reply to discussion post beolw just half page

To: Chief Information Security Officer

From: VICKYSON J, Merger & Acquisitions Team

Date: March 30, 2020

Subject: Gap Analysis and Security Controls Assessment

Several events which have been identified as contributing factors towards the bankruptcy of Island Banking Services (IBS) where able to occur due to ineffective or non-existent internal controls at the IBS. The lack of effective internal controls enabled criminal conduct to occur unnoticed and prevented the reestablishment of operations after law enforcement personnel removed essential equipment and data for examination. A gap analysis has since been performed as a means of identifying applicable categories or families of security controls to remediate the risk of such events reoccurring and resulting in a shutdown of business operations.

The criminal investigation into IBS was initiated due to criminal activity that occurred at the company and went undetected. This behavior was able to go undetected due to the lack of audit and accountability controls being implemented at IBS. The audit and accountability family of security controls is defined in NIST Special Publication (SP) 800-53, Rev. 4. This family of controls requires the retention and independent review of activities and system records to ensure compliance, detect violations and performance issues, and report unlawful or inappropriate activity (Nieles, Dempsey & Pillitteri, 2017, p. 60). Controls in this family not only require the retention of systems records, but also ensure non-repudiation. This means that users actions can be uniquely traced to ensure accountability (Nieles, Dempsey & Pillitteri, 2017, p. 60). The integrating audit and accountability controls will enable auditors to detect and unlawful activity performed at IBS in the future.

When the law enforcement investigation was initiated, many of IBS’ workstations and servers were seized for forensic examination. This resulted in the halting of financial services provided by the company as IBS did not have a backup hot or cold site identified for continuity of operations. Moreover, the storage media that law enforcement seized as evidence was not backed up. This left IBS with no was to recover the data from the incident. IBS did not have proper contingency plans or incident response plans in place which resulted in a worst-case scenario situation. Having a contingency plan in place would have ensured the company were prepared for this type of incident and would have been to take steps to recover operations and minimize the damage (Nieles, Dempsey & Pillitteri, 2017, p. 61-62). For instance, IBS should have had an off-site processing facility identified with backup equipment available to restart essential operations. Moreover, as part of their contingency planning efforts, IBS also should have developed incident response plans, enabling the company to train employees and test their coop measures (Nieles, Dempsey & Pillitteri, 2017, p. 64). Both Contingency Planning and Incident Response designated security controls are identified under the Cybersecurity Framework as protective controls for information protection (NIST, 2018, p. 35). Having internal controls in place to develop and test contingency plans and incident response efforts may have very well prevented IBS from filing for bankruptcy.

To summarize, security controls from the following families (Audit and Accountability, Contingency Planning, and Incident Response) have been identified as critical gaps in the information security program for IBS. The controls that IBS currently has in place have been deemed ineffective or missing all-together. To remediate the risk of a future shutdown of operations and to deter unlawful actions, such as the that occurred under previous ownership, PBI-FS must look to immediately integrate the appropriate controls into the information security program.

Thank you,

VICKYSYON

Merger & Acquisitions Team

References

Nieles, M., Dempsey, K., & Pillitteri, V. Y. (2017, June). NIST special publication 800-12, revision 1: An introduction to information security. Retrieved from https://csrc.nist.gov/publications/detail/sp/800-12/rev-1/final

NIST (2018, April 16), Framework for improving critical infrastructure cybersecurity. Version 1.1. Retrieved from https://doi.org/10.6028/NIST.CSWP.04162018

#write essay #research paper #blog writing #article writing #academic writer #reflective paper #essay pro #types of essays #write my essay #reflective essay #paper writer #essay writing service #essay writer free #essay helper #write my paper #assignment writer #write my essay for me #write an essay for me #uk essay #thesis writer #dissertation writing services #writing a research paper #academic essay #dissertation help #easy essay #do my essay #paper writing service #buy essay #essay writing help #essay service #dissertation writing #online essay writer #write my paper for me #types of essay writing #essay writing website #write my essay for free #reflective report #type my essay #thesis writing services #write paper for me #research paper writing service #essay paper #professional essay writers #write my essay online #essay help online #write my research paper #dissertation writing help #websites that write papers for you for free #write my essay for me cheap #pay someone to write my paper #pay someone to write my research paper #Essaywriting #Academicwriting #Assignmenthelp #Nursingassignment #Nursinghomework #Psychologyassignment #Physicsassignment #Philosophyassignment #Religionassignment #History #Writing #writingtips #Students #universityassignment #onlinewriting #savvyessaywriters #onlineprowriters #assignmentcollection #excelsiorwriters #writinghub #study #exclusivewritings #myassignmentgeek #expertwriters #art #transcription #grammer #college #highschool #StudentsHelpingStudents #studentshirt #StudentShoe #StudentShoes #studentshoponline #studentshopping #studentshouse #StudentShoutout #studentshowcase2017 #StudentsHub #studentsieuczy #StudentsIn #studentsinberlin #studentsinbusiness #StudentsInDubai #studentsininternational