Purpose
You are a cybersecurity threat analyst for a consulting company that does work for both the public and private sectors. Your project is to create an action plan/framework to help mitigate cyber risks due to development operations, application development, and insider threats. Realizing insider threats are a concern, it is also your job to ease the director of research and development’s mind in regard to continuing to use contractors, including those from foreign countries.
Assignment Instructions
You have been assigned a new project, and it is to help to develop a process or framework for a mid-sized (200 employees) software company. The software company develops a commercially available Web-based system with an accompanying mobile application (Android and iOS) for the financial sector. The company’s yearly revenue is approximately $15 million. The director of research and development is concerned about their application development and the development operations (DevOps) activities in regard to insider threats. The software company frequently uses contractors, (on-site and remote), and some of the contractors are from foreign countries. The contractors help develop and test their software product and are also used for in-house software development and maintenance. There is only one research and development (R&D) facility for the company. Your project is to create an action plan/framework to help mitigate cyber risks due to development operations, application development, and insider threats. Realizing insider threats are a concern, it is also your job to ease the director of research and development’s mind in regard to continuing to use contractors, including those from foreign countries. He is a fact-driven decision maker and would benefit from facts regarding how multiculturalism and diversity could benefit his company and not harm it.
Consider the following in your action plan:
How you will convince the director you can effectively address any potential issues related to multiculturalism and diversity
How you will utilize problem-solving skills and conflict resolution to bridge cultural differences
How you will address change that occurs due to the presence of multiculturalism and diversity in a business environment
In addition to creating and maintaining a Web-based financial system and mobile application to accompany it, the company uses several enterprise-based systems for day-to-day operations. They have an email system, customer relationship management system, source code control system, bug tracking system, and technical support tracking system. The technical support tracking system is an in-house developed system and is considered a legacy system. The company is researching various technical support systems to replace the legacy system. The other enterprise systems were purchased/leased from various vendors. The customer relationship management system is cloud-based and an Oracle product. The other systems reside on-premises and are in a hardened data center located 10 miles from the R&D facility. The data center has successfully gone through an SSAE 16 audit.
The company has a business continuity plan; however, the disaster recovery plan needs to be improved as the company does not have a hot backup site. They do back up all critical systems several times per day. The backup data is automatically streamed to another hardened data center (also SSAE 16 certified) that is located 25 miles away. All of the systems at the data center are considered critical systems. In addition, the system test and software quality assurance departments have all the necessary software and hardware (mobile/tablets included) to maintain high-quality assurance sufficiently. This testing infrastructure is located at the R&D facility and not in the data center.
Analyze the NIST Cybersecurity Framework.
Determine if it can be used as a guide to producing an action plan/framework for the company to use in an effort to reduce the likelihood of insecure application development and insider threats. If it cannot be used/mapped to the software company, then what framework or method is better suited for the software company?
Discuss if you recommend using various frameworks/guides, resulting in a hybrid approach? You have to produce an action plan/framework, so it is important for you to do as much research as possible on other types of solutions.
It is very important for you to consider that the cybersecurity landscape includes cybercriminals, hackers, activists, etc., who use the latest technological tools and technologies to cause harm. The action plan/framework that you create should be agile enough so it can adapt to changing risk environments over time. Finally, as you formulate your plan, costs will have to be justified in time, so consider the revenue of the company and an industry-standard percentage spent on cybersecurity budgets.
Your action plan should be at least 3–4 pages of content (exclusive of title page, etc.), double-spaced in 12pt Times New Roman font, use correct APA formatting, and include a title page, table of contents, abstract, and reference page(s). If applicable, be sure to document your content with proper APA in-text citations that match your reference list. You can have more than one table and more than one figure; however, they must be fully explained.
You must support your research and assertions with at least three credible sources. You may use peer-reviewed articles, trade magazine articles, or IT research company (Gartner, Forrester, etc.) reports to support your research; you can use the Library to search for supporting and peer-reviewed articles. Wikipedia and similar sources are unacceptable.
Assignment Requirements
At least 3–4 pages of content (exclusive of title page, etc.), double-spaced in 12pt Times New Roman font, using correct APA formatting and including a title page, table of contents, abstract, and reference page(s).
At least 3 credible sources.
No spelling errors.
No grammar errors.
No APA errors.
- Use the internet to investigate Russian and American cooperative involvement with the International Space Station. What have both countries contr
- Name and describe at least two non-traditional healing systems Discuss the interface between religion and mental health Religion, Healing and
- Watch and annotate the videos of one peer as assigned by your instructor on InTASC Standards 1, 2, and 3 of the Clinical Practice Rubric. * Use t
- Discuss some of the elements in women?s approach to power, negotiation, and risk-taking that may lead to them earning less than men in similar jo
- Explain how your organizational design and culture could be implemented at your workplace or organization. Explain how your design will improve
- You need to develop a specific activity that is for the vignette that you chose. You also have to list all the rules, all the consequences, and all the materia
- The student will provide a description of the administration, logistics, and planning for a sport ministry project of the student?s choice. The portfolio must
- For this assignment, you have just been hired as the new Head Coach (of your particular sport) at Amos University! First…Your Bad News You have inherited a t
- The CEO of your organization wants to improve employee morale. Recently, she went to a conference at which she heard people talking about ?open-book management
- Maya has just been hired as the chief executive officer (CEO) to turn around Phoenix Solutions, a once-thriving tech company now struggling with declining reve
