Professional Documents
Culture Documents
Isys 333 Course Paper
Isys 333 Course Paper
Introduction
ISYS 333 COURSE PAPER 1
Every day, companies across the globe deal with cyber threats from various threat actors
in numerous ways. These attacks can range from computer attacks to network attacks or even
physical attacks. One of these companies is Massachusetts Mutual Life Insurance Company,
services company founded in 1851 by George Rice in Springfield, MA. The company has grown
from a small mutual to a Fortune 500 company with over 11,000 employees. MassMutual is one
of the top five life insurance companies in the United States; its main purpose is to “help people
secure their future and protect the ones they love” (Our History, 2023). However, MassMutual’s
immense success ultimately comes with a price: becoming a prime target for those with
malicious intent.
MassMutual works with extensive clientele to provide insurance, invest, and help people
prepare for retirement. The company handles a trove of sensitive information from its clients,
such as financial information, account numbers, or social security numbers. With the immense
amount of sensitive information collected and utilized by MassMutual every single day,
Information security is an ever-evolving imperative for MassMutual; the company aims to put
the safety and security of its clients and their respective data at the forefront of its priorities. This
paper delves into MassMutual’s approach to information security and explores the role of a
comprehensive organizational security plan in mitigating risks and ensuring the continued
actors. Threat actors often aim to target businesses for various motives, such as financial gain,
According to IBM, the term “threat actor is broad and relatively all-encompassing, extending to
any person or group that poses a threat to cybersecurity. Threat actors are often categorized into
different types based on their motivation and, to a lesser degree, their level of sophistication”
(IBM, 2023).
One category of threat actor that may be an adversary to MassMutual is called insiders.
contractors, and business partners may have access to certain sensitive information that may be
used for malicious purposes. Insiders are typically a significant threat to businesses because they
already have insider knowledge of the organization’s systems, processes, and data. In addition,
competitors, another kind of threat actor, may try to gain sensitive information from
MassMutual. Competitors typically are trying to gain a strategic advantage. When competitors
become threat actors, their main goal is to obtain sensitive data, business strategies, or even
financial insights. Brokers are also potential threat actors towards MassMutual since they “sell
their knowledge of a weakness to other attackers or governments” (Ciampa, 2022). Brokers are
Threat actors may attack MassMutual for numerous reasons depending on their goal.
Threat actors will exploit any vulnerabilities within MassMutual’s system and carry out attacks
that serve their intended purpose. A vulnerability is “the state of being exposed to the possibility
of being attacked or harmed” (Ciampa, 2022). Devices within MassMutual’s network must be
ISYS 333 COURSE PAPER 3
properly configured to avoid vulnerabilities and deter access from threat actors. Computers,
smartphones, or any other electronic device or service MassMutual uses must have proper
encryption, protocols, and overall configuration. In addition, these devices must be properly
advisors, clients, and the home office into one portal. This dynamic platform empowers clients
and advisors with a wealth of information; it also helps guide advisors to deliver customized and
cutting-edge financial solutions to their clients (Advisor360, 2023). With third-party platforms,
there is the potential for security vulnerabilities. For example, if there are any weak links with a
third-party vendor, there is potential for threat actors to gain access to MassMutual’s network
and information. In addition, system integration, also known as “connectivity between the
systems of an organization and its third parties,” must be done appropriately to mitigate any
Threat actors utilize attack vectors, also known as “a pathway or avenue used by a threat
(Ciampa, 2022). The main attack vector used is email. Since email is typically a professional
email containing malware for a real business email. Just by clicking a link, malware can be easily
spread. Threat actors can also use social media to target organizations through social engineering
attacks. For example, if a threat actor sees an employee on vacation, the actor can pretend to be a
As a result of threat actors’ attacks, there can be numerous negative implications for a
large organization, such as MassMutual. If a major security breach were to occur, MassMutual’s
ISYS 333 COURSE PAPER 4
reputation as a Fortune 500 company would be severely damaged. The fallout from a security
breach could extend beyond immediate financial and operational repercussions. Trust among
clients and stakeholders is another crucial concern due to the breach; this breach could ultimately
compromise the sensitive and confidential personal information of thousands of clients. The
potential fallout could result in legal consequences, financial losses, and the need for extreme
Malware, also known as malicious software, can “enter a computer system without the
user’s knowledge or consent and then perform an unwanted and harmful action” (Ciampa, 2022).
Many different kinds of malware can ultimately impact MassMutual and be an evolving threat to
the company's digital infrastructure. By having malware on any device within MassMutual’s
network, the company opens itself to a spectrum of threats. Different types of malware can
imprison information or access a device, launch attacks on a device and other devices, snoop and
spy on users, deceive users, and evade detection. In order for MassMutual to protect itself from
malware, the company must install antivirus software. For this antivirus program to work
effectively, it must be continuously updated to protect assets from constantly evolving malware
threats. In addition, the company should take time to educate staff about the importance of
Application attacks “specifically target software applications that are already installed
and running on a device” (Ciampa, 2022). When application attacks target the software, they are
specifically looking for vulnerabilities where they can infiltrate and ultimately manipulate the
ISYS 333 COURSE PAPER 5
software. Application attacks include cross-site scripting, injections, request forgery, and replay.
Cross-site scripting is “An attack that takes advantage of a website that accepts user input
without validating it” (Ciampa, 2022). Injections are “Attacks that introduce new input to exploit
a vulnerability” (Ciampa, 2022). While request forgery is “An attack that takes advantage of an
authentication “token” that a website sends to a user’s web browser to imitate the identity and
privileges of the victim” (Ciampa, 2022). Finally, the last kind of application attack is replay,
which is “An attack that copies data and then uses it for an attack” (Ciampa, 2022). In order for
MassMutual to protect itself from these kinds of attacks, there must be consistent coding reviews
for software, such as Advisor360, in order to mitigate these kinds of attacks. In addition, proper
firewall protocols should be implemented as well, which creates a barrier for potential
application-based intrusions.
Securing Endpoints
Another crucial task to protect MassMutual and its assets is to secure endpoints. Securing
endpoints typically involves three main tasks, which include, “confirming that the computer has
started securely, protecting the computer from attacks, and then hardening it for even greater
protection” (Ciampa, 2022). In order for endpoints to be properly protected against threat actors,
MassMutual should implement an EDR, also known as endpoint detection and response, which
is “a robust tool that monitors endpoint events and take immediate action” (Ciampa, 2022). EDR
tools can take data from multiple devices to a centralized device to paint a picture of numerous
endpoints instead of one endpoint. This picture can help analysts determine if an attack is
widespread or infiltrates just one endpoint. In addition, EDR tools have a more sophisticated
analytics system that can identify unusual patterns and behavior within data. This system can
ISYS 333 COURSE PAPER 6
help protect MassMutual and its assets by detecting unusual behavior and preventing widespread
are consistently using their cell phones for phone calls, emails, and checking online portals. In
addition, employees also use tablets and wearable devices, like smartwatches. Mobile devices
can present significant and unique threats for MassMutual, if the devices are not properly
secured. The main threats to mobile devices are physical security, lack of updates, connection
vulnerabilities, and access to untrusted content. Physical security, such as theft or loss, may
allow threat actors to access corporate information. In addition, a lack of updates may leave
vulnerabilities that threat actors can utilize to gain access to MassMutual’s network. Mobile
devices may also connect to unknown networks or inadvertently access unknown content that
threat actors can utilize to infiltrate MassMutual’s systems. In order to mitigate these threats,
MassMutual should implement strong authentication procedures, such as dual authentication and
consistent password updates. MassMutual should also ensure that all devices being used are
properly encrypted and have necessary security features enabled, like the last known location or
remote lockout (Ciampa, 2022). By implementing these features, mobile devices will be less
information. There are three different types of encryption algorithms which include hashing,
symmetric encryption, and asymmetric encryption. These different types of encryption can aid
The first type of encryption is hashing; hashing is, “an algorithm that creates a unique
digital fingerprint” (Ciampa, 2022). Hashing can help MassMutual maintain the integrity of data,
since if information is changed, it will result in a different hash. The second kind of encryption is
symmetric encryption; symmetric encryption is defined as, “encryption that uses a single key to
encrypt and decrypt a message” (Ciampa, 2022). MassMutual can utilize symmetric encryption
to secure the transmission of sensitive data within its network. Finally, the third type of
uses two mathematically related keys” (Ciampa, 2022). Asymmetric encryption can be used by
MassMutual for secure communication, key exchange, and digital signatures. Each encryption
method can help encrypt private and sensitive information held by MassMutual, secure
communications between employees and clients, and protect data from being accessed by
unauthorized people.
However, even though cryptography can help keep information secure, it does not
guarantee the safety and confidentiality of the information. There are different types of attacks
that can reveal the encrypted information. One type of attack is called a known ciphertext attack.
In this type of attack, threat actors utilize sophisticated tools to analyze ciphertext in hopes of
discovering a pattern to reveal a key or even plaintext. MassMutual can protect itself from
ciphertext attacks by employing robust encryption algorithms, which make it more difficult for
threat actors to find the patterns necessary for decryption. In addition, there is another kind of
ISYS 333 COURSE PAPER 8
cryptographic attack. This attack is called a downgrade attack which is, “an attack in which the
system is forced to abandon the current higher security mode of operation and “fall back” to
implementing an older and less secure mode” (Ciampa, 2022). MassMutual can help thwart
downgrade attacks by keeping systems up to date and employing robust encryption algorithms.
Networking-Based Attacks
However, the organization will remain steadfast in fortifying its network and preventing attacks.
The first kind of attack is called an interception attack, designed to intercept network
communications. Three of the most common interception attacks are MITM attacks, session
replay, and man-in-the-browser attacks. MITM attacks allow attackers to gain access to data
entered by the victim by first intercepting network traffic and then sending a way to trick the
victim into authenticating. MITM attacks can lead threat actors to sensitive information, such as
man-in-the-middle attack. Session replay is, “An attack in which an attacker attempts to
impersonate the user by using the user’s session token” (Ciampa, 2022). Session replay could
allow threat actors to access user sessions, where the actor could manipulate or extract sensitive
information. The third kind of interception attack is MITB, also known as a Man-in-the-Browser
attack, which is “an attack that intercepts communication between a browser and the underlying
computer” (Ciampa, 2022). If attackers were to gain access through a MITB attack, the threat
actor could ultimately use this information to commit identity theft, financial fraud, or sell
personal information.
Layer 2 attacks are also a network attack. Layer 2 is often a target for threat actors. These
attacks include address resolution protocol poisoning, media access control attacks, MAC
ISYS 333 COURSE PAPER 9
cloning, and MAC flooding attacks. Address resolution protocol poisoning is an attack that
corrupts the ARP cache. Media access control attacks often compromise the integrity of network
switches (Higgins, 2023). MAC cloning is “An attack that spoofs a MAC address on a device so
that the switch changes its MAC address table to reflect the new association of that MAC address
with the port to which the attacker’s device is connected” (Ciampa, 2022). MAC flooding is an
attack in which the switch's memory is flooded with spoofed packets, and then it begins to
function like a network hub and broadcast frames to all ports (Ciampa, 2022). Layer 2 attacks
can ultimately compromise the integrity of MassMutual’s network infrastructure. These attacks
can disrupt normal operations, leading to potential downtime. It can also hinder communication
between devices, impacting the efficiency and reliability of all services provided by MassMutual.
DNS attacks are also threats to MassMutual; these attacks include DNS poisoning and
DNS hijacking. DNS poisoning is, “An attack that substitutes DNS addresses in a local lookup
table so that the computer is automatically redirected to an attacker’s device” (Ciampa, 2022).
While DNS hijacking is, “An attack that infects an external DNS server with IP addresses
pointing to malicious sites” (Ciampa, 2022). These types of attacks are potential phishing
attempts or the dissemination of malware. Both clients and employees may interact with these
There are also other types of threats called DOS attacks. These attacks send “bogus
requests” to a system and bombard them. However, in today’s age, Distributed Denial of Service
attacks are more popular since they utilize more computers and can further attack a system
(Ciampa, 2022). The aim of Distributed Denial of Service attacks, also known as DDOS attacks,
Threat actors are not always fully online; sometimes, these actors will attempt malicious
acts on a physical location. MassMutual can take proper steps to protect the company’s physical
locations and its assets. MassMutual can establish external perimeter defense and internal
The first type of security is external perimeter security. This kind of security is often
overlooked, but it is crucial in the defense of a company and its assets. Ciampa puts it perfectly,
“preventing a threat actor from physically accessing the network is as important as preventing
the attacker from accessing it remotely” (Ciampa, 2022). MassMutual can utilize this kind of
security to protect any data, such as files, or their physical assets, such as computers, within their
office buildings. This kind of security can include industrial camouflage, which makes a building
nondescript and attempts not to attract any attention. In addition, physical barriers, such as
proper fencing, signage, and lighting, are great ways to deter any physical threats. MassMutual
should also hire security professionals to patrol and monitor who comes into the building, as
well. Alongside security professionals, a receptionist should be hired and utilize a visitor log to
record who comes in and out of the building. Cameras with motion detectors are also valuable to
record anyone entering the building. By utilizing these protocols, MassMutual can protect assets
Internal physical security is a crucial component of physical security, as well. This kind
of security includes having locks, securing areas, and fire suppression. Locks could deter a
physical threat actor if they pass external perimeter security. In addition, MassMutual can utilize
the idea of a DMZ to further protect sensitive areas by having a security guard open door one to
the secure area and then having the person verify their credentials before door two, where they
ISYS 333 COURSE PAPER
11
gain access to a secure area. Fire can also be seen as a threat to an office building, so utilizing
fire suppression can protect MassMutual and its office. By implementing these internal physical
controls, MassMutual further prevents threat actors from gaining physical access to sensitive
MassMutual utilizes networks to keep the business running smoothly. Networks serve as the
backbone for business operations for MassMutual, allowing for information exchange and
connected as a company. All modern networks utilize typical networking devices, such as routers
or switches. Typically, networking devices come with their own set of security features;
however, MassMutual must utilize both security features on their networking devices and
implement security appliances for a layered security approach. Some examples of security
appliances include firewalls, proxy servers, deception instruments, intrusion detection and
Firewalls are the most commonly heard of security appliance. Firewalls are used as either
hardware or software whose purpose is to stop malware from spreading. Firewalls utilize a
bidirectional approach to inspect both incoming and outgoing packets. Upon inspection, firewalls
have directions to follow when there is a suspicious packet; these actions are typically based on a
set of rules or protocols. MassMutual’s firewall rules encompass various different parameters
such as source addresses, destination addresses, source ports, destination ports, protocols, traffic
direction, and times. With these rules, MassMutual’s firewalls can take specific action to
approach a situation properly. The firewalls can allow, deny, bypass, or log traffic based on
ISYS 333 COURSE PAPER
12
predetermined conditions. MassMutual also can utilize specialized firewall appliances to
enhance the company’s defense capabilities. Web application firewalls, network address
translation gateways, next-generation firewalls, and unified threat management provide advanced
features such as application-based filtering, deep packet inspection, URL filtering, and intrusion
protection (Ciampa, 2022). By utilizing these specialized firewall appliances, MassMutual can
fortify its network security against a myriad of threats while also maintaining the confidentiality
In addition to firewalls, using proxy servers and deception techniques will enhance
MassMutual’s overall defense strategy and security. Proxies act as a substitute on behalf of a
primary device. Proxies can ultimately look for malware before it reaches the endpoint or hide
the IP addresses of endpoints so that only the proxy’s IP is shown on the internet. Utilizing these
servers can help thwart threats before reaching the primary device. Similarly, deception
techniques can also be used to stop threats before they reach a device. However, these techniques
work differently; they divert threat actors away from critical assets. Honeypots and honeynets
distract attackers and allow MassMutual to learn more about their techniques. In addition, DNS
sinkholes redirect unwanted traffic away from its true destination. Sinkholes allow MassMutual
Other devices, called intrusion detection and prevention systems, play a critical role in
MassMutual’s network security. IDS and IPS can identify and block malicious activities. By
effectively configuring all of the network appliances, adhering to minimum baseline protocols,
and configuring with minimum security fundamentals, MassMutual will collectively strengthen
its network security against evolving threats in the digital landscape (Ciampa, 2022).
cloud computing is, “An on-demand infrastructure to a shared pool of configurable computing
resources that can be rapidly provisioned and released” (Ciampa, 2022). MassMutual utilizes
cloud computing services rather than the traditional on-premise models with a large upfront cost.
MassMutual can benefit from the flexibility and scalability of cloud computing; however, with
these benefits come risks. Securing cloud computing is essential to protect data; cloud computing
faces several risks. These risks include unauthorized access to sensitive data, lack of visibility of
security protocols, insecure application program interfaces, compliance regulations, and system
vulnerabilities. In order to secure these risks, MassMutual must conduct thorough audits of its
cloud services, ensuring that the service adheres to established standards and identifies any
potential vulnerabilities. MassMutual should also utilize Cloud Access Security Brokers, also
known as CASB, to help enforce security policies and extend data protection measures. In
addition, employing Data Loss Prevention, also known as DLP, can help safeguard against data
breaches and enforce security policies within the cloud. By adhering to professional standards,
MassMutual can safeguard its data and protect the company’s cloud infrastructure (Ciampa,
2022).
Since MassMutual employs cloud computing for the company, it is imperative to use
secure network protocols to protect the company’s data. These network protocols include Simple
Network Management Protocol, Domain Name System Security Extensions, File Transfer
Protocol, and secure email protocols. Each of these protocols is crucial in ensuring secure
The first protocol is the Simple Network Management Protocol, known as SNMP; this
protocol helps facilitate the remote monitoring and managing of network equipment. This
ISYS 333 COURSE PAPER
14
protocol helps guarantee the confidentiality and integrity of sensitive information. In addition,
the Domain Name Security System Extension, DNSSE, is a helpful tool to thwart DNS attacks.
This protocol helps to fortify the reliability of MassMutual’s domain name resolution. The File
Transfer Protocol, FTP, is another protocol; however, due to its unencrypted nature, MassMutual
should look into FTP Secure or Secure FTP. Since MassMutual often shares files within a
network, SFTP or FTPS, will ensure that files are encrypted and the confidentiality of
transmitted data. Finally, MassMutual should utilize secure email protocols. Since emails are
typically the main form of communication for businesses, it’s crucial that secure email protocols,
such as SMTP, POP3, and IMAP, are implemented. SMTP and POP3 should be configured
securely. IMAP can also be used for secure, remote email storage. Among these three protocols,
a mail gateway should be used to secure sensitive information in outbound mail. In addition, a
mail gateway can block potentially malicious inbound mail, as well. Through each of these
Wireless attacks can also be directed toward wireless data systems, such as Bluetooth
systems, nearfield communication devices, and wireless local area networks. Bluetooth is a
personal area network that allows for data communication over a short distance for a wide range
of technology. For example, numerous printers, keyboards, headphones, mouses, and various
other technologies used within a MassMutual office have Bluetooth capabilities. Bluesnarfing is
the main concern with Bluetooth-capable devices; bluesnarfing is, “An attack that accesses
2022). This could mean that anyone who connects to a device via Bluetooth within
NFC can be used to establish communication between two nearby devices in close proximity.
For example, within the MassMutual office, NFC may be used as a way to gain access into the
building, clock in, or enter an authorized area. Threat actors may utilize various vulnerabilities,
such as eavesdropping or data theft, to gain information through NFC. Eavesdropping allows for
a threat actor to pick up an NFC signal, intercept it, and ultimately view the information. Data
theft can be an attacker bumping a portable reader into the victim’s smartphone, ultimately
capturing information stored within the phone. MassMutual employees must be aware of the
dangers of wireless attacks and be careful about what sensitive information they keep on their
Wifi, also known as wireless local area networks or WLAN, supplements a local area
network. Wifi is commonly used for tablets, laptops, and smartphones; MassMutual provides
wifi for their customers and employees to utilize on these devices. However, with the ease of
wifi, comes numerous vulnerabilities and potential for attacks. WLANs bring about blurred
edges with multiple entry points and signals that extend beyond the physical boundaries. This
challenges what’s known as the traditional hard network edge. Rogue access points and evil
twins create unauthorized access points that allow attackers to bypass network security
configurations and potentially gain access to MassMutual's sensitive data. Intercepting any
wireless data is a cause for concern. Open or misconfigured access points allow for attackers to
eavesdrop on potentially sensitive transmissions. Remote employees for MassMutual also face
risk, as home WLANs are attractive targets for threat actors, as typically, home networks have
inadequate security configurations. Any attack against a WLAN could result in stolen data,
stolen wireless transmissions, malware, or harmful content. In order to protect from WLAN’s
ISYS 333 COURSE PAPER
16
vulnerabilities, new security measures have been developed and should be implemented by
MassMutual. One of these security measures is WPA2; WPA2 is, “the second generation of
WPA security from the Wi-Fi Alliance that addresses authentication and encryption on WLANs
and is currently the most secure model for Wi-Fi security” (Ciampa, 2022). There are two
versions of WPA2, one for personal use and the other for larger enterprise networks.
MassMutual should work with WPA2 Enterprise to encrypt and authenticate on WLANs
(Ciampa, 2022).
Authentication
user to prove that it is truly them and not someone pretending to be the user. Authentication
comes in many forms; these include something you are, know, have, or can do. Something you
know can be a password or a security question. Something you have can be a physical ID card or
your smartphone. Something you exhibit can be a physical feature, like your thumbprint, eyes, or
face. Something you can do can be a signature. MassMutual should implement authentication
protocols to verify users trying to access sensitive data. In addition, proper protocols for
authentication should be added as well. For example, each password used should salt to make it
more secure. In addition, a user should have to authenticate multiple times to access information
Incidents happen in any sector of work, especially in cybersecurity. Two reasons why
incidents in the cybersecurity sector are poor access control and weak account types. Threat
actors often seek user accounts with weak security and elevated privileges; this emphasizes the
ISYS 333 COURSE PAPER
17
importance of authentication, robust security protocols, and regular security reviews to ensure
that user accounts are properly protected from being a weak account type. In addition, poor
access control can cause a myriad of issues as well. Access control is where a user is either
allowed or denied access to use a specific resource. Poor access control can lead to unauthorized
access to sensitive information, data breaches, a loss of confidentiality, data tampering or loss,
and increased vulnerability (Bender, 2023). Roles are a crucial aspect of access control; having
specific roles with specific actions helps to allocate responsibilities in a proper way to manage
sensitive information. To mitigate poor access control, MassMutual should utilize the most “real
world” access scheme, which is the Role-Based Access Control, also known as RBAC. Within
the RBAC, certain permissions are assigned to roles and then subsequently users are assigned
roles. RBAC is easy to manage, maintain, and typically eliminates human error, making it the
To protect against any incident that may occur, MassMutual should implement a
comprehensive incident response plan. This plan outlines what to do if an incident occurs from
the beginning to the end; it outlines initial preparation, identification, containment, eradication,
recovery, and the learning stage. In addition, this plan includes incident definitions, specialized
response teams, reporting and escalation measures, retention policies, and strict communication
plans. In order to ensure the effectiveness of the incident response plan, MassMutual will
perform exercises such as tabletop discussions, walkthroughs, and simulations with the proper
team members to ensure a flawless execution of the plan. Finally, to bolster the plan even more,
MassMutual should study current and previous attack methods utilizing common attack
frameworks to learn and better prepare for any cybersecurity incident (Ciampa, 2022).
operating, especially with a large company like MassMutual. MassMutual should implement a
Business Continuity Plan that details how to continue to operate the business after a disaster.
This plan will address critical business functions, crisis management, and IT asset recovery.
and cloud environments. In addition, MassMutual will also formulate a Business Impact
Analysis that identifies essential business functions and points of failure. A Disaster Recovery
Plan is also needed to focus on efficient IT restoration. These three measures ultimately complete
security plan. Prioritizing Account Management Policies, MassMutual ensures precise control
over user access. In addition, MassMutual should employ Group Policy and Cloud App Security
for enforcement. Implementing an organizational policy can also assist with defining formal
processes for modifications and governance. Coupled with Data Governance and Retention
Risk Management
MassMutual. Each asset, such as a client information database or the IT hardware, is a critical
the value of every asset and ensure that it is protected. This is done through risk management.
Navigating the abundance of risks in the world is tricky, and MassMutual must implement a risk
management plan to mitigate vulnerabilities and reduce potential consequences. This is done
ISYS 333 COURSE PAPER
19
through developing a risk management strategy, implementing controls, addressing third-party
risks, and providing user training. Transference is the most useful risk management strategy for
MassMutual, since the company can buy cybersecurity insurance to offset potential losses.
Adding controls for MassMutual is also important; the categories within controls are managerial,
operational, and technical. These controls include deterrent controls, preventative measures, and
MassMutual and their respective third-party associates can delegate responsibilities and ensure
compliance with MassMutual’s data policies. This is a crucial step to avoid security
vulnerabilities MassMutual takes when dealing with third-parties. Finally, user training is
another crucial part of risk management. Training employees on recognizing risk is vital. Human
error is one of the most common problems that leads to risk. By implementing various
approaches to learning, employees of MassMutual will be better equipped to navigate the digital
Conclusion
500 company working with extensive clientele all over the United States, deploying a proper
organizational security plan is crucial to mitigate risk, ensure business continuity, protect clients’
data, and uphold the trust of thousands of clients. This security paper outlined all facets of
wireless security measures. In addition, additional focus was placed on the necessity for access
ISYS 333 COURSE PAPER
20
management, cloud security protocols, and overall risk management planning. With these robust
security practices, updated systems, and employee training programs, MassMutual can stay
ahead of an evolving and dynamic digital landscape and provide clients with cutting-edge
References
https://www.advisor360.com/platform-overview
Bender, J. (2023). Poor Access Management Can Lead to Data Breaches. Business News Daily.
https://www.businessnewsdaily.com/11310-cyberattacks-poor-access-
management.html
ISYS 333 COURSE PAPER
21
Ciampa, M. (2022). CompTIA Security+ Guide to Network Security Fundamentals (7th ed.).
Cengage.
https://nordvpn.com/blog/mac-flooding/
https://www.massmutual.com/protecting-your-information
https://www.sangfor.com/blog/cybersecurity/basics-authentication-cyber-security