Cybersecurity
Management - D489
wiseman 14|2|2025 D489
,WGU D489 Task 1: passed first submission|2025 Update.
Cybersecurity Management - D489
Western Governors University
Flex Vaughn
11/11/2024
, A. Summarize the gaps that exist currently in the company’s security framework as
described in the attached “Independent Security Report.”
The gaps that currently exist in the company’s security framework are as follows
Lack of alignment with security best practices and industry standards:
The company’s security program lacks an approach that covers securing and protecting
organizational assets, Security of Payment Card data and privacy protection for customers
located in the European Union. SAGE books lack policy elements that outline acceptable use,
mobile device poly, secure passwords etc. The company also processes card payments and
should be abiding by the PCI DSS Standard requirements but SAGE books does not have any
documentation stating that they are following these standards or accept these payments in
accordance with PCI DSS. Finally, SAGE does not currently have any specific measures to
protect the collection, storage and use of data of their customers in the European Union as
outlined in the GDPR.
Understaffed security team:
SAGE books currently has a security team that meets operational security goals but they
do not have a sufficient Governance Risk and Compliance team. This could lead to a lapse in
compliance in regulations such as GDPR, FISMA or PCI DSS, which could then lead to lawsuits
and sanctions.
Inadequate cybersecurity awareness program:
The current cybersecurity awareness training is Ad Hoc meaning, on an as needed
basis. Furthermore, only a quarter of new hires and only 10% of current employees took the
training. The training content also does not meet requirements outlined in best practices or
standards.
Management - D489
wiseman 14|2|2025 D489
,WGU D489 Task 1: passed first submission|2025 Update.
Cybersecurity Management - D489
Western Governors University
Flex Vaughn
11/11/2024
, A. Summarize the gaps that exist currently in the company’s security framework as
described in the attached “Independent Security Report.”
The gaps that currently exist in the company’s security framework are as follows
Lack of alignment with security best practices and industry standards:
The company’s security program lacks an approach that covers securing and protecting
organizational assets, Security of Payment Card data and privacy protection for customers
located in the European Union. SAGE books lack policy elements that outline acceptable use,
mobile device poly, secure passwords etc. The company also processes card payments and
should be abiding by the PCI DSS Standard requirements but SAGE books does not have any
documentation stating that they are following these standards or accept these payments in
accordance with PCI DSS. Finally, SAGE does not currently have any specific measures to
protect the collection, storage and use of data of their customers in the European Union as
outlined in the GDPR.
Understaffed security team:
SAGE books currently has a security team that meets operational security goals but they
do not have a sufficient Governance Risk and Compliance team. This could lead to a lapse in
compliance in regulations such as GDPR, FISMA or PCI DSS, which could then lead to lawsuits
and sanctions.
Inadequate cybersecurity awareness program:
The current cybersecurity awareness training is Ad Hoc meaning, on an as needed
basis. Furthermore, only a quarter of new hires and only 10% of current employees took the
training. The training content also does not meet requirements outlined in best practices or
standards.
