DEN1 TASK 1:
CYBERSECURITY
MANAGEMENT PLAN
Dorian Stanfield
6/25/2025
Cybersecurity Management - D489
, A. Summary of Gaps
Per the Independent Security Report, SAGE Books has numerous critical security gaps
within its plaguing its security framework. The organization's present security infrastructure does
not align with industry standards or best practices. The infrastructure also lacks crucial policies
covering AUP, MDM, secrets management, and protection of personally identifiable information
(PII). Additionally, SAGE Books is also noncompliant with PCI DSS, lacking formalized
policies and procedures necessary for managing payment card data securely.
Additional deficiencies exist regarding GDPR compliance. Presently there are no
proactive measures in place to safeguard the personal data of EU citizens, thus failing to meet
GDPR requirements. The organization's security proficiency is also lacking in sufficiency. The
existing team lacks key expert subject matter personnel who are essential for effectively
managing, implementing, and enforcing regulatory compliance.
Security awareness training at SAGE Books is insufficient and is not aligned with
recommended PCI DSS and NIST best practices. Additionally, the Incident Response Plan is
inadequate, lacks clearly defined roles and responsibilities, incident detection handling and
analysis. Lastly, the standing Business Continuity Plan is ineffective, as it fails to thoroughly
address prospective natural disaster scenarios and it also lacks comprehensive recovery
strategies.
B. Mitigation Strategies
To address the security gaps identified in the security report, SAGE Books should employ
several vital mitigation strategies. For starters, the organization must create a comprehensive
security policy aligned with PCI DSS and GDPR best practices. This involves a clear
understanding of the regulatory obligations related to customer data handling. It also involves the
conduction of thorough risk assessments focused on the fortification of cardholders and EU
citizen data, establishing detailed AUP policies, MDM, secure passwords, and personal
identifiable information protection.
Guaranteeing PCI DSS compliance requires numerous actions. SAGE Books must secure
its network through firewalls, ACL’s, security devices, and endpoint protection software. The
organization should also implement system hardening practices, implement robust encryption
methods, maintain asset inventories, and safeguard cardholder data during data in transit.
Moreover, deploying, auditing, and updating antivirus software regularly, alongside instituting a
vulnerability management process, will aid in the identification and remediation of potential
threats swiftly. Access to sensitive information must be strictly regulated based on the principle
of least privilege, employing MFA, and strong cryptographic measures. Systematic scans and
CYBERSECURITY
MANAGEMENT PLAN
Dorian Stanfield
6/25/2025
Cybersecurity Management - D489
, A. Summary of Gaps
Per the Independent Security Report, SAGE Books has numerous critical security gaps
within its plaguing its security framework. The organization's present security infrastructure does
not align with industry standards or best practices. The infrastructure also lacks crucial policies
covering AUP, MDM, secrets management, and protection of personally identifiable information
(PII). Additionally, SAGE Books is also noncompliant with PCI DSS, lacking formalized
policies and procedures necessary for managing payment card data securely.
Additional deficiencies exist regarding GDPR compliance. Presently there are no
proactive measures in place to safeguard the personal data of EU citizens, thus failing to meet
GDPR requirements. The organization's security proficiency is also lacking in sufficiency. The
existing team lacks key expert subject matter personnel who are essential for effectively
managing, implementing, and enforcing regulatory compliance.
Security awareness training at SAGE Books is insufficient and is not aligned with
recommended PCI DSS and NIST best practices. Additionally, the Incident Response Plan is
inadequate, lacks clearly defined roles and responsibilities, incident detection handling and
analysis. Lastly, the standing Business Continuity Plan is ineffective, as it fails to thoroughly
address prospective natural disaster scenarios and it also lacks comprehensive recovery
strategies.
B. Mitigation Strategies
To address the security gaps identified in the security report, SAGE Books should employ
several vital mitigation strategies. For starters, the organization must create a comprehensive
security policy aligned with PCI DSS and GDPR best practices. This involves a clear
understanding of the regulatory obligations related to customer data handling. It also involves the
conduction of thorough risk assessments focused on the fortification of cardholders and EU
citizen data, establishing detailed AUP policies, MDM, secure passwords, and personal
identifiable information protection.
Guaranteeing PCI DSS compliance requires numerous actions. SAGE Books must secure
its network through firewalls, ACL’s, security devices, and endpoint protection software. The
organization should also implement system hardening practices, implement robust encryption
methods, maintain asset inventories, and safeguard cardholder data during data in transit.
Moreover, deploying, auditing, and updating antivirus software regularly, alongside instituting a
vulnerability management process, will aid in the identification and remediation of potential
threats swiftly. Access to sensitive information must be strictly regulated based on the principle
of least privilege, employing MFA, and strong cryptographic measures. Systematic scans and
