Professional Documents
Culture Documents
Student’s Name:
Instructor’s Name:
Course:
Date:
CYBERSECURITY STRATEGY & PLAN OF ACTION 2
Introduction
Island Banking Services went bankrupt, and the Padgett-Beale purchased the financial
services that it was offering. There are risks associated with this process, and therefore, this
document identifies them and indicates the mitigation strategies that would be used. There are
laws and regulations which are associated with cybersecurity risks and challenges. They guide
how to resolves some of the risks. The document states cybersecurity strategies that would be
effective in controlling and eliminating the risks. An implementation timeline demonstrates the
Information technology/security gaps which existed at Island Banking Services prior to its
One of the technology gaps is the lack of an intrusion detection system. The systems help
in detecting any network threats. In that case, the company does not get to be hacked, and it
prevents unauthorized people from accessing the network. Another security gap is the lack of
access control strategies. It is essential to limit access to the top-secret files. The other
technology gaps are authentication strategies and lack of vulnerability management. The
technology or the security gaps which are likely to exist in the PBS-FI are detections of threats,
One of the cybersecurity issues is the data breach. Padgett-Beale has bought that financial
services that were offered by Island Banking services. It means that they will have access to the
details of the customers. Having two companies that are aware of the customer’s details is risky.
The second cybersecurity issue is a violation of confidentiality. The employees or workers from
the Island Banking services may forget to delete some private information stored in their
CYBERSECURITY STRATEGY & PLAN OF ACTION 3
computers. Padgett-Beale purchased the digital assets, which include word documents, electronic
mails, presentations, spreadsheets and logos. Therefore, the Island Banking services had to
forward all the digital assets. The third cybersecurity issue is data theft. The process of sharing
these details, many people will be handling the information. Therefore, there is a very high risk
of someone stealing the data in digital assets. Fourthly, hacking is a potential cybersecurity issue
since the financial transactions processing software is also being sold. The software is vital in the
banking industry since the financial services are provided through the implementation of the
software. A cyber attacker may find a vulnerability in the system and hence hacking this. The
fifth cybersecurity issue is the lack of professionals to handle PBI-Financial Services (PBI-FS).
The sixth cybersecurity issue is finding a dedicated and experienced Chief Information
Security Officer (CISO). Skilled and qualified individuals are required in this field to ensure that
the subsidiary’s information is protected from attacks. The seventh cybersecurity challenge is
using the same software used by the previous company. There is updated and better software,
and therefore using outdated software creates vulnerability in the system. The eighth
cybersecurity risk is a malware attack. The attack is executed through the sharing of files or the
use of free software programs. The ninth risk is an inside threat. There may occur that there is
someone who is not happy with the business happening between Island Banking Services and
Padgett-Beale. Therefore, they may be an inside threat where they will be stealing data or
helping hackers in accessing the company’s network. The tenth cybersecurity issue is the lack of
detecting threats. The computer systems are the same ones that were used in Island Banking
Services Company and therefore, no improvements are made on the hardware. Therefore,
Risk Analysis & Risk Register, Legal & Regulatory Requirements Analysis,
(Steps 2, 3, 4, 5)
all
companies
Data breach Confidentiality 3 Federal Federal Protecting data Data security
Management Management
Act Act
(FISMA) (FISMA)
Violation of Process 1 Financial Financial Encrypting and Protective
y access of
sensitive
information
(Control
strategy)
Data theft People, 3 Federal Federal Access control Protective
Corporation Corporation
law law
Hacking Technology 5 Computer Computer Improving the Improvements
CYBERSECURITY STRATEGY & PLAN OF ACTION 5
(control
strategy)
Lack of Technology 2 Employment Employment Advertisement Response
vacancies
(accept
strategy)
Having an People 2 Employment Employment Giving tasks to Response
d Chief providers
Information (transfer
Security strategy)
Officer
Malware Process 3 IEEE IEEE Antivirus and Mitigation
(control
strategies)
Having an Integrity, 3 International International Identify the Governance
threats detection
system (control
strategy)
One of the cybersecurity strategies that Padgett-Beale can implement is the introduction
of intrusion detection and intrusion prevention systems. These are important so that any threats
or risks can be detected before they materialize. It is essential to mitigate these risks since they
can cause significant damage to the company. Wireless intrusion prevention system (WIPS) can
be deployed to serve the purpose of monitoring the wireless frequencies (“TechTarget,” 2015).
In the monitoring process, it identifies unauthorized devices. It there is any, it is eliminated from
the WI-FI network. Another intrusion detection system is the McAfee Network Security
Platform. It helps in protecting data and computer systems of an organization. The services being
offered by Padgett-Beale are sensitive, considering that the access to the consumer’s details
Another cybersecurity strategy that the company can implement is the use of firewalls.
Firewalls are essential, considering that the majority of the activities are carried out through the
internet. The firewall ensures that the data being exchanged is safe or not. It determines whether
the packets are as per the rules that have been set up. The firewalls will help in protecting the
computer systems and the server. In that case, users who are not authorized to use the network
cannot access the private network (“About firewalls,” 2019). It will be an effective cybersecurity
CYBERSECURITY STRATEGY & PLAN OF ACTION 7
strategy for Padgett-Beale to ensure that other people cannot access the network hence
minimizing the chances of being hacked through the use of the net. We have cyber-attacks which
are initialized through accessing a company’s network. In that case, a cyber-attacker can see the
data being exchanged and can access information or files belonging to the company. The firewall
access to certain rooms, network, or systems. For instance, data theft can be mitigated through
the implementation of access control strategies. The firm could consider classifying people and
deciding what each of them can access. Some files should be protected using a unique and strong
password, and they will be given to certain people. For the sensitive files, Padgett-Beale should
only allow the manager and some few employees to access the files. In that case, the probability
of the files getting accessed by other people is minimal since only three individuals, for instance,
have the access details. The multifactor authentication could be fingerprint and a keycard lock. It
could also be an iris scan and a keycard. Anyone who wants a file will have to ask the authorized
individuals to provide them with the necessary files. Therefore, files stored as hard copies will be
The employees need to be informed of how to protect the machines and how to form
strong passwords. Padgett-Beale should hire an It professional to train the employees on creating
strong passwords and the importance of locking their computers when they are getting out of
office. Some errors happen since people do not have the necessary information. They need to be
informed that the passwords should be private. They should not share them with anyone.
Besides, they need to be educated about phishing emails. They should not open files from
CYBERSECURITY STRATEGY & PLAN OF ACTION 8
unknown resources since they may be containing malicious codes. It is one of the strategies used
by the cyber attackers in accessing the systems of a firm. The employees will be equipped with
cybersecurity information which contributes to ensuring that safety of the systems and the data
files in the company. Also, Padgett-Beale needs to consider if any employees use personal
computers in performing some tasks for the firm. If there are, then they need to take good care of
their computers since they can be used by attackers to access specific company’s information.
cybersecurity matters.
Encryption of data files is essential to ensure that the right recipient accesses the data
files. For instance, Padgett-Beale’s employees could be using the RSA where there is the public
key and the private key. Employees will exchange their public keys with the people whom they
are sending files to. Therefore, they will encrypt the files using the public key of the receiver,
and the receiver will decrypt it using their private key (Lake, 2018). The private key and the
public key must match. Therefore, it is difficult for anyone eavesdropping to access the content
of the files. It is because they do not know the private key that matches the public key used to
(in scale
dollars) of 1-5)
phishing requires
strong they
passwords. comprehend
in a position
to employ
them.
systems systems.
Cables will
be needed in
connecting
them. Two
weeks are
CYBERSECURITY STRATEGY & PLAN OF ACTION 10
enough for
completion of
capital
requires in
purchasing
the systems
and paying
the workers is
about $
600,000
professionals), 0 professionals
in installing
the firewalls
effectively
take about 7
days. The
capital will be
enough for
buying the
CYBERSECURITY STRATEGY & PLAN OF ACTION 11
firewalls and
paying the
workers.
Service expensive
$500,000. 16
days will be
enough for
the
completion of
this task.
their data
files is quite
difficult and
hence the
need to have
CYBERSECURITY STRATEGY & PLAN OF ACTION 12
23 days of
training. They
will have a
qualified IT
professional
as the trainer.
Internet
Router
Switch
Wireless devices
Computer
MEMORANDUM
FROM:
regarding the mitigations of the identified risks. I identified different risks associated with the
transfer to files, hardware, and software from Island Banking Services to Padgett-Beale.
Therefore, I believe these recommendations will help secure the systems and data files.
The Cybersecurity Strategy and Plan of Action includes the gap analysis, which identifies
the risks. Legal and regulatory requirements analysis was included to demonstrate the procedures
that the company would use in eliminating or mitigating the risks. The risk registers contain
components such as risk category, the impact level of the risks, laws and regulations, the
mitigation strategies and the control strategy. The cybersecurity strategies are the recommended
actions to enhance the security of the systems and the data. I have provided the plan of action,
and the implementation timeline, which displays the resources requires in implementing the
identified cybersecurity strategies. Also, it contains the time range for the completion of the tasks
I would recommend that you, Merger & Acquisition Team, review the laws and
regulations related to the mitigation of the risks. For instance, the Federal Information Security
Management Act (FISMA) guides how companies can handle issues related to data breaches.
Other laws are such as the Computer Fraud and Abuse Act (CFAA), International Association of
Privacy Professionals (IAPP) and SIEM rules. Having enough knowledge on this will help in
identifying the actions that mitigate the risk and still adhere to the laws and regulations.
Merger & Acquisition Team need to plan on how you will access the IT professionals
who will help in implementing the cybersecurity strategies. Experienced and skilled individuals
are required to ensure that they provide the correct information to the employees during training.
CYBERSECURITY STRATEGY & PLAN OF ACTION 15
Also, the detection and authentication systems need to be installed expertly. It is a project that
requires people who are committed and ready to give your best. The Merger & Acquisition Team
Merger & Acquisition Team should inform the employees in advance about the changes
that are about to be implemented. The employees need to be aware so that they can be prepared
psychologically for the change. They will be significantly affected by the change, and therefore,
they are stakeholders that should be considered. People adapt to change differently, and this
explains the need to explain to them the benefits related to the change. Some of them may take
time to research on the systems that they were told to implement, and therefore, they will have an
The Merger & Acquisition Team should identify the individuals who should have access
Limiting the number of people accessing the files minimizes the risk of the files getting leaked or
being accessed by unauthorized people. The team is responsible for deciding on who should be
allowed to access the top-secret files. Another recommendation is that the Merger & Acquisition
Team should ensure that all the risks have been identified to enhance the effectiveness of the
Signature
Name
Student’s Name
CYBERSECURITY STRATEGY & PLAN OF ACTION 16
References
TechTarget. (2015, March). WIPS (wireless intrusion prevention system). Retrieved from
https://whatis.techtarget.com/definition/WIPS-wireless-intrusion-prevention-system
Josh Lake. (2018, December). What is RSA encryption and how does it work? Retrieved from
https://www.comparitech.com/blog/information-security/rsa-encryption/
https://kb.iu.edu/d/aoru