Running head: ISYS 333 COURSE PAPER

ISYS 333 Course Paper: MassMutual’s Organizational Security Plan

Kaitlin Paasch
ISYS 333
Regent University
December 16th, 2023

Introduction
ISYS 333 COURSE PAPER 1

Every day, companies across the globe deal with cyber threats from various threat actors

in numerous ways. These attacks can range from computer attacks to network attacks or even

physical attacks. One of these companies is Massachusetts Mutual Life Insurance Company,

commonly known by its nickname, MassMutual. MassMutual is a Fortune 500 financial

services company founded in 1851 by George Rice in Springfield, MA. The company has grown

from a small mutual to a Fortune 500 company with over 11,000 employees. MassMutual is one

of the top five life insurance companies in the United States; its main purpose is to “help people

secure their future and protect the ones they love” (Our History, 2023). However, MassMutual’s

immense success ultimately comes with a price: becoming a prime target for those with

malicious intent.

MassMutual works with extensive clientele to provide insurance, invest, and help people

prepare for retirement. The company handles a trove of sensitive information from its clients,

such as financial information, account numbers, or social security numbers. With the immense

amount of sensitive information collected and utilized by MassMutual every single day,

MassMutual must deploy a proper Organizational Security Plan (MassMutual, 2023).

Information security is simply “protecting information from harm” (Ciampa, 2022).

Information security is an ever-evolving imperative for MassMutual; the company aims to put

the safety and security of its clients and their respective data at the forefront of its priorities. This

paper delves into MassMutual’s approach to information security and explores the role of a

comprehensive organizational security plan in mitigating risks and ensuring the continued

safeguarding of its clients' future.

Threat Actors and Vulnerabilities

ISYS 333 COURSE PAPER 2

MassMutual, an enterprise mainly focused on finance, is an attractive target for threat

actors. Threat actors often aim to target businesses for various motives, such as financial gain,

gaining sensitive information, or even selling information to MassMutual’s competitors.

According to IBM, the term “threat actor is broad and relatively all-encompassing, extending to

any person or group that poses a threat to cybersecurity. Threat actors are often categorized into

different types based on their motivation and, to a lesser degree, their level of sophistication”

(IBM, 2023).

One category of threat actor that may be an adversary to MassMutual is called insiders.

Insiders include employees, contractors, or business partners (Ciampa, 2022). Employees,

contractors, and business partners may have access to certain sensitive information that may be

used for malicious purposes. Insiders are typically a significant threat to businesses because they

already have insider knowledge of the organization’s systems, processes, and data. In addition,

competitors, another kind of threat actor, may try to gain sensitive information from

MassMutual. Competitors typically are trying to gain a strategic advantage. When competitors

become threat actors, their main goal is to obtain sensitive data, business strategies, or even

financial insights. Brokers are also potential threat actors towards MassMutual since they “sell

their knowledge of a weakness to other attackers or governments” (Ciampa, 2022). Brokers are

typically intermediaries in financial transactions within MassMutual. It is known that malicious

brokers typically exploit their knowledge for personal gain.

Threat actors may attack MassMutual for numerous reasons depending on their goal.

Threat actors will exploit any vulnerabilities within MassMutual’s system and carry out attacks

that serve their intended purpose. A vulnerability is “the state of being exposed to the possibility

of being attacked or harmed” (Ciampa, 2022). Devices within MassMutual’s network must be
ISYS 333 COURSE PAPER 3

properly configured to avoid vulnerabilities and deter access from threat actors. Computers,

smartphones, or any other electronic device or service MassMutual uses must have proper

encryption, protocols, and overall configuration. In addition, these devices must be properly

updated if there are any discovered vulnerabilities (Ciampa, 2022).

MassMutual utilizes a third-party platform called Advisor360. Advisor360 connects

advisors, clients, and the home office into one portal. This dynamic platform empowers clients

and advisors with a wealth of information; it also helps guide advisors to deliver customized and

cutting-edge financial solutions to their clients (Advisor360, 2023). With third-party platforms,

there is the potential for security vulnerabilities. For example, if there are any weak links with a

third-party vendor, there is potential for threat actors to gain access to MassMutual’s network

and information. In addition, system integration, also known as “connectivity between the

systems of an organization and its third parties,” must be done appropriately to mitigate any

security risks (Ciampa, 2022).

Threat actors utilize attack vectors, also known as “a pathway or avenue used by a threat

actor to penetrate a system,” to break into an organization, such as MassMutual’s system

(Ciampa, 2022). The main attack vector used is email. Since email is typically a professional

way of communication for businesses, it is easy for an unsuspecting employee to mistake an

email containing malware for a real business email. Just by clicking a link, malware can be easily

spread. Threat actors can also use social media to target organizations through social engineering

attacks. For example, if a threat actor sees an employee on vacation, the actor can pretend to be a

frantic employee trying to gain access for an emergency.

As a result of threat actors’ attacks, there can be numerous negative implications for a

large organization, such as MassMutual. If a major security breach were to occur, MassMutual’s
ISYS 333 COURSE PAPER 4

reputation as a Fortune 500 company would be severely damaged. The fallout from a security

breach could extend beyond immediate financial and operational repercussions. Trust among

clients and stakeholders is another crucial concern due to the breach; this breach could ultimately

compromise the sensitive and confidential personal information of thousands of clients. The

potential fallout could result in legal consequences, financial losses, and the need for extreme

remediation efforts (Ciampa, 2023).

Malware and Effects

Malware, also known as malicious software, can “enter a computer system without the

user’s knowledge or consent and then perform an unwanted and harmful action” (Ciampa, 2022).

Many different kinds of malware can ultimately impact MassMutual and be an evolving threat to

the company's digital infrastructure. By having malware on any device within MassMutual’s

network, the company opens itself to a spectrum of threats. Different types of malware can

imprison information or access a device, launch attacks on a device and other devices, snoop and

spy on users, deceive users, and evade detection. In order for MassMutual to protect itself from

malware, the company must install antivirus software. For this antivirus program to work

effectively, it must be continuously updated to protect assets from constantly evolving malware

threats. In addition, the company should take time to educate staff about the importance of

recognizing malicious software and what to do if it is encountered (Ciampa, 2022).

Application Attacks and Threat Actors

Application attacks “specifically target software applications that are already installed

and running on a device” (Ciampa, 2022). When application attacks target the software, they are

specifically looking for vulnerabilities where they can infiltrate and ultimately manipulate the
ISYS 333 COURSE PAPER 5

software. Application attacks include cross-site scripting, injections, request forgery, and replay.

Cross-site scripting is “An attack that takes advantage of a website that accepts user input

without validating it” (Ciampa, 2022). Injections are “Attacks that introduce new input to exploit

a vulnerability” (Ciampa, 2022). While request forgery is “An attack that takes advantage of an

authentication “token” that a website sends to a user’s web browser to imitate the identity and

privileges of the victim” (Ciampa, 2022). Finally, the last kind of application attack is replay,

which is “An attack that copies data and then uses it for an attack” (Ciampa, 2022). In order for

MassMutual to protect itself from these kinds of attacks, there must be consistent coding reviews

for software, such as Advisor360, in order to mitigate these kinds of attacks. In addition, proper

firewall protocols should be implemented as well, which creates a barrier for potential

application-based intrusions.

Securing Endpoints

Another crucial task to protect MassMutual and its assets is to secure endpoints. Securing

endpoints typically involves three main tasks, which include, “confirming that the computer has

started securely, protecting the computer from attacks, and then hardening it for even greater

protection” (Ciampa, 2022). In order for endpoints to be properly protected against threat actors,

MassMutual should implement an EDR, also known as endpoint detection and response, which

is “a robust tool that monitors endpoint events and take immediate action” (Ciampa, 2022). EDR

tools can take data from multiple devices to a centralized device to paint a picture of numerous

endpoints instead of one endpoint. This picture can help analysts determine if an attack is

widespread or infiltrates just one endpoint. In addition, EDR tools have a more sophisticated

analytics system that can identify unusual patterns and behavior within data. This system can
ISYS 333 COURSE PAPER 6

help protect MassMutual and its assets by detecting unusual behavior and preventing widespread

attacks before they occur.

Securing Mobile Devices

MassMutual utilizes numerous devices for a variety of purposes. Typically, employees

are consistently using their cell phones for phone calls, emails, and checking online portals. In

addition, employees also use tablets and wearable devices, like smartwatches. Mobile devices

can present significant and unique threats for MassMutual, if the devices are not properly

secured. The main threats to mobile devices are physical security, lack of updates, connection

vulnerabilities, and access to untrusted content. Physical security, such as theft or loss, may

allow threat actors to access corporate information. In addition, a lack of updates may leave

vulnerabilities that threat actors can utilize to gain access to MassMutual’s network. Mobile

devices may also connect to unknown networks or inadvertently access unknown content that

threat actors can utilize to infiltrate MassMutual’s systems. In order to mitigate these threats,

MassMutual should implement strong authentication procedures, such as dual authentication and

consistent password updates. MassMutual should also ensure that all devices being used are

properly encrypted and have necessary security features enabled, like the last known location or

remote lockout (Ciampa, 2022). By implementing these features, mobile devices will be less

likely to be used to infiltrate MassMutual’s systems.

Cryptography and Benefits

According to Ciampa, cryptography is, “The practice of transforming information so that

it is secure and cannot be understood by unauthorized persons” (Ciampa, 2022). Cryptographic

techniques allow for sensitive information, such as financial information, to be adequately

ISYS 333 COURSE PAPER 7

protected. Utilizing cryptography maintains the confidentiality, integrity, and authentication of

information. There are three different types of encryption algorithms which include hashing,

symmetric encryption, and asymmetric encryption. These different types of encryption can aid

MassMutual and protect data in various ways.

The first type of encryption is hashing; hashing is, “an algorithm that creates a unique

digital fingerprint” (Ciampa, 2022). Hashing can help MassMutual maintain the integrity of data,

since if information is changed, it will result in a different hash. The second kind of encryption is

symmetric encryption; symmetric encryption is defined as, “encryption that uses a single key to

encrypt and decrypt a message” (Ciampa, 2022). MassMutual can utilize symmetric encryption

to secure the transmission of sensitive data within its network. Finally, the third type of

encryption is asymmetric encryption; asymmetric encryption is defined as, “cryptography that

uses two mathematically related keys” (Ciampa, 2022). Asymmetric encryption can be used by

MassMutual for secure communication, key exchange, and digital signatures. Each encryption

method can help encrypt private and sensitive information held by MassMutual, secure

communications between employees and clients, and protect data from being accessed by

unauthorized people.

However, even though cryptography can help keep information secure, it does not

guarantee the safety and confidentiality of the information. There are different types of attacks

that can reveal the encrypted information. One type of attack is called a known ciphertext attack.

In this type of attack, threat actors utilize sophisticated tools to analyze ciphertext in hopes of

discovering a pattern to reveal a key or even plaintext. MassMutual can protect itself from

ciphertext attacks by employing robust encryption algorithms, which make it more difficult for

threat actors to find the patterns necessary for decryption. In addition, there is another kind of
ISYS 333 COURSE PAPER 8

cryptographic attack. This attack is called a downgrade attack which is, “an attack in which the

system is forced to abandon the current higher security mode of operation and “fall back” to

implementing an older and less secure mode” (Ciampa, 2022). MassMutual can help thwart

downgrade attacks by keeping systems up to date and employing robust encryption algorithms.

Networking-Based Attacks

MassMutual faces a dangerous digital landscape, especially in the world of networks.

However, the organization will remain steadfast in fortifying its network and preventing attacks.

The first kind of attack is called an interception attack, designed to intercept network

communications. Three of the most common interception attacks are MITM attacks, session

replay, and man-in-the-browser attacks. MITM attacks allow attackers to gain access to data

entered by the victim by first intercepting network traffic and then sending a way to trick the

victim into authenticating. MITM attacks can lead threat actors to sensitive information, such as

confidential communications and information. In addition, a session replay attack is similar to a

man-in-the-middle attack. Session replay is, “An attack in which an attacker attempts to

impersonate the user by using the user’s session token” (Ciampa, 2022). Session replay could

allow threat actors to access user sessions, where the actor could manipulate or extract sensitive

information. The third kind of interception attack is MITB, also known as a Man-in-the-Browser

attack, which is “an attack that intercepts communication between a browser and the underlying

computer” (Ciampa, 2022). If attackers were to gain access through a MITB attack, the threat

actor could ultimately use this information to commit identity theft, financial fraud, or sell

personal information.

Layer 2 attacks are also a network attack. Layer 2 is often a target for threat actors. These

attacks include address resolution protocol poisoning, media access control attacks, MAC
ISYS 333 COURSE PAPER 9

cloning, and MAC flooding attacks. Address resolution protocol poisoning is an attack that

corrupts the ARP cache. Media access control attacks often compromise the integrity of network

switches (Higgins, 2023). MAC cloning is “An attack that spoofs a MAC address on a device so

that the switch changes its MAC address table to reflect the new association of that MAC address

with the port to which the attacker’s device is connected” (Ciampa, 2022). MAC flooding is an

attack in which the switch's memory is flooded with spoofed packets, and then it begins to

function like a network hub and broadcast frames to all ports (Ciampa, 2022). Layer 2 attacks

can ultimately compromise the integrity of MassMutual’s network infrastructure. These attacks

can disrupt normal operations, leading to potential downtime. It can also hinder communication

between devices, impacting the efficiency and reliability of all services provided by MassMutual.

DNS attacks are also threats to MassMutual; these attacks include DNS poisoning and

DNS hijacking. DNS poisoning is, “An attack that substitutes DNS addresses in a local lookup

table so that the computer is automatically redirected to an attacker’s device” (Ciampa, 2022).

While DNS hijacking is, “An attack that infects an external DNS server with IP addresses

pointing to malicious sites” (Ciampa, 2022). These types of attacks are potential phishing

attempts or the dissemination of malware. Both clients and employees may interact with these

attacks, ultimately leading to the compromise of their sensitive information.

There are also other types of threats called DOS attacks. These attacks send “bogus

requests” to a system and bombard them. However, in today’s age, Distributed Denial of Service

attacks are more popular since they utilize more computers and can further attack a system

(Ciampa, 2022). The aim of Distributed Denial of Service attacks, also known as DDOS attacks,

is to overwhelm MassMutual’s network infrastructure and cause service disruption. These

attacks can lead to downtime or even financial loss.

ISYS 333 COURSE PAPER
10
Physical Security Controls

Threat actors are not always fully online; sometimes, these actors will attempt malicious

acts on a physical location. MassMutual can take proper steps to protect the company’s physical

locations and its assets. MassMutual can establish external perimeter defense and internal

physical security control (Ciampa, 2022).

The first type of security is external perimeter security. This kind of security is often

overlooked, but it is crucial in the defense of a company and its assets. Ciampa puts it perfectly,

“preventing a threat actor from physically accessing the network is as important as preventing

the attacker from accessing it remotely” (Ciampa, 2022). MassMutual can utilize this kind of

security to protect any data, such as files, or their physical assets, such as computers, within their

office buildings. This kind of security can include industrial camouflage, which makes a building

nondescript and attempts not to attract any attention. In addition, physical barriers, such as

proper fencing, signage, and lighting, are great ways to deter any physical threats. MassMutual

should also hire security professionals to patrol and monitor who comes into the building, as

well. Alongside security professionals, a receptionist should be hired and utilize a visitor log to

record who comes in and out of the building. Cameras with motion detectors are also valuable to

record anyone entering the building. By utilizing these protocols, MassMutual can protect assets

within their office buildings.

Internal physical security is a crucial component of physical security, as well. This kind

of security includes having locks, securing areas, and fire suppression. Locks could deter a

physical threat actor if they pass external perimeter security. In addition, MassMutual can utilize

the idea of a DMZ to further protect sensitive areas by having a security guard open door one to

the secure area and then having the person verify their credentials before door two, where they
ISYS 333 COURSE PAPER
11
gain access to a secure area. Fire can also be seen as a threat to an office building, so utilizing

fire suppression can protect MassMutual and its office. By implementing these internal physical

controls, MassMutual further prevents threat actors from gaining physical access to sensitive

information or assets within their physical locations (Ciampa, 2022).

Security Appliances and Technologies

Network security is crucial for businesses, regardless of size or reliance on technology.

MassMutual utilizes networks to keep the business running smoothly. Networks serve as the

backbone for business operations for MassMutual, allowing for information exchange and

communication. In the contemporary business landscape, utilizing networks is vital to stay

connected as a company. All modern networks utilize typical networking devices, such as routers

or switches. Typically, networking devices come with their own set of security features;

however, MassMutual must utilize both security features on their networking devices and

implement security appliances for a layered security approach. Some examples of security

appliances include firewalls, proxy servers, deception instruments, intrusion detection and

prevention systems, and network hardware security modules (Ciampa, 2022).

Firewalls are the most commonly heard of security appliance. Firewalls are used as either

hardware or software whose purpose is to stop malware from spreading. Firewalls utilize a

bidirectional approach to inspect both incoming and outgoing packets. Upon inspection, firewalls

have directions to follow when there is a suspicious packet; these actions are typically based on a

set of rules or protocols. MassMutual’s firewall rules encompass various different parameters

such as source addresses, destination addresses, source ports, destination ports, protocols, traffic

direction, and times. With these rules, MassMutual’s firewalls can take specific action to

approach a situation properly. The firewalls can allow, deny, bypass, or log traffic based on
ISYS 333 COURSE PAPER
12
predetermined conditions. MassMutual also can utilize specialized firewall appliances to

enhance the company’s defense capabilities. Web application firewalls, network address

translation gateways, next-generation firewalls, and unified threat management provide advanced

features such as application-based filtering, deep packet inspection, URL filtering, and intrusion

protection (Ciampa, 2022). By utilizing these specialized firewall appliances, MassMutual can

fortify its network security against a myriad of threats while also maintaining the confidentiality

and integrity of the company’s data.

In addition to firewalls, using proxy servers and deception techniques will enhance

MassMutual’s overall defense strategy and security. Proxies act as a substitute on behalf of a

primary device. Proxies can ultimately look for malware before it reaches the endpoint or hide

the IP addresses of endpoints so that only the proxy’s IP is shown on the internet. Utilizing these

servers can help thwart threats before reaching the primary device. Similarly, deception

techniques can also be used to stop threats before they reach a device. However, these techniques

work differently; they divert threat actors away from critical assets. Honeypots and honeynets

distract attackers and allow MassMutual to learn more about their techniques. In addition, DNS

sinkholes redirect unwanted traffic away from its true destination. Sinkholes allow MassMutual

to identify and neutralize threats efficiently (Ciampa, 2022).

Other devices, called intrusion detection and prevention systems, play a critical role in

MassMutual’s network security. IDS and IPS can identify and block malicious activities. By

effectively configuring all of the network appliances, adhering to minimum baseline protocols,

and configuring with minimum security fundamentals, MassMutual will collectively strengthen

its network security against evolving threats in the digital landscape (Ciampa, 2022).

Cloud Computing and Proper Network Protocols

ISYS 333 COURSE PAPER
13
Companies typically utilize cloud computing for easy access to computing resources;

cloud computing is, “An on-demand infrastructure to a shared pool of configurable computing

resources that can be rapidly provisioned and released” (Ciampa, 2022). MassMutual utilizes

cloud computing services rather than the traditional on-premise models with a large upfront cost.

MassMutual can benefit from the flexibility and scalability of cloud computing; however, with

these benefits come risks. Securing cloud computing is essential to protect data; cloud computing

faces several risks. These risks include unauthorized access to sensitive data, lack of visibility of

security protocols, insecure application program interfaces, compliance regulations, and system

vulnerabilities. In order to secure these risks, MassMutual must conduct thorough audits of its

cloud services, ensuring that the service adheres to established standards and identifies any

potential vulnerabilities. MassMutual should also utilize Cloud Access Security Brokers, also

known as CASB, to help enforce security policies and extend data protection measures. In

addition, employing Data Loss Prevention, also known as DLP, can help safeguard against data

breaches and enforce security policies within the cloud. By adhering to professional standards,

MassMutual can safeguard its data and protect the company’s cloud infrastructure (Ciampa,

2022).

Since MassMutual employs cloud computing for the company, it is imperative to use

secure network protocols to protect the company’s data. These network protocols include Simple

Network Management Protocol, Domain Name System Security Extensions, File Transfer

Protocol, and secure email protocols. Each of these protocols is crucial in ensuring secure

communication within the organization’s cloud infrastructure.

The first protocol is the Simple Network Management Protocol, known as SNMP; this

protocol helps facilitate the remote monitoring and managing of network equipment. This
ISYS 333 COURSE PAPER
14
protocol helps guarantee the confidentiality and integrity of sensitive information. In addition,

the Domain Name Security System Extension, DNSSE, is a helpful tool to thwart DNS attacks.

This protocol helps to fortify the reliability of MassMutual’s domain name resolution. The File

Transfer Protocol, FTP, is another protocol; however, due to its unencrypted nature, MassMutual

should look into FTP Secure or Secure FTP. Since MassMutual often shares files within a

network, SFTP or FTPS, will ensure that files are encrypted and the confidentiality of

transmitted data. Finally, MassMutual should utilize secure email protocols. Since emails are

typically the main form of communication for businesses, it’s crucial that secure email protocols,

such as SMTP, POP3, and IMAP, are implemented. SMTP and POP3 should be configured

securely. IMAP can also be used for secure, remote email storage. Among these three protocols,

a mail gateway should be used to secure sensitive information in outbound mail. In addition, a

mail gateway can block potentially malicious inbound mail, as well. Through each of these

protocols, communication can be properly secured for MassMutual (Ciampa, 2022).

Wireless Attacks and Security

Wireless attacks can also be directed toward wireless data systems, such as Bluetooth

systems, nearfield communication devices, and wireless local area networks. Bluetooth is a

personal area network that allows for data communication over a short distance for a wide range

of technology. For example, numerous printers, keyboards, headphones, mouses, and various

other technologies used within a MassMutual office have Bluetooth capabilities. Bluesnarfing is

the main concern with Bluetooth-capable devices; bluesnarfing is, “An attack that accesses

unauthorized information from a wireless device through a Bluetooth connection” (Ciampa,

2022). This could mean that anyone who connects to a device via Bluetooth within

MassMutual’s network, may be able to access unauthorized and sensitive information.

ISYS 333 COURSE PAPER
15
Another concern with wireless attacks is NFC, also known as near field communication.

NFC can be used to establish communication between two nearby devices in close proximity.

For example, within the MassMutual office, NFC may be used as a way to gain access into the

building, clock in, or enter an authorized area. Threat actors may utilize various vulnerabilities,

such as eavesdropping or data theft, to gain information through NFC. Eavesdropping allows for

a threat actor to pick up an NFC signal, intercept it, and ultimately view the information. Data

theft can be an attacker bumping a portable reader into the victim’s smartphone, ultimately

capturing information stored within the phone. MassMutual employees must be aware of the

dangers of wireless attacks and be careful about what sensitive information they keep on their

smart devices or how they utilize their Bluetooth connections.

Wifi, also known as wireless local area networks or WLAN, supplements a local area

network. Wifi is commonly used for tablets, laptops, and smartphones; MassMutual provides

wifi for their customers and employees to utilize on these devices. However, with the ease of

wifi, comes numerous vulnerabilities and potential for attacks. WLANs bring about blurred

edges with multiple entry points and signals that extend beyond the physical boundaries. This

challenges what’s known as the traditional hard network edge. Rogue access points and evil

twins create unauthorized access points that allow attackers to bypass network security

configurations and potentially gain access to MassMutual's sensitive data. Intercepting any

wireless data is a cause for concern. Open or misconfigured access points allow for attackers to

eavesdrop on potentially sensitive transmissions. Remote employees for MassMutual also face

risk, as home WLANs are attractive targets for threat actors, as typically, home networks have

inadequate security configurations. Any attack against a WLAN could result in stolen data,

stolen wireless transmissions, malware, or harmful content. In order to protect from WLAN’s
ISYS 333 COURSE PAPER
16
vulnerabilities, new security measures have been developed and should be implemented by

MassMutual. One of these security measures is WPA2; WPA2 is, “the second generation of

WPA security from the Wi-Fi Alliance that addresses authentication and encryption on WLANs

and is currently the most secure model for Wi-Fi security” (Ciampa, 2022). There are two

versions of WPA2, one for personal use and the other for larger enterprise networks.

MassMutual should work with WPA2 Enterprise to encrypt and authenticate on WLANs

(Ciampa, 2022).

Authentication

Authentication is crucial when attempting to access sensitive information; it allows the

user to prove that it is truly them and not someone pretending to be the user. Authentication

comes in many forms; these include something you are, know, have, or can do. Something you

know can be a password or a security question. Something you have can be a physical ID card or

your smartphone. Something you exhibit can be a physical feature, like your thumbprint, eyes, or

face. Something you can do can be a signature. MassMutual should implement authentication

protocols to verify users trying to access sensitive data. In addition, proper protocols for

authentication should be added as well. For example, each password used should salt to make it

more secure. In addition, a user should have to authenticate multiple times to access information

(Sangfor Technologies, 2023).

Incident Preparation, Response, and Investigation

Incidents happen in any sector of work, especially in cybersecurity. Two reasons why

incidents in the cybersecurity sector are poor access control and weak account types. Threat

actors often seek user accounts with weak security and elevated privileges; this emphasizes the
ISYS 333 COURSE PAPER
17
importance of authentication, robust security protocols, and regular security reviews to ensure

that user accounts are properly protected from being a weak account type. In addition, poor

access control can cause a myriad of issues as well. Access control is where a user is either

allowed or denied access to use a specific resource. Poor access control can lead to unauthorized

access to sensitive information, data breaches, a loss of confidentiality, data tampering or loss,

and increased vulnerability (Bender, 2023). Roles are a crucial aspect of access control; having

specific roles with specific actions helps to allocate responsibilities in a proper way to manage

sensitive information. To mitigate poor access control, MassMutual should utilize the most “real

world” access scheme, which is the Role-Based Access Control, also known as RBAC. Within

the RBAC, certain permissions are assigned to roles and then subsequently users are assigned

roles. RBAC is easy to manage, maintain, and typically eliminates human error, making it the

best choice for MassMutual’s access control (Ciampa, 2022).

To protect against any incident that may occur, MassMutual should implement a

comprehensive incident response plan. This plan outlines what to do if an incident occurs from

the beginning to the end; it outlines initial preparation, identification, containment, eradication,

recovery, and the learning stage. In addition, this plan includes incident definitions, specialized

response teams, reporting and escalation measures, retention policies, and strict communication

plans. In order to ensure the effectiveness of the incident response plan, MassMutual will

perform exercises such as tabletop discussions, walkthroughs, and simulations with the proper

team members to ensure a flawless execution of the plan. Finally, to bolster the plan even more,

MassMutual should study current and previous attack methods utilizing common attack

frameworks to learn and better prepare for any cybersecurity incident (Ciampa, 2022).

Business Continuity and Security Policies

ISYS 333 COURSE PAPER
18
In the event of any disaster, it is crucial to have a plan in place to keep a business

operating, especially with a large company like MassMutual. MassMutual should implement a

Business Continuity Plan that details how to continue to operate the business after a disaster.

This plan will address critical business functions, crisis management, and IT asset recovery.

While emphasizing the importance of flexibility, MassMutual’s plan incorporates on-premise

and cloud environments. In addition, MassMutual will also formulate a Business Impact

Analysis that identifies essential business functions and points of failure. A Disaster Recovery

Plan is also needed to focus on efficient IT restoration. These three measures ultimately complete

MassMutual’s commitment to business continuity and operational resilience (Ciampa, 2022).

In addition to business continuity, MassMutual should include several policies within a

security plan. Prioritizing Account Management Policies, MassMutual ensures precise control

over user access. In addition, MassMutual should employ Group Policy and Cloud App Security

for enforcement. Implementing an organizational policy can also assist with defining formal

processes for modifications and governance. Coupled with Data Governance and Retention

policies, ultimately showcases MassMutual’s commitment to a comprehensive cybersecurity

framework (Ciampa, 2022).

Risk Management

Risk management is a vital component of protecting assets in a company, such as

MassMutual. Each asset, such as a client information database or the IT hardware, is a critical

component in operating MassMutual. MassMutual must employ a strategic approach to assess

the value of every asset and ensure that it is protected. This is done through risk management.

Navigating the abundance of risks in the world is tricky, and MassMutual must implement a risk

management plan to mitigate vulnerabilities and reduce potential consequences. This is done
ISYS 333 COURSE PAPER
19
through developing a risk management strategy, implementing controls, addressing third-party

risks, and providing user training. Transference is the most useful risk management strategy for

MassMutual, since the company can buy cybersecurity insurance to offset potential losses.

Adding controls for MassMutual is also important; the categories within controls are managerial,

operational, and technical. These controls include deterrent controls, preventative measures, and

detective controls (Ciampa, 2022).

Third-party risk management is also needed for MassMutual, as it recognizes the

potential issues with third-party partnerships. By utilizing interoperability agreements,

MassMutual and their respective third-party associates can delegate responsibilities and ensure

compliance with MassMutual’s data policies. This is a crucial step to avoid security

vulnerabilities MassMutual takes when dealing with third-parties. Finally, user training is

another crucial part of risk management. Training employees on recognizing risk is vital. Human

error is one of the most common problems that leads to risk. By implementing various

approaches to learning, employees of MassMutual will be better equipped to navigate the digital

landscape, ultimately mitigating risk (Ciampa, 2022).

Conclusion

In conclusion, MassMutual faces an array of threats in the digital world. As a Fortune

500 company working with extensive clientele all over the United States, deploying a proper

organizational security plan is crucial to mitigate risk, ensure business continuity, protect clients’

data, and uphold the trust of thousands of clients. This security paper outlined all facets of

security pertaining to MassMutual’s needs as an organization, ranging from cryptography to

wireless security measures. In addition, additional focus was placed on the necessity for access
ISYS 333 COURSE PAPER
20
management, cloud security protocols, and overall risk management planning. With these robust

security practices, updated systems, and employee training programs, MassMutual can stay

ahead of an evolving and dynamic digital landscape and provide clients with cutting-edge

protection against threats in the modern day.

References

Advisor360. (2023). Our Wealth Management Platform.

https://www.advisor360.com/platform-overview

Bender, J. (2023). Poor Access Management Can Lead to Data Breaches. Business News Daily.

https://www.businessnewsdaily.com/11310-cyberattacks-poor-access-

management.html
ISYS 333 COURSE PAPER
21
Ciampa, M. (2022). CompTIA Security+ Guide to Network Security Fundamentals (7th ed.).

Cengage.

Higgins, M. (2023). MAC flooding attack: Prevention and protection. NordVPN.

https://nordvpn.com/blog/mac-flooding/

IBM. (2023). What is a threat actor? https://www.ibm.com/topics/threat-actor

MassMutual. (2023). Protecting Your Information.

https://www.massmutual.com/protecting-your-information

Our History. MassMutual. (2023). https://www.massmutual.com/about-us/our-history

Sangfor Technologies. (2023). The Basics of Authentication in Cyber Security. Sangfor.

https://www.sangfor.com/blog/cybersecurity/basics-authentication-cyber-security