Cybersecurity Management
Cybersecurity Management
Western Governors University
2025
, Cybersecurity Management
A. Summary of the gaps that currently exist Sage’s in “Independent Security Report.”
Sage’s “Independent Security Report”, or aforementioned “ISR,” revealed considerable
gaps in their cybersecurity framework. The gaps will be discussed below.
1. Business Continuity Plan
Sage’s BCP does not encompass the minute details that are important to continue a business in
the event of a natural disaster and no recovery strategies are in place.
2. Inadequate Security Awareness Plan
Sage’s cybersecurity awareness plan is not compliant with the industry’s best practices and
standards in regard to NIST and PCI Requirement 12.6.
3. Inadequate Incident Response Plan
Sage’s IRP does not define roles and responsibilities of team members. The IRP also has
significant shortcomings regarding efficient incident handling and analysis.
4. Inadequate Information Security Team
Sage’s information security team is poorly staffed and is lacking key team members that are
necessary to provide the company with effective security compliance and regulatory efforts.
5. Noncompliance with PCI-DSS and GDPR
Sage currently does not have policies and procedures that would enable it to become and
maintain compliance with two very important global industry standards: PCI-DSS and GDPR.
, Cybersecurity Management
B. Mitigation strategies that were developed to address the gaps identified in Sage’s
“Independent Security Report,” ensuring compliance with PCI DSS and GDPR.
The gaps that were identified in Sage’s ISR were the lack of an adequate business
continuity plan, security awareness plan, incident response plan, and information security team,
leading to non-compliance with the security principles and standards of GDPR and PCI-DSS.
Compliance with these two important standards is essential for international businesses.
The following sections will include mitigation strategies to be implemented to address the gaps
and achieve compliance with the industry’s standards.
1. Business Continuity Plan
The mitigation strategy that was developed to address Sage’s BCP and ensure compliance with
GDPR and PCI-DSS was done by developing a thorough and finely detailed recovery plan that
addresses natural disasters. The new mitigation strategy will be used to ensure European data and
cardholder data protection and quickly recover the systems that store or use this data. The BCP
mitigation strategy will include a risk assessment, business impact assessment, emergency
response plan, communication plan, and backup recovery plan. Editing the business continuity
plan to include these attuned details can ensure that the business can withstand any disaster and
is properly prepared for any unforeseen event that could possibly disrupt the business’s
operations.
Cybersecurity Management
Western Governors University
2025
, Cybersecurity Management
A. Summary of the gaps that currently exist Sage’s in “Independent Security Report.”
Sage’s “Independent Security Report”, or aforementioned “ISR,” revealed considerable
gaps in their cybersecurity framework. The gaps will be discussed below.
1. Business Continuity Plan
Sage’s BCP does not encompass the minute details that are important to continue a business in
the event of a natural disaster and no recovery strategies are in place.
2. Inadequate Security Awareness Plan
Sage’s cybersecurity awareness plan is not compliant with the industry’s best practices and
standards in regard to NIST and PCI Requirement 12.6.
3. Inadequate Incident Response Plan
Sage’s IRP does not define roles and responsibilities of team members. The IRP also has
significant shortcomings regarding efficient incident handling and analysis.
4. Inadequate Information Security Team
Sage’s information security team is poorly staffed and is lacking key team members that are
necessary to provide the company with effective security compliance and regulatory efforts.
5. Noncompliance with PCI-DSS and GDPR
Sage currently does not have policies and procedures that would enable it to become and
maintain compliance with two very important global industry standards: PCI-DSS and GDPR.
, Cybersecurity Management
B. Mitigation strategies that were developed to address the gaps identified in Sage’s
“Independent Security Report,” ensuring compliance with PCI DSS and GDPR.
The gaps that were identified in Sage’s ISR were the lack of an adequate business
continuity plan, security awareness plan, incident response plan, and information security team,
leading to non-compliance with the security principles and standards of GDPR and PCI-DSS.
Compliance with these two important standards is essential for international businesses.
The following sections will include mitigation strategies to be implemented to address the gaps
and achieve compliance with the industry’s standards.
1. Business Continuity Plan
The mitigation strategy that was developed to address Sage’s BCP and ensure compliance with
GDPR and PCI-DSS was done by developing a thorough and finely detailed recovery plan that
addresses natural disasters. The new mitigation strategy will be used to ensure European data and
cardholder data protection and quickly recover the systems that store or use this data. The BCP
mitigation strategy will include a risk assessment, business impact assessment, emergency
response plan, communication plan, and backup recovery plan. Editing the business continuity
plan to include these attuned details can ensure that the business can withstand any disaster and
is properly prepared for any unforeseen event that could possibly disrupt the business’s
operations.
