Cybersecurity Framework Report - Risk Assessment and Compliance

Verified

Added on 2022/11/28

AI Summary

This report examines the cybersecurity framework of ABC Software, Inc., focusing on compliance, risk assessment, and policy implementation. It begins by evaluating the current cybersecurity posture, highlighting vulnerabilities and the need for improved risk control measures. The report then outlines future cybersecurity policy implementations, emphasizing the importance of a strategic action plan to address security gaps and enhance protection levels. A detailed risk assessment is presented, covering various threats, vulnerabilities, and potential impacts, along with proposed mitigation strategies such as implementing new air conditioning, configuring firewalls, and addressing potential natural disasters. The report also addresses privacy risk management, emphasizing the need to protect sensitive customer data through encryption and secure storage. Furthermore, it includes a gap analysis to identify areas where the organization's data protection practices fall short of compliance standards, outlining a process to gather information, interview stakeholders, and document findings to guide necessary actions. Finally, a web portal diagram is referenced, though not detailed in the provided text, suggesting a visual representation of the framework's components.

Running head: CYBERSECURITY FRAMEWORK
Cybersecurity Framework
Name of the Student
Name of the University
Author’s Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
CYBERSECURITY FRAMEWORK
1. Current Framework Compliance Status
The current cybersecurity framework of ABC Software, Inc. Company is vulnerable to
different types of attack and the current framework is evaluated in terms of compliance
framework. The framework consists of guidelines and processes that is used by the organization
for maintaining accordance, legislations and regulations. Currently the business process follows
the IT governance and maintains a balance between the innovation and productiveness.
2. Future Cybersecurity Policy Implementations
In future the risk control measures and governance practice is needed to be applied such
that the redundancy can be eliminated and help the organization to develop a compliance
framework. An action plan is needed to be implemented that would consist of the task,
implementation manner and responsibility along with the time frame (Hubbard & Seiersen,
2016). Every security area is needed to be included such that the strategic goals can be met and
the protection level can be improved.
3. Operational Compliance and Risk Assessment
3.1. Cybersecurity Risk Assessment
Threat Vulnerabilit
y
Asset Impact Likelihoo
d
Risk Recommendatio
n Control
Failure of
System –
Server
overheatin
Poor air-
conditioning
High
Server
Critica
l
Unavailabilit
y of email,
web and
other
High Loss of
$5000 for
each
occurrenc
Implementation
of new air
conditioner

2
CYBERSECURITY FRAMEWORK
g
High
services
Critical
e
High
Malicious
human
High
Firewall
configuratio
n and DDoS
mitigation
Low
Web
Servic
e
Critica
l
Unavailabilit
y of web
resources
Critical
DDOS is
discovere
d 1 in
every 2
year
Medium
Potential
loss due
to
downtime
Medium
Firewall
monitoring
Natural
Disaster
High
Server room
should be
on upper
floor
Medium
Server
Critica
l
Unavailabilit
y of the
service
Critical
Flood
occurred
lastly 10
years ago
Low
Low No need of
action
3.2. Privacy Risk Management
Privacy risk can cause loss of control on the customer’s personal information that can
cause financial injury and unwanted intrusion in the system. The risk of data breach is needed to
be mitigated and the personal information is needed to be encrypted and stored in the secured
location such that it cannot be misused and economic loss can be mitigated.
3.3. Compliance Gaps
The gap analysis is performed in the planning stage for analyzing the degree or level of
compliance of data protection laws and the gaps.

3
CYBERSECURITY FRAMEWORK
Privacy and data protection gap analysis is needed to be performed for the identification
of security threats acting on the assets and information of the organization.
The scope of gap analysis are needed to be kept clear and the following steps are needed
to be included in the process of gap analysis:
Discover – More information is needed to be gathered and questionnaires are need to be
sent to various personnel for gathering information.
Workshop – Different stakeholders are needed to be interviewed and further clarification
is needed to be asked (Weinstein, 2016). The compliance of the laws and associated legal risk is
needed to be evaluated in this phase.
Document – The findings are needed to be drafted and delivered as a report containing
the needed actions that should be taken.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
CYBERSECURITY FRAMEWORK
3.4. WEB Portal Diagram

5
CYBERSECURITY FRAMEWORK
References
Hubbard, D. W., & Seiersen, R. (2016). How to measure anything in cybersecurity risk. John
Wiley & Sons.
Weinstein, R. (2016). Cybersecurity: getting beyond technical compliance gaps. NYUJ Legis. &
Pub. Pol'y, 19, 913.