Cybersecurity Framework Compliance and Risk Assessment

Verified

Added on 2022/11/28

AI Summary

This document discusses the current cybersecurity framework compliance status, future policy implementations, and operational compliance and risk assessment. It also includes a web portal diagram and references.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CYBERSECURITY FRAMEWORK
Cybersecurity Framework
Name of the Student
Name of the University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
CYBERSECURITY FRAMEWORK
1. Current Framework Compliance Status
The current cybersecurity framework of ABC Software, Inc. Company is vulnerable to
different types of attack and the current framework is evaluated in terms of compliance
framework. The framework consists of guidelines and processes that is used by the organization
for maintaining accordance, legislations and regulations. Currently the business process follows
the IT governance and maintains a balance between the innovation and productiveness.
2. Future Cybersecurity Policy Implementations
In future the risk control measures and governance practice is needed to be applied such
that the redundancy can be eliminated and help the organization to develop a compliance
framework. An action plan is needed to be implemented that would consist of the task,
implementation manner and responsibility along with the time frame (Hubbard & Seiersen,
2016). Every security area is needed to be included such that the strategic goals can be met and
the protection level can be improved.
3. Operational Compliance and Risk Assessment
3.1. Cybersecurity Risk Assessment
Threat Vulnerabilit
y
Asset Impact Likelihoo
d
Risk Recommendatio
n Control
Failure of
System –
Server
overheatin
Poor air-
conditioning
High
Server
Critica
l
Unavailabilit
y of email,
web and
other
High Loss of
$5000 for
each
occurrenc
Implementation
of new air
conditioner

2
CYBERSECURITY FRAMEWORK
g
High
services
Critical
e
High
Malicious
human
High
Firewall
configuratio
n and DDoS
mitigation
Low
Web
Servic
e
Critica
l
Unavailabilit
y of web
resources
Critical
DDOS is
discovere
d 1 in
every 2
year
Medium
Potential
loss due
to
downtime
Medium
Firewall
monitoring
Natural
Disaster
High
Server room
should be
on upper
floor
Medium
Server
Critica
l
Unavailabilit
y of the
service
Critical
Flood
occurred
lastly 10
years ago
Low
Low No need of
action
3.2. Privacy Risk Management
Privacy risk can cause loss of control on the customer’s personal information that can
cause financial injury and unwanted intrusion in the system. The risk of data breach is needed to
be mitigated and the personal information is needed to be encrypted and stored in the secured
location such that it cannot be misused and economic loss can be mitigated.
3.3. Compliance Gaps
The gap analysis is performed in the planning stage for analyzing the degree or level of
compliance of data protection laws and the gaps.

3
CYBERSECURITY FRAMEWORK
Privacy and data protection gap analysis is needed to be performed for the identification
of security threats acting on the assets and information of the organization.
The scope of gap analysis are needed to be kept clear and the following steps are needed
to be included in the process of gap analysis:
Discover – More information is needed to be gathered and questionnaires are need to be
sent to various personnel for gathering information.
Workshop – Different stakeholders are needed to be interviewed and further clarification
is needed to be asked (Weinstein, 2016). The compliance of the laws and associated legal risk is
needed to be evaluated in this phase.
Document – The findings are needed to be drafted and delivered as a report containing
the needed actions that should be taken.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4
CYBERSECURITY FRAMEWORK
3.4. WEB Portal Diagram

5
CYBERSECURITY FRAMEWORK
References
Hubbard, D. W., & Seiersen, R. (2016). How to measure anything in cybersecurity risk. John
Wiley & Sons.
Weinstein, R. (2016). Cybersecurity: getting beyond technical compliance gaps. NYUJ Legis. &
Pub. Pol'y, 19, 913.