Banner

No More Worries!

image Our orders are delivered strictly on time without delay

Paper Formatting

  • Double or single-spaced
  • 1-inch margin
  • 12 Font Arial or Times New Roman
  • 300 words per page

No Lateness!

image 

Our orders are delivered strictly on time without delay

Our Guarantees

image
  • Free Unlimited revisions
  • Guaranteed Privacy
  • Money Return guarantee
  • Plagiarism Free Writing

Cybersecurity threat analyst

You are a cybersecurity threat analyst for a consulting company that does work for both the public and private sectors. Your project is to create an action plan/framework to help mitigate cyber risks due to development operations, application development, and insider threats. Realizing insider threats are a concern, it is also your job to ease the director of research and development’s mind in regard to continuing to use contractors, including those from foreign countries.

Develop a process or framework for a mid-sized (200 employees) software company. The software company develops a commercially available Web-based system with an accompanying mobile application (Android and iOS) for the financial sector. The company’s yearly revenue is approximately $15 million. The director of research and development is concerned about their application development and the development operations (DevOps) activities in regard to insider threats. The software company frequently uses contractors, (on-site and remote), and some of the contractors are from foreign countries. The contractors help develop and test their software product and are also used for in-house software development and maintenance. There is only one research and development (R&D) facility for the company. Your project is to create an action plan/framework to help mitigate cyber risks due to development operations, application development, and insider threats. Realizing insider threats are a concern, it is also your job to ease the director of research and development’s mind in regard to continuing to use contractors, including those from foreign countries. He is a fact-driven decision maker and would benefit from facts regarding how multiculturalism and diversity could benefit his company and not harm it.

Consider the following in your action plan:

How you will convince the director you can effectively address any potential issues related to multiculturalism and diversity
How you will utilize problem-solving skills and conflict resolution to bridge cultural differences
How you will address change that occurs due to the presence of multiculturalism and diversity in a business environment
In addition to creating and maintaining a Web-based financial system and mobile application to accompany it, the company uses several enterprise-based systems for day-to-day operations. They have an email system, customer relationship management system, source code control system, bug tracking system, and technical support tracking system. The technical support tracking system is an in-house developed system and is considered a legacy system. The company is researching various technical support systems to replace the legacy system. The other enterprise systems were purchased/leased from various vendors. The customer relationship management system is cloud-based and an Oracle product. The other systems reside on-premises and are in a hardened data center located 10 miles from the R&D facility. The data center has successfully gone through an SSAE 16 audit.

The company has a business continuity plan; however, the disaster recovery plan needs to be improved as the company does not have a hot backup site. They do back up all critical systems several times per day. The backup data is automatically streamed to another hardened data center (also SSAE 16 certified) that is located 25 miles away. All of the systems at the data center are considered critical systems. In addition, the system test and software quality assurance departments have all the necessary software and hardware (mobile/tablets included) to maintain high-quality assurance sufficiently. This testing infrastructure is located at the R&D facility and not in the data center.

Analyze the NIST Cybersecurity Framework.
Determine if it can be used as a guide to producing an action plan/framework for the company to use in an effort to reduce the likelihood of insecure application development and insider threats. If it cannot be used/mapped to the software company, then what framework or method is better suited for the software company?
Discuss if you recommend using various frameworks/guides, resulting in a hybrid approach? You have to produce an action plan/framework, so it is important for you to do as much research as possible on other types of solutions.

Full Answer Section

       

Leveraging the NIST Cybersecurity Framework

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) provides a comprehensive approach to managing cybersecurity risk. Its five core functions - Identify, Protect, Detect, Respond, and Recover - align well with the company's needs.

Proposed Action Plan

1. Identify

  • Asset Inventory: Create a detailed inventory of all assets, including hardware, software, data, and personnel.
  • Threat Assessment: Conduct regular threat assessments to identify potential threats, vulnerabilities, and risks.
  • Risk Assessment: Prioritize risks based on their potential impact and likelihood of occurrence.

2. Protect

  • Secure Development Lifecycle (SDL): Implement a robust SDL to ensure secure coding practices, code reviews, and vulnerability scanning.
  • Network Security: Strengthen network security by implementing firewalls, intrusion detection systems, and intrusion prevention systems.
  • Access Controls: Implement strong access controls, including multi-factor authentication, role-based access control, and privileged access management.
  • Data Protection: Encrypt sensitive data both at rest and in transit.
  • Employee Awareness and Training: Conduct regular security awareness training for all employees and contractors.
  • Third-Party Risk Management: Establish a rigorous third-party risk management program to assess and monitor the security practices of vendors and contractors.

3. Detect

  • Security Information and Event Management (SIEM): Implement a SIEM solution to monitor network traffic, log data, and identify security incidents.
  • Vulnerability Scanning: Conduct regular vulnerability scans to identify and address vulnerabilities in systems and applications.
  • Penetration Testing: Perform regular penetration testing to assess the security posture of the organization's systems and networks.

4. Respond

  • Incident Response Plan: Develop and test an incident response plan to effectively respond to security incidents.
  • Incident Response Team: Establish an incident response team to coordinate incident response activities.
  • Digital Forensics: Have a plan for digital forensics investigations to gather evidence and analyze security incidents.

5. Recover

  • Business Continuity and Disaster Recovery (BCDR): Enhance the disaster recovery plan to include a hot site or cloud-based backup solution.
  • Backup and Recovery Procedures: Regularly test backup and recovery procedures to ensure their effectiveness.

Addressing Multiculturalism and Diversity

To address concerns about multiculturalism and diversity, we can implement the following strategies:

  • Cultural Sensitivity Training: Provide cultural sensitivity training to all employees to foster understanding and respect.
  • Clear Communication Channels: Establish clear communication channels to facilitate effective collaboration.
  • Mentorship Programs: Pair experienced employees with new hires to provide guidance and support.
  • Diversity and Inclusion Initiatives: Implement initiatives to promote diversity and inclusion in the workplace.

By following these guidelines and leveraging the NIST Cybersecurity Framework, the company can significantly reduce the risk of cyberattacks, insider threats, and other security breaches.

Addressing the Director's Concerns

The director's concern about using foreign contractors is understandable, but it's important to emphasize the benefits of a diverse workforce. A diverse workforce can bring fresh perspectives, innovative ideas, and a broader range of skills. By implementing robust security measures, such as background checks, strict access controls, and regular security awareness training, the company can mitigate the risks associated with using foreign contractors.

Additionally, by fostering a culture of security and trust, the company can ensure that employees and contractors feel empowered to report security concerns. By addressing these concerns proactively, the company can maintain a secure and productive work environment.

 

Sample Answer

       

Understanding the Risks

Before diving into the action plan, it's crucial to identify the primary risks:

  1. Insider Threats: This includes both malicious and accidental actions by employees and contractors.
  2. Third-Party Risks: Risks associated with using third-party vendors and contractors, especially those from foreign countries.
  3. Development and DevOps Risks: Insecure coding practices, misconfigurations, and lack of proper controls in the development and deployment processes.

Our Services

image
  • Research Paper Writing
  • Essay Writing
  • Dissertation Writing
  • Thesis Writing

Why Choose Us

image
  • Money Return guarantee
  • Guaranteed Privacy
  • Written by Professionals
  • Paper Written from Scratch
  • Timely Deliveries
  • Free Amendments