Identify and provide a brief explanation of the tools the company is using, the benefits and shortcomings of those tools, and the gaps within the network.
Cybersecurity System Security Report for Successful Acquisition
First Name Last Name
Executive Summary
· Provide a one-page narrative summarizing the key points of this Cybersecurity System Security Report. State the purpose of the report, highlight the major points of the report, and describe any results, conclusions, or recommendations from the report.
Introduction
· This section should be a ½ to 1 page description of the underlying circumstances and conditions giving rise to this report being generated. It should provide an explanation of why the report is being generated, who will conduct the investigation and draft the report, the importance of the report, what could occur if this critical review of matters is not conducted, who will benefit from the report, and how. This should not be a regurgitation of what is included in the Executive Summary.
Policy Gap Analysis
· Use PCI Standards DSS 12 requirements and the PCI DSS Quick Reference Guide to identify a secure strategy and operating system protections to safeguard credit card data.
· Jardine, J. (2014, July 22). Policy gap analysis: Filling the gaps [Blog post]. https://blog.secureideas.com/2014/07/policy-gap-analysis-filling-gaps.html
· Mikoluk, K. (2013, July 23). Gap analysis template: The 3 key elements of effective gap analysis [Blog post]. https://blog.udemy.com/gap-analysis-template/
· Select at least two appropriate requirements from the PCI Standards DSS 12 set of requirements and explain how the controls should be implemented, how they will change the current network, and any costs associated with implementing the change.
The six objectives of PCI DSS are directly relatable to the 12 PCI DSS requirements as shown in the table. Details specific to each requirement are outlined in the PCI DSS Quick Reference Guide at https://www.pcisecuritystandards.org/documents/PCIDSS_QRGv3_1.pdf
Review of Protocols
· For this section of the report, review the protocols, explain how they work along with any known vulnerabilities, and how to secure the company from cyberattacks. Start with researching and describing the commonly known streaming protocols and the vulnerabilities of those protocols.
· Letzgro. (2016, August 26). How to sort through the variety of streaming protocols [Blog post]. http://letzgro.net/blog/the-variety-of-streaming-protocols/
· McGath, G. (2013). Basics of streaming protocols. http://www.garymcgath.com/streamingprotocols.html
· Ozer, J. (2012, August 22). What is a streaming media protocol? http://www.streamingmedia.com/Articles/Editorial/What-Is-…/What-Is-a-Streaming-Media-Protocol-84496.aspx
· Udiminue, D. (2007). Protocol. http://searchnetworking.techtarget.com/definition/protocol
· Inform leadership about any identified vulnerabilities that would or could potentially lead to a no-go on the M&A. State the reason why. If there are no such vulnerabilities, state that.
Assessment of New Network Infrastructure
· Identify and provide a brief explanation of the tools the company is using, the benefits and shortcomings of those tools, and the gaps within the network.
· Explain in your security report what tactics, techniques, and procedures you would use to understand the network.
· Identify firewalls, DMZ(s), other network systems, and the status of those devices.
Bring Your Own Device Policy
· Assess any existing policies for wireless capabilities and the bring your own device (BYOD) posture within both companies.
· Within the report, explain the media company’s current stance on wireless devices and BYOD policy.
· Noting that the company being acquired does not have a BYOD policy, explain to the acquisition managers what needs to be done for the new company to meet the goals of the BYOD policy.
Data Protection Plan
· Discuss the benefits of defense measures such as full disk encryption, e.g., BitLocker.
· Discuss platform identity keys as well as the required implementation activities.
· Convey to your leadership the importance of system integrity and an overall trusted computing base, environment, and support.
· Describe what this would entail and include Trusted Platform Module (TPM) components and drivers.
· Mention how are these mechanisms employed in an authentication and authorization system and whether the merging company has this.
Review Supply Chain Risk
· Explain to leadership that acquiring a new company also means inheriting the risks associated with its supply chain and those firm’s systems and technologies.
· Examine the risks to the supply chain and include in the report the supply chain risks
· List the security measures in place to mitigate the supply chain risks.
· Use the NIST Special Publication 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, to explain the areas that need to be addressed.
Vulnerability Management Program
· Summarize your results from conducting fictious interviews with the company’s current cybersecurity team about vulnerability management.
· Assuming the team members explain to you that they never scanned or had the time to build a vulnerability management program. Use the NIST Guide to Enterprise Patch Management Technologies, Special Publication 800-40, to develop a program to meet this missing need.
· Explain to the leadership how to implement this change, why it is needed, and any costs involved.
Education Plan
· Explain to the acquisition managers the requirements for training the workforce.
· Present a plan for educating all the users of the network about the cybersecurity related changes resulting from the acquisition. Briefly discuss how you will inform users in both the parent company and the acquired company about the policies, processes, and other aspects that have been updated.
Conclusion
Summarize the plan and restate its purpose and importance and include any paramount closing remarks.
References
Aleisa, N. (2015). A comparison of the 3DES and AES encryption standards. International Journal of Security and Its Applications 9(7). doi: 10.14257/ijsia.2015.9.7.21
Defense Human Resource Activity. (n.d.). Common Access Card (CAC) Security. Retrieved from http://cac.mil/common-access-card/cac-security
Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Computer Security: Guide to integrating forensic techniques into incident response: Recommendations of the National Institute of Standards and Technology (Special Publication 800-86). Retrieved from http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-86.pdf
Reith, M., Carr, C., & Gunsch, G. (2002). An examination of digital forensic models. International Journal of Digital Evidence, 1(3), 1-12. Retrieved from http://www.just.edu.jo/~Tawalbeh/nyit/incs712/digital_forensic.pdf
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
