Company A is a global company based in the United States that operates in the financial industry. Company A serves its customers with financial products, such as checking accounts, bank cards, and investment products. Company A has recently acquired Company B and needs to integrate with or remove similar capabilities and tools from Company B. Company B is smaller in size, has no dedicated cybersecurity professional role, and utilizes third-party support for infrastructure needs. Company B offers specialized software to medical providers and accepts credit cards as a payment option.

The executives of the newly merged company have expressed interest in integrating the use of the cloud to allow for scalability and redundancy. As the security professional of the merged networks, you are tasked with creating a secure network design that includes the use of zero trust principles and that utilizes both on-premises and cloud infrastructure. You also have been tasked with ensuring compliance with all regulatory requirements of the merged company, along with utilizing cloud-based technologies to provide security capabilities. Company executives have provided a budget of $50,000 in the first year to create a secure network design to utilize cloud-based services.
A. Describe twocurrent network security problems and twocurrent infrastructure problems for eachcompany, based on business requirements given in the scenario.

B. Analyze the given network diagram and vulnerability scan for both companies by doing the following:
1. Describe twoexisting vulnerabilities for eachcompany.
2. Explain the impact, risk, and likelihood associated with eachdescribed vulnerability from part B1 as it relates to eachcompany.

C. Create a network topology diagram with details of the proposed merged network requirements.

D. Identify the layer for all components in the topology diagram referencing the layers of the OSI model and TCP/IP protocol stack.

E. Explain the rationale for adding, deleting, or repurposing network components in the newly merged network topology diagram, including details of how eachcomponent addresses budgetary constraints.

F. Explain twosecure network design principles that are used in the proposed network topology diagram.

G. Explain how the proposed merged network topology diagram addresses tworegulatory compliance requirements that are relevant to the newly merged company, including the following in your explanation:
• the name of the regulatory compliance requirement
• why the regulatory requirement is relevant to the newly merged company
• how the proposed merged network topology diagram meets the regulatory requirement

H. Describe two emerging threats that are applicable to the merged organization, including the following in the description:
• potential network security risks of implementing the topology
• potential performance impacts on the merged network after implementation of the proposed design
• how to manage the identified potential security risks

I. Summarize your recommendations for implementation of this proposed merged network based on the scenario and budgetary requirements, including the following in the summary:
• a cost-benefit analysis for on-premises and cloud infrastructure solutions
• a justification for your recommendations to implement the proposed secure merged network design

J. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.

K. Demonstrate professional communication in the content and presentation of your submission.

The post Cybersecurity: You are the cybersecurity professional for Company A and are responsible for protecting the information of the company appeared first on I am Howework Free.

Enhancing Disaster Recovery, Business Continuity, and Continuity of Operations Planning in Modern Organizations
Modern organizations today conduct business in a very volatile environment with increased number of cyberattacks and system outages and natural disasters. These challenges expose key business functions and data to risk which might lead to long shutdowns, financial losses, and reputational cost. Disaster recovery (DR), business continuity (BC) and continuity of operations planning (COOP) therefore become strategic imperatives. These frameworks together guarantee that an organization can survive or be operational soon after the disruptive events.

Disaster Recovery (DR) means the policies and procedures that support the restoration of IT critical systems and data after an interruption. BC guarantees that business operations are able to go on even when adverse conditions exist and the COOP is primarily a government framework in ensuring availability of essential functions. These concepts intersect rather extensively with common efforts to reduce downtime, safeguard data, and protect the integrity of the organization.

Although conscious of the importance, many organizations fail to put into practice effective DR and BC strategies. Major issues include access control deficit, poor or malfunctioning access control lists, and unreliable network infrastructures. In addition, some organizations do not align their practices with known frameworks like the NIST SP 800-34 leaving them vulnerable to major operational disruption. By reviewing prior literature, determining gaps, and inconsistencies, and by making meaningful recommendations, this study seeks to help improve organizational resilience.

1. Literature Review and Analysis

A. Importance of Structured Planning

Kesa, (2023) underscore the importance of structured disaster recovery and planning and continuity of operations especially in high stake industry such as the oil and gas industry. The study revealed the big benefits that organizations such as ADNOC Onshore receive from well documented, regularly updated DR and BC plans. Such plans make a response to crisis predictable and minimize the chances of operational standstill.

According to Barnett-Quaicoo and Ahmadu 2021, the challenge organizations in the developing countries encounter are unique. From their analysis of Ghanaian firms, it is shown that infrastructure constraints and inconsistent regulatory enforcement usually defeat viable disaster recovery initiatives. It is suggested that regular audits and constant plan updates are necessary for solving these problems.

B. Access Control, and ACLs’ role

Access control is an important part of any DR or BC strategy. It decides the authority of access to certain data and systems. According to Sawalha, (2021), the ability to maintain effective role-based access control helps to increase trust from stakeholders and guarantees that recovery environments where only authorized users can come into contact with them. This is especially critical in crisis cases where unauthorized access may result to further damage.

Access control lists (ACLs) allow for tight access permissions control. Improperly configured ACLs may open recovery systems to cyber-attacks even if other components of the DR plan are well thought out. Nurhanudin (2021) criticizes DR plans that are not in line with NIST SP 800-34 framework stating that plans of this kind tend not to include ACLs or do them wrong.

C. Network Security as a Primary Support of Continuity.

Availability and integrity of a system during a disaster are critically dependent on a secure and proof network. According to Corrales-Estrada et al., (2021), sustainability oriented firms often invest in sophisticated network security feature such as firewalls, intrusion detection system (IDS) and real-time monitoring. These features help DR and BC efforts by ensuring protection of systems from both internal and external threats.

Widianti et al. (2024) emphasize the need for virtual protection in unstable risk environments. As the cyber threats change, the stability and reliability of the network infrastructure is more and more important. They promote Zero Trust Architecture, which presupposes that any connection may be compromised and therefore needs to be authenticated.

D. Identity Verification and Authentication

Gupta et al. (2023) examined healthcare institutions in Japan that revised their continuity plans after the 2011 Great East Japan Earthquake. These institutions adopted more rigorous user verification systems, which enhanced access security very substantially and minimized vulnerabilities. Their experience shows that identity management is not a security requirement, but it is a mandatory aspect of the continuity planning.

E. Organizational Integration and Process Resilience

Ostadi et al. (2023) introduce the concept of a process resilience model which merges DR, BC, IT governance and access control in a single model. Cross departmental collaboration and alignment of recovery strategies with general organizational goals is advocated for in this approach. This integration is, however, rarely present in the current practices, where departments work in silos.

F. Cultural Readiness and Training

Barnett-Quaicoo and Ahmadu (2021) emphasize the need for the organizational culture to be supportive of preparedness. Tools and policies are ineffective unless the employees understand and are committed to them. Proper training, simulations and assessment can make all the difference in developing this culture and continuity plans.

2. Identified Gaps and Recommendations

The success of resilience with effective Disaster Recovery (DR), Business Continuity (BC), and Continuity of operations Planning (COOP) however depends not only on the presence of strategies but also their integration, implementation and improvement. Even with knowledge of these frameworks, most organizations lack execution, leaving them open to operational disruption and legal and data breaches.

a. Gaps in Integration and Framework Adoption.

One of the critical shortcomings of DR and BC planning is the failure of organizations to embrace proven frameworks, such as the National Institute of Standards and Technology (NIST) SP 800-34, to achieve a full implementation of these frameworks. Although this framework has a complete framework that can be used for the development of effective contingency plans and their maintenance, many of the businesses just implement it on a surface level or disregard its implementation completely. Recovery and continuity efforts, however, tend to be fragmented – with different departments each managing DR, BC, IT security and compliance in silos. This approach weakens coordination and makes response plans ineffective in crises.

Lacking a unified strategy, organizations find themselves unprepared to manage cascading failures such as cyberattack –data breach, operational stop, and regulatory fine. As Ostadi et al. (2023) point out, real process resilience presupposes combining risk management, IT governance, and security planning. In order to close this gap, organizations should deploy a holistic operational resilience framework that is consistent to standards such as NIST SP 800-34 or ISO 22301. Consistent audits and cross functional continuity committees can guarantee that disaster recovery strategies not only are developed but are dynamic, relevant and integrated with overall risk management objectives.

b. Weak Access Management Practices

Access control is an important part of secure and effective DR and BC systems, but poor practices in this field remain a problem for organizations. The most common problem is the tendency to use outdated, or too permissive ACLs, which do not limit data access to only those authorized to access it. This is often the case of over-privileged accounts, a major vulnerability both internal and external attackers take advantage of. Failure to enforce access control policies in DR environments has the tendency to lower security thresholds favoring unauthorized entry in sensitive recovery processes, as indicated by Nurhanudin (2021).

RBAC on the other hand provides a more granular secure model of accessing resources in that permissions are granted through job roles instead of individual. Further, the addition of Multi-Factor Authentication (MFA) is an extremely important aspect of identity verification especially when performing high risk activities such as system recovery or data migration. Organizations should also ensure log of access attempt and monitoring. Periodic reviews of access logs in conjunction with user access recertification can detect anomalies or breaches that would normally remain undetected. Such practices strengthen the DR environment and provide compliance to cybersecurity regulations.

c. Network Security Shortcomings

The backbone of operational continuity is network security, but most organizations do not invest enough into this area. Lacking robust protections, the networks themselves that support disaster recovery systems can become vectors. For example, poorly segmented networks provide simple avenues for malware or attackers to move laterally, which could well result in a backup system or recovery tools being compromised during an incident.

Zero Trust Architecture (ZTA) is one of the presented models where there is no implicit trust, even inside the periphery of the network. Each user and device needs a constant authentication and authorization before accessing the resources. This decreases the level of intrusions as well as enhances the security posture of the organization in the primary and the backup environment.

Besides ZTA, organizations need to implement network segmentation to segregate the critical assets and stop the spread of the threats. Firewalls, intrusion detection systems (IDS) and continuous monitoring of the network are also needed. According to Corrales-Estrada et al. (2021) resilience capabilities can be much improved if the organizations invest in real time network visibility tools that can detect suspicious activities and vulnerabilities while they are still in their infancy. Consequently, proactive network security practices form the basis of any successful DR or COOP plan.

d. Limited Training and Cultural Engagement

Technical safeguards are insufficient to assure continuity of business. Misunderstands, human error, and lack of preparedness are standard causes of operational failings during emergencies. One of the major gaps highlighted in the literature is the absence of all-round employee training and involvement in continuity planning. Unfortunately, in many cases continuity plans are drafted by a small committee, which is beyond the reach or unknown to most of the staff.

To solve this problem, organizations need to hold regular training sessions, simulation exercises and tabletop drills that involve staff from all departments and level. These activities enable employees to know what they are required to do and reset coordinated response in a controlled environment. Feedback obtained from conducting such drills may identify loopholes in the continuity plan, and should therefore be used otherwise modified accordingly.

Additionally, leadership need to create a culture of preparedness by focusing on the importance of continuity planning as an aspect of operations. Sawalha (2020) accented the importance of not only the right tools, but also the right organizational mindset. Implementing continuity values in organizational culture prevents DR and BC from being treated as IT-only issues but offers a concerted effort important to business survival.

e. Legal and Policy Clarity

Another less spoken about but equally important issue under consideration is the absence of legal and policy clarity on access rights and responsibilities in continuity environments. Ambiguities in the definition of such terms as “authorized access”, “privileged user”, or “system administrator” can cause misunderstandings and policy violation and yet result in legal conditions after an incident.

Organizations require well documented policies that define user roles and access permission, and acceptable behavior especially emergency situations where the normal procedure can be ignored. Such policies should be shaped with the assistance of legal, compliance, and cybersecurity experts so that such policies could correspond to the national regulations, e.g. GDPR, HIPAA, or the Cybersecurity Maturity Model Certification (CMMC).

In addition, continuity policies should specify accountability arrangements, specifying who is to activate plans, grant emergency access, and document what has been done during recovery. Barnett-Quaicoo and Ahmadu (2021) state that in developing regions where infrastructure risk is high, poorly defined access policies increase operational vulnerabilities. Therefore, the use of clear legal language and accountability protocols is important for execution as well as post incident analysis of recovery strategies.

Conclusion

Access control, ACLs, and network security are not a stand-alone element, but organic elements of a unified approach to disaster recovery, business continuity and continuity of operations. The literature reviewed confirms the idea that these components should function in a coordinated manner to achieve organizational resilience.

Even with technological and awareness gains, policy integration gaps, training gaps, and security gaps in infrastructure still exist. By embracing a unified process resilience model, concordant with international frameworks and establishing a culture of preparedness, organizations will be better able to withstand disruptions and operate core operations.

In an era where digital transformation and cyber threats walk hand in hand, the world requires more than ever a strong, adaptive, and adequately integrated DR, BC, and COOP strategies. Such organizations that will proactively take care of these areas will be in a better position to get around crises and come out stronger.

References

Kesa, D. M. (2023). Ensuring resilience: Integrating IT disaster recovery planning and business continuity for sustainable information technology operations. World Journal of Advanced Research and Reviews, 18(3), 970-992.

The post Bibliography References appeared first on I am Howework Free.

Must post first.

Subscribe

Risky Business: How Can U.S. Companies Protect their Digital Assets Overseas?

Prepare a 3 to 5 paragraph briefing statement that can be used to answer the above question. Your audience will be senior leaders who provide expert advice and opinion to the governance board in their respective companies.

Post your briefing statement as a reply to this topic. Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.

If you need help getting started: visit

· https://www.sba.gov/business-guide/grow-your-business/export-products

· https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights/protecting-your-critical-digital-assets-not-all-systems-and-data-are-created-equal

The post Discussion 7 Risky Business: How Can U.S. Companies Protect their Digital Assets Overseas? appeared first on I am Howework Free.

Must post first.

Failure to understand what drives customer demand in the cybersecurity market can result in a quick trip to bankruptcy court or a forced sale of a company. For this reason, product developers, service providers, and other types of vendors (e.g. resellers, systems developers, federal or state contractors, etc.) need to understand what drives current and future customer demands and requirements for technologies, products, and services. Once the relevant market factors are identified, companies can develop strategies for meeting current and future demands for products and services — figuring out what customers want to buy and then providing it at a profit.

One of the most commonly used sets of market factors is referred to as PEST. The four factors in this set are:

· Political-Legal factors (e.g. laws & regulations — consider both current and proposed, cybercrime, cyber terrorism)

· Economic factors (e.g. fines for non-compliance with laws or regulations, availability of trained workforce, profitability of purchasers, availability of venture capital or credit for business startups)

· Socio-cultural factors (privacy concerns, pervasiveness of computers and digital devices, digital divide, “hacker” culture)

· Technological factors (product lifecycles, cloud computing, Internet of Things, etc.)

In this activity, you will explore the 4 PEST factors. Look for information that explains why a company must identify and assess the impact these factors have or will have on the demand for IT security solutions (products or services). (Hint: GDPR is having a significant impact on two factors — political-legal and economic — for companies that do business in Europe.)

Present your findings in a 3 to 5 paragraph briefing paper. Your audience is a group of technical and non technical managers who are attending a monthly business round table sponsored by Nofsinger Consulting Services.

Post your briefing paper as a reply to this topic. Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.

The post Discussion 6 Exploring Factors which Drive Market Demand for Cybersecurity Products and Services appeared first on I am Howework Free.

In 250 word, answer the questions below with 4 evidence base scholarly articles in APA format.

1. Discuss what you find interesting about the origin of the internet covered in Chapters 7 and 8 of the PDF.

Book: Comer, D. E. (2018). The Internet Book: Everything You Need to Know about Computer Networking and How the Internet Works (Vol. 5th)

2. What do you feel they got right, wrong, and still has room for improvement.

In 800 word total, replying to the 4 post below. Each reply must be 200 word.

The post Week 1 Discussion: Discuss what you find interesting about the origin of the internet covered in Chapters 7 and 8 appeared first on I am Howework Free.

You have been invited to participate in a round table discussion on the above topic at a conference on Best Practices for IT Security Management. For this activity you must prepare a 3 to 5 paragraph briefing statement which answers the following questions. You must use and cite information from the weekly readings.

1. What is stakeholder theory? How does it drive requirements to spend money on cybersecurity products & services?

2. How does social contract theory apply to purchasing requirements for cybersecurity products & services?

3. Name and briefly describe 3 ethics issues that IT Security managers and staff may encounter when selecting and evaluating cybersecurity products & services. (Use examples to drive home your points.)

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.

The post Discussion 8: Ethical Practices for Cybersecurity Investments & Purchases appeared first on I am Howework Free.

In 2 pages, answer the questions below with 5 evidence base scholarly articles in APA format.

In the 1970s, one of the main arguments in favor of using closed technologies focused on economics: companies asked how they could make money if other companies could build the same products.

1. Perform an online research and conduct a compare and contrast the histories of Cisco Systems products that use open Internet standards against the Digital Equipment Corporation that use proprietary DECNET protocols.

2. Which was most successful?

The post Computer Science WK1 Assignment appeared first on I am Howework Free.

Milestone 3 — Project Submission

Prepare your capstone project according to the Capstone Project template Download Capstone Project template. The template will guide you through:

The style guidelines and the structure of the paper.
The content of the project report (such as details on how to summarize the background information, application details, discussion section).

Important note: Please carefully read the template even before starting to work on your proposal. It will help you comprehend the depth and breadth of the capstone project.

Submit your project in Module 10. Your submission should include both your capstone project report and presentation slides.

Note that course material does not include a template for your presentation. The main sections of the presentation should be consistent with your capstone project report.

2 Create a Power point Action Item

prepare your report using Capstone Project template Download Capstone Project templateprovided. Reading through the template will guide you through:

The style guidelines and the structure of the paper.
The content of the paper.

Prepare a 15-minute, 6- to 10-slide presentation based on your report.

Note that course material does not include a template for your presentation. The main sections of the presentation should be consistent with your project report.

The post ISEC690 Capstone Project Progress Report appeared first on I am Howework Free.

Explain how you can access ARM and how templates can be created to use with it.

150-200 words

The post Explain how you can access ARM and how templates can be created to use with it appeared first on I am Howework Free.

Recommendations (65 points)
Recommendations: Create a Word document recommending opportunities for improvement (CQI) for each hospital based on the deficiencies identified.
1. Recommendations should be one page per healthcare facility with top 3 areas of improvement based on legal, privacy and operational areas studied throughout the course.
2. Your recommendations should include the type of trends that would be important to monitor and evaluate.
3. APA format is required including a Title Page
4. Citation page required to justify your analysis. A minimum of 2 sources are required of which one can be your Course E- Book.
Summary of Required Submissions:
1. Provider Deficiency Report: Word Document with Screenshot
2. Recommendations: Word Document
**REMINDER: You will be submitting 2 Word Documents**

The post Data Application Project appeared first on I am Howework Free.