WGU D489 DEN1 Task 1: Cybersecurity Management Plan |Latest Update with Complete Solution

1


WGU D489 DEN1 TASK 1: Cybersecurity Management
Plan |Latest Update with Complete Solution




DEN1 TASK 1: Cybersecurity Management Plan

STUDENT

College of Information Technology, Western Governors University

09/06/2024



SAGE..Books..Cybersecurity..Management..Plan



A. Summary..of..Gaps

Based..on..the..“Independent..Security..Report,”..the..following..gaps..exist..in..SAGE..Bo

oks’..security..framework:

1) Lack..of..Comprehensive..Security..Program:

a) The..security..program..does..not..follow..industry..best..practices..an

d..standards.

b) The..organization..lacks..acceptable..use,..mobile..devices,..secure..passwor

ds,..and..personally..identifiable..information..(PII)..protection..policies.

2) PCI..DSS..Compliance:

a) No..policies..or..procedures..for..handling..payment..card..data..following..P

CI..DSS..exist.

3) GDPR..Compliance:

a) No..measures..are..in..place..to..protect..the..PII..of..EU..citizens..per..GDPR.

, 2

4) Lacking..Security..Expertise:

a) The..current..information..security..team..needs..key..security..roles..t

o..implement..and..enforce..regulatory..compliance.

5) Cybersecurity..Awareness..Training:

a) Training..is..subpar,..infrequent,..and..does..not..align..with..PCI..DSS..and..NI

ST..best..practices.

6) Incident..Response..Plan..(IRP):
a) The..IRP..lacks..defined..roles..and..responsibilities..and..detailed..incide

nt..handling..and..analysis..procedures.

7) Business..Continuity..Plan..(BCP):

a) The..BCP..does..not..adequately..address..natural..disasters..and..lack

s..comprehensive..recovery..strategies.




B. Mitigation..Strategies

1) Develop..Comprehensive..Security..Policies:

a) Understand..the..requirements..of..PCI..DSS..and..GDPR..and..how..Sag

e..Books..should..handle..customer..data.

b) Conduct..a..risk..assessment..on..Sage..Books..to..evaluate..the..potential..ris

ks..to..cardholder..and..European..citizen..personal..data..(Webb,..2024).

c) Create..policies..that..align..with..PCI..DSS..and..GDPR,..which..are..cover

ed..below.

d) Include..acceptable..use,..mobile..device..policy,..secure..passwords,..and..P

II..protection.

2) PCI..DSS..Compliance..-

..This..consists..of..multiple..goals,..including..creating..a..secure..network,..protecti


ng..cardholder..data,..vulnerability..management,..access..control,..continuous..m

, 3

onitoring..and..auditing,..and..developing..security..policies..(PCI..Security..Stand

ards..Council,..2022).

a) Secure..Networks:

i) Implement..firewalls..to..protect..cardholder..data..using..access..contr

ol..lists,..security..appliances,..and..endpoint..protection..software.

ii) Change..system..defaults..where..necessary,..use..strong..cryptogra

phy,..and..maintain..an..inventory..of..all..assets..that..process..or..stor

e..cardholder..data.

b) Protect..Cardholder..Data:

i) Store..cardholder..data..using..robust..encryption..methods..and..ensur

e..Sage..Books..follows..data..retention..periods.

ii) Always..encrypt..the..transmission..of..cardholder..data..over..publi

c..networks.

c) Vulnerability..Management:

i) Deploy..anti-

virus..software..to..protect..systems..against..malware..and..regularly..

update..and..audit..anti-

virus..software..to..ensure..it..is..still..functioning..as..intended.

ii) Establish..a..vulnerability..management..process..to..triage..an

d..remediate..vulnerabilities..promptly.

d) Access..Control:

i) Use..least..privilege..principles..to..restrict..access..to..sensitiv

e..cardholder..data..only..to..people..and..systems..needing..it

.

ii) Use..multifactor..authentication..and..robust..cryptographi

c..transmissions..for..access..to..administrative..functions.