Banner

No More Worries!

image 
Our orders are delivered strictly on time without delay

Paper Formatting

  • Double or single-spaced
  • 1-inch margin
  • 12 Font Arial or Times New Roman
  • 300 words per page

No Lateness!

image 

Our orders are delivered strictly on time without delay

Our Guarantees

image

  • Free Unlimited revisions
  • Guaranteed Privacy
  • Money Return guarantee
  • Plagiarism Free Writing

Cybersecurity Strategy & Plan of Action

You have been assigned to support the Padgett-Beale Merger & Acquisition (M&A) team working under the direct supervision of Padgett-Beale’s Chief Information Security Officer (CISO). The M&A team is in the planning stages for how it will integrate a new acquisition, Island Banking Services, into the company as its financial services arm (PBI-FS). Initially, PBI-FS will function as a wholly owned subsidiary which means that it must have its own separate cybersecurity program.

Your first major task (Project #1) will be to help develop a Cybersecurity Strategy & Plan of Action for PBI-FS. Island Banking Services never had a formal cybersecurity program so you’re starting from scratch. You will need to research best practices as well as relying heavily upon what you learned in your undergraduate studies in Cybersecurity Management and Policy. The CISO has provided detailed instructions for this task. (These appear after the Background section below.)

Background
After five years of operation, Island Banking Services -- a non-U.S. firm -- was forced into bankruptcy after criminal money laundering charges were filed against the company and its officers. Padgett-Beale, Inc. purchased the digital assets and records of this financial services firm from the bankruptcy courts. The purchased assets include licenses for office productivity software, financial transactions processing software, database software, and operating systems for workstations and servers. Additional assets included in the sale include the hardware, software, and licensing required to operate the company’s internal computer networks.

Figure 1. Island Banking Services IT Infrastructure Purchased by Padgett-Beale, Inc.

Padgett-Beale’s legal counsel successfully negotiated with the bankruptcy court and the criminal courts for the return of copies of the company’s records so that it could restart Island Banking Service’s operations. The courts agreed to do so after Padgett-Beale committed in writing to reopening the customer service call center (but not the branch offices) on the island. Reopening the call center will provide continued employment for 10 island residents including 2 call center supervisors. Padgett-Beale intends to relocate the call center to a company owned property approximately 10 miles away from the current location and adjacent to a newly opened Padgett-Beale resort.

Padgett-Beale’s Risk Manager has recommended that the Merger & Acquisition plan be amended such that Island Banking Services would be operated as a wholly owned subsidiary for a period of 5 years rather than being immediately and fully integrated as an operating element of Padgett-Beale. The company’s attorneys agreed that this would be the best approach given the potential for additional legal troubles related to the actions of the previous owners and employees. The Board of Directors has signed off on this amendment to the M&A plan and stipulated that the new subsidiary will be named PBI Financial Services (PBI-FS). The company officers and senior managers for PBI-FS will be named at a later date. For now, the leader of the M&A Team will serve as the Chief Operating Officer. Padgett-Beale’s Chief Information Security Officer will be loaned to PBI-FS while a search is conducted for a dedicated CISO for the subsidiary.

CISO’s Detailed Instructions to You
The CISO has given you and your team mates a set of instructions (below) which you should follow as you complete this task.

Task #1: Read and Analyze the Background Materials
If you have not already done so, read the Background information in this file. Next, review the Padgett-Beale M&A Profile 2020 which was posted to the LEO classroom. You should also review all materials from the classroom for Weeks 1 – 4 as these provide needed information about the Financial Services industry and the legal and regulatory requirements which apply to this industry.

Task #2: Perform a Gap Analysis & Construct a Risk Register
Using the information available to you, determine the most likely information technology/security gaps which existed at Island Banking Services prior to its being acquired by PBI. Next, determine which of these, if not addressed, will likely exist in the newly formed subsidiary PBI-FS. Document your analysis and evaluation in a Gap Analysis.

Your Gap Analysis should address operating issues relating to confidentiality, integrity, and availability (CIA) of information, information systems, and information infrastructures owned or used by PBI-FS. Your analysis should also consider and use the People, Process, and Technology framework.

Step 1: Identify 10 or more significant cybersecurity issues/challenges/risks which the background information and M&A profile indicate currently exist at PBI-FS / Island Banking Services. You are allowed to “read between the lines” but must be able to map your analysis and findings to specific statements from these documents. These items will become your “Gaps” for the Gap Analysis. Use one or more cybersecurity frameworks or standards (e.g. NIST CSF; People, Processes, and Technologies; Confidentiality, integrity, availability) to organize your analysis.

Full Answer Section

          Here are 10+ significant cybersecurity gaps/risks identified, mapped to the PPT and CIA frameworks, and traced to the background statements:
1. Governance, Risk & Compliance (GRC) Program Deficiency (Process / Confidentiality, Integrity)
  • Gap: Complete absence of a formal, mature GRC program, policies, and a culture of compliance.
  • Evidence: "Island Banking Services never had a formal cybersecurity program..." The criminal money laundering charges against the company and its officers strongly suggest a systemic failure in regulatory compliance and internal controls.
  • Risk: Without a defined program, PBI-FS is highly vulnerable to regulatory fines, legal liabilities, reputational damage, and continued illicit activities, directly impacting the integrity and confidentiality of financial transactions and customer data.
2. Insider Threat & Lack of Personnel Security (People / Confidentiality, Integrity)
  • Gap: A highly significant insider threat risk stemming from the previous ownership/employee actions, and an absence of robust personnel security measures.
  • Evidence: "...criminal money laundering charges were filed against the company and its officers." This directly implies involvement of insiders in illicit activities.
  • Risk: Current or future employees, particularly those associated with the previous regime, could be vectors for financial crime, data exfiltration, or system sabotage, jeopardizing the confidentiality and integrity of all financial operations.
3. Inadequate Security Architecture & Controls (Technology / Confidentiality, Integrity, Availability)
  • Gap: Lack of foundational security controls and a well-designed secure IT architecture.
  • Evidence: "Island Banking Services never had a formal cybersecurity program..." implies that security was not a design consideration for their infrastructure or software. The purchased assets are just "licenses for office productivity software, financial transactions processing software, database software, and operating systems for workstations and servers," along with "hardware, software, and licensing required to operate the company’s internal computer networks." There's no mention of security software, firewalls, intrusion detection systems, or security configurations.
  • Risk: The inherited IT infrastructure likely has inherent vulnerabilities, misconfigurations, and lacked critical security layers, making it susceptible to external attacks (hacking, data breaches) and internal misuse, compromising CIA.
4. Data Integrity and Authenticity Concerns (Process & Technology / Integrity)
  • Gap: Compromised data integrity and authenticity dueating to past money laundering activities and lack of security program.
  • Evidence: "...criminal money laundering charges were filed against the company..." and "Padgett-Beale’s legal counsel successfully negotiated...for the return of copies of the company’s records..." implies that the original records may have been tampered with or are suspect.
  • Risk: The reliability of historical financial data is questionable, impacting financial reporting accuracy, auditing, and potential ongoing legal issues. Ensuring the integrity and authenticity of newly generated data is also at risk without proper controls.
5. Lack of Security Awareness & Training (People / Confidentiality, Integrity, Availability)
  • Gap: The previous company likely had no security awareness program for its employees, leaving them vulnerable to social engineering and internal policy violations.
  • Evidence: "Island Banking Services never had a formal cybersecurity program..." This extends to staff education. The money laundering charges also point to a culture where employees (including officers) engaged in or enabled illicit activities, indicating a lack of ethical and security training.
  • Risk: New employees, including the 10 call center residents, if not properly trained, could inadvertently fall victim to phishing, malware, or contribute to operational security weaknesses, leading to data breaches or system compromise.
6. Absence of Incident Response & Disaster Recovery Planning (Process / Availability, Integrity)
  • Gap: No existing framework or documented procedures for handling cybersecurity incidents or recovering from disasters.
  • Evidence: "Island Banking Services never had a formal cybersecurity program..." This implies a reactive, rather than proactive, stance to security events.
  • Risk: Any future security breaches, system failures, or natural disasters could lead to prolonged downtime, significant data loss, and an inability to resume critical financial operations, severely impacting availability and integrity.
7. Supply Chain & Third-Party Risk Management (Process / Confidentiality, Integrity, Availability)
  • Gap: No established process for vetting the security posture of software vendors or third-party service providers.
  •  

Sample Answer

       

Project #1: Cybersecurity Strategy & Plan of Action for PBI-FS

   

Task #2: Gap Analysis & Risk Register

  Analysis Scope Limitation: This Gap Analysis is based solely on the "Background" information provided in the prompt. It does not incorporate information from "Padgett-Beale M&A Profile 2020" or "materials from the classroom for Weeks 1 – 4" as those documents are inaccessible to this AI. Frameworks Used:
  • People, Process, Technology (PPT): A comprehensive framework for organizing cybersecurity elements.
  • Confidentiality, Integrity, Availability (CIA): The foundational principles of information security.
 

Gap Analysis for PBI-FS (Derived from Island Banking Services' Legacy)

  The background information paints a stark picture of Island Banking Services (IBS) being forced into bankruptcy due to "criminal money laundering charges" against the company and its officers, and the subsequent purchase of its "digital assets and records" by Padgett-Beale. This immediately signals severe underlying cybersecurity and compliance deficiencies.

Satisfaction Guaranteed

image

  • Research Paper Writing
  • Essay Writing
  • Dissertation Writing
  • Thesis Writing

Why Choose Us

image

  • Money Return guarantee
  • Guaranteed Privacy
  • Written by Professionals
  • Paper Written from Scratch
  • Timely Deliveries
  • Free Amendments