02 May Write an executive summary for your report for members of C-Suite, including the CEO

Purpose

This assignment is intended to help you learn to do the following:

· Communicate the security program with an intended audience.

· Effectively manage a security program. [SPM 2]

· Assess the effectiveness of a security program. [SPM 3]

Overview

In this section, you’ll create communications for two different audiences: C-Suite (including the CEO) and end-users.

Executive Summary and Poster Requirements

1. Write an executive summary for your report for members of C-Suite, including the CEO. This is a high-level overview of the key aspects of your security program. It includes a summary of the first Plan, Protect, Detect, Response, and Adjust cycle. Concisely explain how this improved security. Your executive summary should be:

· Understandable to a non-technical audience. Remember that you are communicating to an audience that includes executive managers and well as technology experts.

· Concise, ideally a page or less. Many people will not read your entire document, instead relying on the executive summary to give them the key takeaways. It must be able to stand on its own as a coherent document.

· Relevant to the company’s business goals. Help your audience see how your plans relate to business outcomes and processes.

2. Create a security awareness poster that shows key take-aways for end users. Limit your information to one page of a document or slide that could be printed out and posted. If you create the poster as a slide, screen shot it and add it to your Word document.

Submit your work as an APA-formatted Word document. 

,

1

Project Part 1: Plan

Plan Section

Introduction:

This security management program is designed for Mara Investment Bank, which operates in the financial industry. The organization provides various financial services, including banking, investment, and insurance. This program aims to ensure the confidentiality, integrity, and availability of the organization's critical assets and data by following the 5-phase risk management process: Plan, Protect, Detect, Respond, and Adjust.

Scope:

This security management program includes all the organization's physical and logical boundaries. The program covers all business processes, including customer data management, financial transaction processing, internal communication, and IT infrastructure management.

Goal/Objective:

This security program aims to build a comprehensive security framework that safeguards vital assets, data, and infrastructure from cyber threats. The goal is to identify potential security threats, install proper controls, and continuously monitor and enhance Mara Investments Bank's security framework.

Asset Inventory: The following three assets need to be protected:

Customer Data:

This asset comprises personal and financial information of the organization's clientele, such as the names, addresses, account details, and credit card details, as well as other sensitive data that must be kept confidential for legal and trust-related reasons. The Mara Investment Bank ought to ensure all client information is securely stored in a centralized database to which only authorized personnel has access. Additionally, whenever possible, the transmission and storage of sensitive client data must be encrypted. If this asset falls into the wrong hands, it could result in identity theft, fraudulent activity, and a loss of client confidence. The organization must use adequate security measures to protect customer data from unauthorized access, disclosure, or modification.

IT Infrastructure:

This asset includes the hardware and software components that support the organization's IT systems, such as servers, workstations, routers, firewalls, operating systems, databases, and applications (Andress & Leary, 2017). Securing this asset is critical because, if compromised, it can lead to disruptions in the organization's operations, data loss, and reputational damage. All these elements must be configured correctly to provide secure access while maintaining performance levels acceptable for their intended use cases (Andress & Leary, 2017). Furthermore, regular vulnerability scans should also be conducted on all IT systems to detect potential threats or vulnerabilities before they become problematic. The organization should also have policies regarding user authentication methods like passwords/PINs/biometric identification etc., physical security measures such as CCTV cameras & guards at entry points, etc., remote access regulations like VPN configurations & 2-factor authentication requirements, etc., and system updates & patching processes. The organization must implement appropriate security controls to protect its IT infrastructure from potential security threats.

Financial Transactions:

This asset covers all types of financial activities conducted within the organization's network, including payments made by customers through online banking portals or cards swiped at POS terminals or transfers from one account type into another, or loans taken out from banks using collateral provided by customers or investments made into various stocks/bonds offered by different institutions. It is vital for organizations handling a large number of funds digitally to safeguard their operations by implementing robust controls, such as setting up intrusion detection mechanisms capable of detecting suspicious activity happening across various endpoints. This should be done along with logging everything inside each node for future reference if required during investigations. Moreover, multi-factor authentication requirements should be enforced especially when dealing with external parties& additionally, strong encryption protocols must be implemented when transferring funds across different locations/countries.

Risk Assessment and Risk Management Strategy:

The following are the risks associated with each asset and the risk management strategy to mitigate those risks:

1. Customer Data: Data loss or theft due to a cyberattack or insider threat is the risk connected to this asset (Vashisht et al., 2022). Robust access controls, encryption of critical data, routine data backups, and personnel security awareness training are all part of the risk management plan.

2. IT Infrastructure: A cyber-attack, including malware infection, denial of service, or prohibited access, represents the many risks inherent to this asset. Implementing a robust network security architecture with firewalls, intrusion detection and prevention systems, antivirus software, regular vulnerability assessments, and penetration testing is part of the risk management strategy.

3. Financial Transactions: Fraud or theft due to a compromised system or unauthorized access is the risk associated with this asset (Vashisht et al., 2022). To detect and prevent fraud, the risk management plan comprises the implementation of robust access restrictions, transaction monitoring systems, and frequent security audits.

Security Metrics

They are crucial indicators intended to evaluate the effectiveness of security controls and an organization's overall security state. Two security metrics are associated with each asset to ensure security risks are adequately monitored and addressed.

For the first asset, which is the customer database, the following two security metrics can be used:

· The number of successful login attempts by authorized personnel: This metric tracks the number of successful logins to the customer database, such as customer service representatives and managers (Andress & Leary, 2017). By monitoring the number of successful logins, the organization can ensure that access controls to the database are effective and there are no unauthorized login attempts that could indicate a security breach. This metric can be used as a current metric.

· Percentage of customer data backup completed: This metric tracks the percentage of customer data successfully backed up according to the organization's backup and recovery policy. By monitoring the percentage of data backup completed, the organization can ensure that critical customer data is protected against data loss and can be quickly restored in case of an unexpected event. This metric can be used as a projected metric.

For the second asset, which is the IT infrastructure, the following security metrics can be used:

· Mean Time To Detect (MTTD) a cyber-attack: This metric tracks the average time it takes for the organization to detect a cyber-attack (Courtemanche, 2018). By monitoring the MTTD, the organization can ensure that security controls and incident response processes are effective and efficient (Courtemanche, 2018). A low MTTD indicates that cyber threats are detected quickly, allowing the organization to respond promptly and minimize the attack's impact. This metric can be used as a current metric.

· Percentage reduction in MTTD after implementing the risk management strategy: This metric tracks the percentage reduction in MTTD after implementing the risk management strategy (Courtemanche, 2018). By monitoring the reduction in MTTD, the organization can measure the effectiveness of the risk management strategy and the improvement in incident response capabilities. This metric can be used as a projected metric.

For the third asset, which is financial transactions, the following security metrics can be used:

· Number of fraudulent transactions per month: This metric tracks the number of fraudulent transactions detected monthly (Vashisht et al., 2022). By monitoring the number of fraudulent transactions, the organization can ensure that its fraud detection and prevention controls are effective. This metric can be used as a current metric.

· Percentage reduction in fraudulent transactions after implementing the risk management strategy: This metric tracks the percentage reduction in fraudulent transactions after implementing the risk management strategy (Vashisht et al., 2022). By monitoring the reduction in fraudulent transactions, the organization can measure the effectiveness of the risk management strategy and improve fraud detection and prevention capabilities. This metric can be used as a projected metric.

Governance and Organizational Structure:

The following is the organization chart showing the security roles and responsibilities:

Executive Leadership:

· CEO: The CEO is ultimately responsible for the security program and ensuring it aligns with its overall goals and objectives. They set the tone for security culture and ensure the security program is adequately resourced.

· CISO (Chief Information Security Officer): The CISO is responsible for overseeing the security program and ensuring that security policies, guidelines, and objectives are developed, implemented, and enforced.

· CFO (Chief Financial Officer): The CFO ensures the security program is adequately budgeted and funded.

Business Management:

· Business Unit Managers: Business unit managers ensure that their respective business units comply with security policies and guidelines. They work with the security team to identify and assess risks and ensure appropriate controls are in place to mitigate them.

· Human Resources Manager: The HR manager ensures that employees receive regular security awareness training and that security policies are communicated effectively.

Systems Management:

· IT Manager: They are responsible for the implementation and management of the security infrastructure, which includes firewalls, antivirus software, and intrusion detection and prevention systems.

· Security Analysts conduct routine vulnerability assessments and penetration testing to detect and resolve IT infrastructure problems.

· Network Administrators: they form an essential part of the entire hierarchy since they are responsible for implementing and maintaining the network's infrastructure, which includes routers and switches, and assuring appropriate security controls.

References

Andress, J., & Leary, M. R. (2017). Building a Practical Information Security Program. Elsevier EBooks. https://doi.org/10.1016/c2014-0-01691-7

Courtemanche, M. (2018, October 29). mean time to detect (MTTD). IT Operations. https://www.techtarget.com/searchitoperations/definition/mean-time-to-detect-MTTD

Vashisht, S., Sarva, M., & Mundi, H. S. (2022). Risks measurement in banking: A bibliometric and content analysis. International Social Science Journal, 72(246), 955–977. https://doi.org/10.1111/issj.12371

,

2

Project 2 Protect

Protect 2

Program Control Design, Control Selection, and Implementation

One of the most important aspects of protecting the assets identified in the Plan section is implementing a program control design, control selection, and implementation plan. This plan will ensure proper technical and non-technical controls to provide a defense-in-depth strategy.

The first step in this process is identifying the specific controls necessary to protect the assets. To do this, the risk assessment should be reviewed, and all potential risks should be identified. Once the risks have been identified, the necessary controls should be determined. For example, if the risk is related to an unauthorized user accessing the system, a technical control such as a firewall or a password would be implemented (Aleksandra Miljus et al., 2018). On the other hand, if the risk is related to an employee disclosing confidential information, then a non-technical control such as a code of conduct policy or an employee awareness program would be implemented. Once the controls have been identified, they should be implemented. Such includes ensuring that the necessary hardware and software are in place, policies and procedures are in place to guide the use of the assets, and training users on how to use the controls. The controls should be monitored and tested regularly to ensure that they are still effective and up to date.

Once the necessary controls have been identified, the next step is selecting the appropriate ones. For example, a strong password policy may be sufficient if the risk is related to an unauthorized user accessing the system. However, a more robust code of conduct policy or employee awareness program may be needed if the risk is related to an employee disclosing confidential information. Once the appropriate controls have been identified, the next step is to implement the controls. This may include implementing software or hardware solutions, such as firewalls or authentication systems, or developing policies and procedures, such as user access or data handling policies. The controls should be monitored and tested to ensure that they are effective and up to date. After the appropriate controls have been selected, the next step is to implement them, including ensuring that the controls are in place, properly configured, and regularly tested and monitored. It is a critical step, as it ensures that the controls function properly and the assets are adequately protected.

Training

In addition to program control design, control selection, and implementation, it is also important to provide training to employees. Such training should focus on the security policies and procedures in place, as well as the risks associated with the assets. For example, employees should be trained on the proper use of passwords and the risks associated with sharing confidential information (Maslow, 2005). Employees should be trained on the proper use of the system and the risks associated with accessing unauthorized resources. Training should also be provided on the proper use of the system and the risks associated with downloading malicious software. Staff should be trained on the processes and procedures that are in place to report any security incidents or breaches. Training should also be provided on the proper response to security incidents. It includes the procedures to be followed in the event of a security incident and the steps to be taken to protect the assets. Employees should be trained on the proper use of the system and the risks associated with accessing unauthorized resources.

Maintenance

It is also important to regularly maintain and update the security controls that have been implemented. For example, it is important to regularly update the system's operating system and software and apply security patches as needed. It is important to regularly review the security policies and procedures that have been implemented and monitor the system for any signs of security breaches. It is also important to educate users about security policies and procedures and to ensure that they know the risks associated with their activities. It is important to regularly run security scans and tests to identify and address any vulnerabilities in the system.

Security Metrics

Security metrics are important for measuring the effectiveness of the security controls that have been implemented. These metrics should be monitored regularly to ensure that the security controls function properly and the assets are adequately protected. For example, metrics such as the number of successful and unsuccessful login attempts, the number of suspicious activities detected, and the number of successful and unsuccessful security incidents should all be monitored (Fitzgerald, 2005). Metrics such as the number of successful and unsuccessful patch installations, unauthorized user access attempts, and successful and unsuccessful security awareness campaigns should all be monitored. By monitoring these security metrics, it is possible to determine the effectiveness of the security controls that have been implemented and to identify areas for improvement. Metrics such as the number of changes made to security settings and the number of security alerts should also be monitored to ensure that the security controls remain effective. Metrics such as successful and unsuccessful security audits should be monitored to ensure security controls are evaluated regularly.

Conclusion

The Protect section of the security plan should describe the program control design, control selection, and implementation, as well as the training and maintenance plans that have been implemented. Security metrics should be monitored regularly in order to measure the effectiveness of the security controls that have been implemented. Following these steps makes it possible to ensure that the assets are adequately protected and that the security controls are functioning properly.

References

Aleksandra Miljus, Perkowski, M., Perlman, A., & New. (2018). Navigating the digital age : the definitive cybersecurity guide for directors and officers. Palo Alto Networks.

Fitzgerald, T. (2005). Chapter 10 Operational Controls: Practical Security Considerations – Information Security Governance Simplified [Book]. Www.oreilly.com. https://learning.oreilly.com/library/view/information-security-governance/9781439811658/021-9781466551282-010.xhtml

Maslow, A. H. (2005). Chapter 8 Managerial Controls: Practical Security Considerations – Information Security Governance Simplified [Book]. Www.oreilly.com. https://learning.oreilly.com/library/view/information-security-governance/9781439811658/019-9781466551282-008.xhtml#sec188

,

2

Project 3

The Detect portion of a security software is crucial for seeing possible risks and acting swiftly in the event of an incident, as was discussed in the overview. The main elements of the Detect phase, including as threat monitoring and reporting, incident alerting, and reaction planning, will be covered in this section. Organizations use a variety of methods and technologies to continually monitor their systems and networks for indications of possible security problems, such as unauthorized access, data breaches, malware infections, and other threats, during the Detect phase of a security program. In order to prevent massive security breaches that might jeopardize their sensitive data and harm their brand, businesses can swiftly discover and address security issues by proactively monitoring their systems and networks. This stage is crucial for preserving an organization's general security posture and safeguarding against possible cyber-attacks.

Monitoring and Reporting of Threats

Continuously scanning systems, networks, and applications for threats or vulnerabilities is known as threat monitoring. Log analysis tools, security information and event management (SIEM) systems, intrusion detection systems (IDS), and other tools may all be used for this (Ahmad et al., 2019). Threat monitoring aims to swiftly detect potential risks so that they may be dealt with before causing harm or disrupting the company.

The Detect phase includes monitoring threats as well as reporting, which is crucial. The security posture of the company should be summarized in reports on a regular basis, along with any possible threats or vulnerabilities that have been found. The senior management team and the board of directors should all receive reports that are succinct, accurate, and simple to comprehend.

Planning for incident alerts and responses

The creation of a strategy for reacting to security issues is a component of incident alerting and response planning. This strategy should include how events should be found and reported, as well as how they should be contained, mitigated, and recovered from. Roles and duties for important stakeholders including IT workers, legal counsel, HR, and senior management should also be included in the plan.

Planning an incident reaction effectively entails many crucial elements. First, the company has to put together an incident response team with members from all of its functional departments. The management of the incident response procedure and making sure that all interested parties are informed and participate in the response should fall within the purview of this team (González-Granadillo et al., 2021). The company should then develop a defined procedure for reporting events. This protocol should contain processes for locating and reporting occurrences as well as guidelines for categorizing incidents according to their severity and organizational effect. Effective incident management requires a defined procedure for reporting incidents. All organization stakeholders, such as workers, contractors, and partners, should be informed of the reporting process, which should be well documented. Specific processes for spotting possible security issues, such as suspicious activity, strange network traffic, or unexpected system behaviors, should be included in this process.

When a possible issue is discovered, the reporting process should contain steps for notifying the necessary parties, such as the incident response team, IT personnel, or management, of the event. Steps for categorizing the event according to its seriousness and possible effects on the organization should be included in the incident reporting process. By doing this, it will be possible to make sure that the right resources are deployed in order to properly handle the event.

Organizations should develop protocols for incident alerting and response planning in addition to the reporting process. The development of incident response playbooks, which specify the precise steps to follow in various sorts of events, as well as the definition of roles and duties for reacting to security incidents are part of this process. Organizations may lessen the effect of security events and rapidly resume regular operations by having explicit incident response procedures (Wagner et al., 2019). The company should put its incident response strategy into action as soon as an issue is reported. This strategy should include how to stop the event, figure out what caused it in the first place, and minimize whatever harm or disruption it may have caused. Steps for recovering from the event, such as returning systems and data to their pre-incident states, should also be included in the strategy.

Scenario for a Security Problem

Imagine for a moment that one of the countermeasures put in place in the preceding section has a possible flaw that we have just learned about. Let's assume for the sake of this example that we have installed a firewall as a technological countermeasure to defend our network from external attacks. However, it was found during an internal audit that the firewall had been improperly set and was not providing sufficient security.

The firewall in this case is not offering the amount of security that it was intended to owing to a setup error, which poses a security concern. This poses a serious security concern to the company since it might provide outside attackers unauthorized access to our network and critical information (Armenia et al., 2021). There are various measures we would need to do in order to solve this issue. To make sure the firewall is providing the necessary degree of security, we must first promptly adjust it. To verify the setup is accurate, this may need speaking with the firewall manufacturer or a third-party security specialist.

To find any possible holes or flaws, we would next need to undertake a complete analysis of our firewall setting procedure. In order to make sure that our personnel has the information and abilities necessary to correctly setup and administer the firewall, this might include assessing our change management procedure, documentation, and training materials. A crucial step in securing the network security of a company is carrying out a comprehensive examination of the firewall setup procedure (Armenia et al., 2021). The efficiency of the present firewall setup should be evaluated, and any holes or flaws that can leave the company vulnerable to security risks should be noted. Along with the rules and processes in place for changing the firewall configuration, the assessment should assess the organization's change management process. Before making any modifications, this entails evaluating the risk involved with each one and making sure the right testing and approval procedures are in place.

It is advisable to evaluate the documentation and training materials relevant to the firewall setting procedure. This entails confirming that the paperwork is correct, current, and available to all relevant staff members. To make sure staff employees who are in charge of administering and setting the firewall have the knowledge and abilities needed to do their jobs well, training materials should also be checked. Our incident response plan would need to be updated to incorporate steps for handling situations involving incorrect firewall setups. This might include recognizing and limiting the issue, as well as following protocols to fix any damage or interruption and return the firewall to its pre-incident condition.

References

Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., & Baskerville, R. L. (2019). How integration of cyber security management and incident response enables organizational learning. Journal of the Association for Information Science and Technology, 71(8), 939–953. https://doi.org/10.1002/asi.24311

Armenia, S., Angelini, M., Nonino, F., Palombi, G., & Schlitzer, M. F. (2021). A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decision Support Systems, 147, 113580. https://doi.org/10.1016/j.dss.2021.113580

González-Granadillo, G., González-Zarzosa, S., & Diaz, R. (2021). Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. Sensors, 21(14), 4759. https://doi.org/10.3390/s21144759

Wagner, T. D., Mahbub, K., Palomar, E., & Abdallah, A. E. (2019). Cyber threat intelligence sharing: Survey and research directions. Computers & Security, 87, 101589. https://doi.org/10.1016/j.cose.2019.101589

,

2

Project 4

Project 4