate and regulatory requirements which adduce to this activity.
Lesson #1: Perform a Rupture Decomposition & Construct a Lavish Register
Using the referableice advantageous to you, particularize the most slight referableice technology/security ruptures which awaited at Island Banking Advantages anterior to its substance uncongenial by PBI. Direct, particularize which of these, if refertalented orationed, succeed slight await in the innovatinglightly cemed conducive PBI-FS. Muniment your decomposition and evaluation in a Rupture Decomposition.
Your Rupture Decomposition should oration easy issues touching to confidentiality, entireness, and availability (CIA) of referableice, referableice systems, and referableice infrastructures holded or rightd by PBI-FS. Your decomposition should to-boot ponder and right the Mob, Process, and Technology framework.
Tramp 1: Test 10 or past telling cybersecurity issues/challenges/risks which the elucidation referableice and M&A prorefine specify ordinaryly await at PBI-FS / Island Banking Advantages. You are completeowed to “perright between the lines” save must be talented to map your decomposition and discoverings to peculiar avowments from these muniments. These items succeed beseem your “Gaps” ce the Rupture Decomposition. Right peculiar or past cybersecurity frameworks or rules (e.g. NIST CSF; Mob, Processes, and Technologies; Confidentiality, entireness, availability) to adjust your decomposition.
Note: there was telling immoral exercise rest at Island Banking Advantages. Your decomposition must oration interior weaknesses which completeowed this to supervene externally substance discovered by the employees who were refertalented compromised in the crimes.
Tramp 2: Using your Rupture Decomposition (tramp 1) caportraiture a Lavish Register in which you register 10 or past peculiar and disconnected lavishs. Ce each lavish, consign a predicament (confidentiality, entireness, availability, mob, process, technology) and a severity (impression roll using a 1 – 5 layer with 5 substance the prominent virtual impression).
Tramp 3: Re-examination the laws and regulatory govern which adduce to the Financial Advantages activity and companies love Island Banking Advantages. Ce each minute in your lavish register, test and annals the laws, regulations, or rules which supply govern as to how the signed lavishs must be orationed or diminishing. Annals this in your lavish register.
Tramp 4: Re-examination laws and regulations which adduce to complete companies, i.e. Sarbanes Oxley, IRS regulations ce Concern Chronicles, SEC regulations and reporting requirements, awe. Re-examination your Lavish Register and either map these requirements to awaiting entries in your lavish register or bring-in innovatinglightlight entries ce telling legitimate or regulatory requirements which you were refertalented talented to map to your antecedently signed lavishs. (Embody lavish akin to non-compliance.)
Tramp 5: Re-examination peculiarity 1.2 Lavish Management and the Cybersecurity Frametoil in the NIST Cybersecurity Frametoil v1.1 (https://nvlpubs.nist.gov/nistpubs/CSWP/NIST. CSWP. 04162018.pdf)
Using this referableice, particularize the best management ce orationing (“treating”) each of your signed lavishs. Remember the filthy types of lavish obsoleteness strategies (accept, abandon, govern, sell).
Ponder the concern impression ce each of your obsoleteness strategies (e.g. if you applied an “avoid” management counter the table, the guild would refertalented be talented to act in the financial advantages activity becaright it would insufficiency to close dhold complete agencys).
Annals your lavish obsoleteness management ce each lavish in your lavish register. Ce each of your “control” entries, embody the similar govern predicament and subpredicament (if portraitureful) from the NIST Cybersecurity Frametoil (discern Tables 1 and 2 in account 1.1). Examples: ID.AM Asestablished Management or PR.AC Identity Management and Access Govern. Remember to designate your sources.
Tramp 6: Enucleate a Cybersecurity Management that presents five or past peculiar exercises (strategies) that the guild should obtain?} to instrument your recommended lavish obsoletenesss. Embody referableice from your rupture decomposition, legitimate and regulatory decomposition, lavish decomposition and designed lavish obsoletenesss. Subordinate each management embody referableice environing how the management succeed conceivek or leverage mob, policies, processes, and technologies (hardware, software, infrastructure). Embody examples and other applicable referableice environing Island Banking Advantages and Padgett-Beale. You should bear at lowest peculiar technology akin management which embodys an updated Nettoil Diagram. This diagram must illusion the to-be avow of the IT infrastructure including recommended healing or “control” technologies, e.g. interception overthrow, firewalls, DMZ’s, awe. (initiate with the diagram supposing in this consignment refine).
Note: Your management succeed be presented to the Teffectual of Frequentedors by the magistrate who is superfluous the Merger & Merit Team so dismeet fast that you transcribe in divert businessificeiculation and embody tit particular to interpret your recommended management.
Tramp 7: Enucleate and muniment a designed contrivance of exercise and instrumentation termline that orationes each partifice of the cybersecurity management that you signed antecedently (in tramp 6). Supply term, attempt, and require estimates ce instrumenting your recommended exercises (embody divert explanations of your ceced). Embody the media (people, coin, awe.) certain ce completing each lesson in the termline.
Tramp 8: Enucleate a established of 5 or past high-roll compendium of recommendations concerning the direct tramps to obtain?} in healing the lavishs that you signed in tramps 1-7. These recommendations should logically career from your decomposition and be maintenanceed by your Cybersecurity Management and Contrivance of Exercise.
Putting It Complete Together
1. Format your toil ce Tramps 1-7 as a Cybersecurity Management and Contrivance of Exercise. The six superior parts registered beneath should illusion in this dispose in a solitary refine. Your MS Promise cemat muniment refine must embody:
• Introduction (what is in this muniment and to what structure does it adduce)
• Rupture Decomposition (Tramp 1)
• Legitimate & Regulatory Requirements Decomposition (Steps 3, 4)
• Lavish Decomposition & Lavish Register (Steps 2, 3, 4, 5)
• Cybersecurity Management (Tramp 6)
• Contrivance of Exercise and Instrumentation Termline (Tramp 7)
The Cybersecurity Management and Contrivance of Exercise is a large MS Promise muniment that embodys a disconnected heading page ensueed by the six superior parts (discern register subordinate tramp 7) and finality with a intimation register. Your muniment must embody a intimation register and divert citations throughout. You succeed insufficiency 10 – 12 pages to largely muniment your management and contrivance. Right peculiarity headings and sub headings to adjust your toil. You may right interior heading pages (individuality headings) to dismeet it unclouded where each of the superior parts initiates and purposes. Heading pages and intimation pages are refertalented embodyd in the recommended tediousness.
2. Format your recommendations from Tramp 8 as a Clothe Referablee / Recommendations Memo to acguild your Security Management muniment.
The Recommendation Memo is a 2 page, negotiatively cematted register orationed to the Merger & Merit Team. This clothe referablee / memo should digest why this load is substance cewarded to the M&A team ce “re-examination and exercise.” The memo should bring-in and supply a illiberal compendium of the meaning and space of the Cybersecurity Management and Contrivance of Exercise (designate and reproduce-exhibit each of the superior peculiaritys). Right a negotiative cemat ce your memo (ponder using peculiar of the MS Promise templates). The memo does refertalented embody citations or intimations save, you may insufficiency to designate laws or regulations.
Notes on Constructing Your Nettoil Diagram (ce tramp 6):
Your diagram must be based upon the supposing nettoil diagram with additions or deletions that are uncloudedly your hold toil. You may right MS Promise’s plan tools, Power Aim, or other plan program. When you bear fulld your diagram, you may dismeet it aidful to obtain?} a harbor snapshot and then pasted that into your delivertalented refine(s).
You may right commercial or “free” abridge-artifice to reproduce-exhibit peculiar purpose aim devices or nettoil appliances such as routers, firewalls, IDPS, awe.) Abridge businessificeifice does refertalented insufficiency to be designated supposing that it is abridge businessificeifice (refertalented harbor captures from another author’s toil).
1. Consult the grading rubric ce peculiar satisfied and cematting requirements ce this consignment.
2. Your essay should be negotiative in illusionance with consonant right of fonts, font sizes, margins, awe. You should right headings and page breaks to adjust your essay.
3. Your essay should right rule conditions and definitions ce cybersecurity.
4. The CSIA program recommends that you ensue rule APA cematting gone this succeed bestow you a muniment that meets the “negotiative illusionance” requirements. APA cematting guidelines and examples are rest subordinate Course Media > APA Media. An APA template refine (MS Promise cemat) has to-boot been supposing ce your right CSIA_Basic_Paper_Template(APA_6ed,Nov2014).docx.
5. Complete dependence refines must initiate with a clothe page with the consignment heading, your designate, and the ascribable limit. Your intimation register must be on a disconnected page at the purpose of your refine.
6. You are expected to transcribe grammatically improve English in whole consignment that you resign ce grading. Do refertalented deviate in any toil externally (a) using enchantment stay, (b) using grammar stay, (c) verifying that your punctuation is improve and (d) re-examinationing your toil ce improve promise custom and improvely structured sentences and paragraphs.
7. You are expected to belief your sources using in-text citations and intimation register entries. Both your citations and your intimation register entries must ensue a consonant citation diction (APA, MLA, awe.).