PROJECT

Running Head: PROJECT 2: IMPLEMENTATION PLAN

1

IMPLEMENTATION PLAN

2

Project 2: Implementation Plan

February 22, 2022

1. Introduction

In the increased advancement of technology and other innovations, the world has recorded many cases of cyber security threats, particularly in 2020/2021. As per the cyber security statistics in 2021, it was found that in 2021 alone cyber security data breach cost tremendously increased from $3.86 million to $4.24 million. This will be an exponential increase that has never been witnessed over the last 17 years. As provided by extensive research conducted by Cybersecurity Ventures, it is estimated cyber security attacks are expected to rise (Aliman & Kester, 2020). As per the report prepared by Cybersecurity Ventures, in every 11 seconds, there is at least one cyber security attack noted across the globe. The increasing rise of cyber security attacks can be attributed to technological advancement which has made it easy for cybercriminals to come up with new complex techniques of launching their attacks without being detected. Also, new forms of malware and ransomware along with other cyber-attack approaches have been invented an aspect that has provided it difficult for the organization with obsolesce technology to be able to effectively monitor, detect and perhaps prevent such attacks.

In recent days, cyber threats have become more pronounced in the financial and banking industry. among the top three cyber security threats and risks in the banking and finance industry include mobile apps which have increased the number of online users who can access their banking information via a single click on their mobile devices (Aliman & Kester, 2020). Lack of effective and reliable security in such mobile devices along with the banking apps installed in the said phones has made it easy for cybercriminals to take the advantage of device vulnerability to exploit personal and sensitive data about banking and other important financial transactions. Secondly, there are also third-party data breaches. As more and more online services and applications are developed and implemented for use in executing various business and monetary-related transactions, hackers have found a new way of obtaining confidential information from online banking services users. Cybercriminals are now using shared banking systems along with third-party networks to launch attacks since many of these systems and networks are not amply secured from potential internal and external attacks. Lastly their cryptocurrency hacks. Upon invention in 2009, up to date much has not been done to secure decentralized currency markets, in each year financial and banking instructions have been counting losses of valuable information and lots of money through cryptocurrency hacking.

The purpose of this report or security plan is to help Beale Financial Services (PBI-FS) organization as a custodian of money have adequate knowledge about exiting security vulnerabilities and risks in its IT department. By so doing this plan will provide insightful concepts about cyber security threats and risk management strategies that could be adopted and implemented to prevent financial losses, secure personal, sensitive, and confidential data that could be otherwise accessed and sold to the dark web by malicious cybercriminals (Aliman & Kester, 2020). Besides that, this plan aims to offer an extensive approach for cyber risk management that helps Beale Financial Services (PBI-FS) as an organization to protect and perhaps preserve its banking and financial services reputation. For the company to retain a larger customer base there is a need to build trust and assure the clients that their data and other critical information is safe and free from any possible cyber-attacks. Additionally, security controls along with other cyber threat mitigation measures that will be discussed in this report will be also beneficial to the Beale Financial Services (PBI-FS) organization in the sense that it will help the company to reduce the chances of facing lawsuits due to compliance issues. This will further prevent any possible penalties that may be imposed by cyber security compliance and regulation agencies.

2. Thesis statement.

Based on the scenarios presented for the preparation of this security plan for implementation in the Padgett-Beale Financial Services (PBI-FS) organization, this paper will focus on various security elements that need to be developed, adopted, and implemented by Padgett-Beale Financial Services (PBI-FS) organization to prevent financial losses and other potentials cyber security issues that could otherwise impact the company's business as well as brand's reputation. Among the key elements of the intended security, strategies meant for Padgett-Beale Financial Services (PBI-FS) will entail; business goals and project goals with respect to anticipated security strategies that should be implemented. This paper will also aim at highlighting various assumptions of cyber security strategies. Other key elements of this cybersecurity project are possible barriers, project constraints, project management plan which will be composed of people, processes, and technologies that will facilitate easy and smooth implementation of the security strategy for Padgett-Beale Financial Services (PBI-FS).

Besides that, the major aim of this project will be to provide extensive knowledge on the move for Strategy implementation in the FBI-FS company. this strategy management will be composed of various Security controls such as Baseline mandatory controls along with Compensatory controls that will be made of administrative, operational, tactical control measures. Above that, this project will also focus on proving more security details about System development life cycle/schedule (SDLC) in which case the seven phases of SDLC such as planning, requirements, design, development, testing, deployment, and maintenance will be broadly be discussed to help (PBI-FS) organization have extensive understanding in the kind of systems, technologies, and software that need to be used in banking and financial transactions to prevent any possible security threats from affecting is key IT assets. Perhaps this report will also provide insightful knowledge about Enterprise IT architecture diagrammatic presentation PBI-FS's IT architecture, comprising of key components such as hardware, software, as well as network infrastructure. Finally, this discussion will highlight various approaches that need to be adopted by PBI-FS company as cybersecurity defenses.

3.0. Goals and objectives.

Based on the security needs of PBI-FS company it is good to note that its objectives and goals have been categorized into two; these are business goals and objectives as well as project goals and objectives. To begin with, PBI-FS company's business objectives can be described as its daily operations and activities that must be undertaken to ensure that the company is expanding and growing financially. Among these objectives include the creation of transaction media, making loans, and increasing profit margins (Austin, 2018). On the other hand, project goals and objectives entail all the activities that are aimed at developing, adopting, and implementing cyber security approaches that could facilitate effective security ensuring the safety of its data and critical assets. For a better understanding of PBI-FS organizational business and project goals and objectives, let us consider the highlighted elements below.

3.1. Business goals and objectives.

The following are the PBI-FS business goals and objectives.

· PBI-FS will be working towards ensuring that as an organization its staff and other key stakeholders are strictly adhering to the highest level of transparency. This is the best move towards protecting the brand's reputation by establishing trust among the community members who are key stakeholders of the company. To achieve this, the company will be advocating for progressive communication and collaboration among the staff, shareholders executives (Austin, 2018). Progressive communication and sharing of ideas will educate all members on the essence of establishing and building trust in an organization such as PBI-FS and its essence in business in attracting more investors.

· Continuous assessment of the company’s business operations to facilitate identifications of potential challenges that may negatively impact its business. Workflow, duties delegated and assigned to various staff members should be continually assessed to find out what challenges employees face and what needs to be done in order to facilitate smooth operations free of turmoil.

· Nurturing collaboration and teamwork among the staff, executives, and shareholders. Collaboration among the above-mentioned people will help PBI-FS to solve complex issues that could otherwise result in devastating impacts on business (Austin, 2018). Collaboration among various departments within the PBI-FS company will ensure that every member is well educated and made aware of Cybersecurity issues that could hamper daily business operations.

· Also, the company must be working towards ensuring business data confidentiality. Given that PBI-FS is a financial institution, its major focus and agenda number one as part of its business objectives and goals is to protect personal data and other sensitive clients' details by reinforcing updated security approaches (Cheng et al., 2019). this can be achieved via continuous assessment of the current security state of its IT systems to assess any possible vulnerabilities and perhaps deploy effective risk mitigation measures.

· Another key business goal and objective for PBI-FS is to build trust with its clients, investors, and other financial partners. To achieve this objective the company, need to adopt and implement a robust cyber security system that will be able to, monitor, detect and resolve any potential threats (Austin, 2018). By so doing it will be able to instill trust and confidence among its stakeholders and customers

3.2. Project goals and objectives.

As mentioned earlier, project goals and objectives for PBI-FS are focused on effectively dealing with issues regarding required preparations that will facilitate implemented of appropriate cybersecurity measures that will help the company detect and mitigate cyber threats whenever they are identified.

The primary project goals and objectives for PBI-FS include;

· Designing and developing security systems; means that before the implementation of a cybersecurity management plan, it will be wise for the company to assess security vulnerabilities and security needs for its IT assets, and by so doing it will be easy to identify and select security systems that meet business needs and perhaps that is in line with legal compliance requirements. Security systems to be selected must be able to protect data integrity, confidentiality and ensure data availability whenever needed for use in business operations (Cheng et al., 2019).

· Perhaps, the project goals and objective will also be focused on designing and developing security procedures, system controls, formulating and documenting security best practices and along with solutions on how to effectively handle security incidences whenever they occur. This means that before the implementation of the Cybersecurity Management Plan (CMP). This will help the company set a security culture that best suits its business and that can ensure all the regulatory and compliances policies are followed to the latter (Cheng et al., 2019).

· Develop and implement security training programs. With increased cases of cyber security threats across various financial institutions, it will be essentially good to train and educate staff and other stakeholders on the importance of protecting business assets from both external cybercriminals and insiders, this will help reinforce and create a progressive cyber security and business risk awareness an aspect that will facilitate smooth adoption and implementation of Cybersecurity Management Plan (CMP) within the PBI-FS company (Cheng et al., 2019).

· Formulation and development of security response plans such as incidence response action plan that will provide procedures, teams members who will be given the responsibilities to provide assistance whenever there is business risk, crisis or threats. Emergency response and incidence response measures should be put in place before the implementation of the Cybersecurity Management Plan (CMP) (Daswani & Elbayadi, 2021).

4.0. Scope

As a project, the scope of the Cybersecurity Management Plan (CMP) will be limited to business activities alongside data protection strategies for Padgett-Beale Financial Services (PBI-FS). The main objective of this project is to provide security guidelines that will help Padgett-Beale Financial Services (PBI-FS) as a financial institution that will soon start operating in the United States. Since Padgett-Beale Financial Services (PBI-FS) is a newly established financial company that will be required to operate under United States cyber security laws and regulations. Given that cybersecurity threats have been on hiking in the last few years, therefore this project will focus on developing a secure network that will guarantee effective protection of Padgett-Beale Financial Services (PBI-FS) IT systems and other critical assets such as databases (Daswani & Elbayadi, 2021).

As provided in the Padgett-Beale Financial Services (PBI-FS) current cyber security status and kind of software, programs, device's, applications, and type of operating system it uses, this project will also exert its research to provide insights that the company could adopt in order to update and upgrade its cyber security architecture to meet legal compliance requirements in its country of operation (Daswani & Elbayadi, 2021). Lastly, this project will also assess PBI-FS’s IT and security system infrastructure's susceptibility and vulnerabilities to cyber-attacks so as to come up with the most advanced cyber threat mitigation measures that could be implemented by this company to help monitor, detect and mitigate cyber security threats whenever they are identified.

5.0. Assumptions

As per the assessment of the PBI-FS security needs the Project’s assumptions will be;

· The finance dataset will be the primary target by hackers. Given that the current security systems of PBI-FS are outdated with minimal security controls, cybercriminals will be opportunities to the existing system's vulnerabilities and launch attacks that could otherwise lead to devastating impacts (Gupta & Mamta, 2021).

· The project also assumes that external attackers along with insider attackers may collaborate to exploit the company's data for their malicious motives.

· Perhaps the projects will work on the assumption that PBI will be exposed to a wide range of cyber-attacks if appropriate measures are not taken at the right time (Gupta & Mamta, 2021).

· It is also assumed that the company’s reputation is at risk given that its security systems have not yet been upgraded. This may also attract lawsuits due to non-compliance to security regulations set forth to prevent exposure of sensitive financial data to cyberspace for exploitation (Gupta & Mamta, 2021).

· It also assumed that without proper training to create cyber security awareness, staff members can unintentionally expose the company to cyber threats that could gain access to sensitive data.

6.0. Constraints.

6.1. Project constraints.

There are many projects constraints that need to be considered in this aspect. Among these include;

6.1.1. Legal-related issues.

As provided by the Bank Secrecy Act (BSA) 31 USC 5311 regulations along with cyber security compliance policies with regard to the international data protection and security standards, cyber security regulation agencies like International Electrotechnical Commission (ISO/IEC) 27001 may pose some challenges to effective development and implementation of this project. This means that such regulatory bodies and Foreign Assets Control Regulations (OFAC) 31 CFR 500 will likely place some constraints for Beale Financial Services (PBI-FS) business operations (Gupta & Mamta, 202).

6.1.2Time factor.

In any project, time is considered as the primary constraint that may negatively impact the success of the project. Given that a cybersecurity management plan is a complex process, the time frame set for this project may not be sufficient enough to the guarantee success of the project (Hare, 2010).

6.2. Barriers to success.

One of the primary barriers to the success of this project is;

6.2.1 lack of sufficient Capital or finances.

A limited supply of required resources for the project development due to financial constraints will impact project success. Lack of enough capital will limit the purchase of resources such as software, applications, and systems meant for the development and implementation of the cybersecurity management plan.

7.0. Project management plan (for implementation of the security strategy)

7.1. people.

Employees pose a great risk to data security threats if not well trained and educated on how to respond to issues whenever suspected or noted. Training programs must entail;

7.1.1. Security policy.

This will involve the development and implementation of security policies and procedures that will ensure accountability and transparency while handling organizational data (Hare, 2010).

7.1.2. Access Control.

Access control approaches should include the use of strong passwords to only allow PBI-FS staff to gain authorized access to the systems and resources that only need to perform their duties.

7.1.3. Point of Contact and reporting of cybersecurity issues.

As per the IT policies for PBI-FS, any issues related to cyber threats should be reported to the IT security management department immediately it is noted. This will enable a swift move of the IT security team to deploy an appropriate mechanism to prevent further impacts (Hare, 2010).

7.1.4. Authentication.

The IT security management team should develop and implement multifactor authentications for all systems and other computer-based resources to help track employees' actions and security vulnerability issues (Moallem, 2021).

7.2. Processes.

7.2.1. Banking Sessions.

Given that cybercriminals are focused on the vulnerability of online banking services, PBI-FS is advised to adopt HTTP Public Key Pinning (HPKP) techniques to prevent and minimize possible cases of data theft (Moallem, 2021).

7.2.2. Transactions.

With increased threats and risks of fraudulent transactions, it will be wise for PBI-FS to implement dual authorization as the first step of verifying the legitimacy of the sender and the receiver in any financial transactions (Moallem, 2021).

7.3. Technologies.

7.3.1. Firewall.

The essential of implementing firewalls in the company’s IT infrastructure is to ensure that there is maximum protection as the firewall will isolate computer resources from possible internal or external attacks. A firewall will protect the company's data, network, application software, and computer users from potential threats (Moallem, 2021).

7.3.2. Encryption

Data encryption is the best approach to secure data in transit and data at rest. This will help keep off types of malware and malicious attacks from accessing the company database (Moallem, 2021).

7.3.3. Secure Socket Layer.

Essentially, a secure socket layer will protect data by providing a secure connection between the PBI-FS's servers and web browsers.

7.3.4. Antivirus.

The use of Updated antivirus software will progressively monitor, detect, and mitigate any security threats noted within the company's IT resources such as programs, devices, and application software (Moallem, 2021).

8.0 Strategy implementation.

8.1. Security controls.

PBI-FS needs to develop and implement effective security controls such as antivirus, firewalls to enable its systems to detect and manage security threats to its network and data (Moallem, 2021).

8.2. Baseline (mandatory controls).

8.2.1 Development and implementation of strict access controls.

Adoption and implementation of limited access to IT and information processing systems within the PBI-FS company. this will ensure that only people with appropriate access privileges will be able to access relevant information for business purposes only.

8.2.2. Secure encryption.

End-to-end encryption will provide PBI-FS company to gain exclusive control and protection of its assets, particularly banking data from potential snoopers.

8.2.3. Data backup.

The largest concern for PBI-FS company is the loss of critical data that may result from either natural disasters or cybercrimes triggered by insiders or external cybercriminals.

8.3. Compensatory controls (administrative, operational, tactical).

8.3.1. Virtual Private Network.

With increased cybercrimes incidences, PBI-FS will be required to implement Virtual Private Network to provide a secure connection via an encryption tunnel that will protect users' IP addresses from malicious online cyber attackers (Moallem, 2021).

8.3.2. Incident Response Plan.

Essentially, Incident Response Plan will serve as the main protective pillar for PBI-FS IT resources as it will protect the company's data, help the company secure its revenue as well as protect its reputation.

9.0 System development life cycle/schedule

System development life cycle is made of 7 main phases. These are Planning Stage, Feasibility or Requirements of Analysis, Design and Prototyping phase, Software Development, Software Testing Stage, Implementation and Integration, as well as Operations and Maintenance Stage  (Otero, 2018,). Each stage is important as it allows systems users to validate the effectiveness and suitability of the system with regard to the anticipated use and problem the system is intended to solve. SLDC will ensure that there is better management and control of the entire project cycle, it also ensures there is transparency, visibility and perhaps helps system developers and system users to actively collaborate in predicting the project outcomes so as to make required adjustments if any at the right stage. This will help reduce additional costs that may be incurred along the entire process.

The above Diagram represents SDLC phases.

10.0. Milestones.

After assessing the cybersecurity status of the PBI-FS company, vulnerabilities detected, and opportunities identified will be used alongside SDLC and control gates to come up with an effective threat management plan to mitigate potential security risks PBI-FS company may face. Among the key elements or milestones that will be closely monitored include; security controls, upgrading of protective devices, IT infrastructure, and development of cyber security assessment and incident response team (Otero, 2018).

11.0. Resource requirements (people, finances).

As well known to project managers and business entities that need to invest in their security resources, the success of any project requires sufficient support and supply of essential resources to facilitate the development and implementation of a suitable cybersecurity management plan, based on this, PBI-FS will be required to provide resources such as skilled and expert personnel together with financial support to facilitate the success of this project  (Otero, 2018).

12.0. Enterprise its architecture (“to-be” – must include overview diagram)

12.1. Hardware.

After the evaluation of PBI-FS's current IT systems, there numerous changes are required for its systems. The first thing is to upgrade the company's IT working station by purchasing new systems to replace the existing outdated and obsolesce equipment. Also, the company should take the initiative of installing VMware to ensure there are progressive automatic data backups. This will replace the current manual backup system (Otero, 2018).

12.2. Software.

In its web application, Beale Financial Services (PBI-FS) organization is advised to make use of the Secure Sockets Layer ( SSL) to develop an encrypted link between a web browser and web server. This will prevent cybercriminals from modifying information that is being shared between the PBI-FS and other external links (Sethi & Sharma, 2013).

12.3. Network infrastructure.

As mentioned early, SSL will be implemented in the PBI-FS network infrastructure to secure and keep off possible security threats that can expose sensitive data to malicious attackers.

13.0. Cybersecurity defenses.

In order for PBI-FS to protect its IT resources and maintain its reputation, it will be advisable to adopt the following security best practices and measures.

· Training & Awareness

Employees should provide the first line of cyber defense in any organization; therefore PBI-FS will be required to establish security training and education programs to enlighten all its staff on various issues regarding cyber threats. This will create cyber security awareness to enable staff members to report such incidences immediately they are noted (Sethi & Sharma, 2013).

· Intrusion Detection System.

Intrusion Detection System is the most effective network monitoring tool that will help the company detect and respond to various security threats to prevent potential intruders from accessing transit data within the company's network system (Sethi & Sharma, 2013).

· Data Encryption.

Data at rest and in transit must be encrypted using secret codes to secure its confidentiality, availability, and integrity (Tsukerman, 2020).

References

Aliman, N., & Kester, L. (2020). Malicious design in AIVR, falsehood, and cybersecurity-oriented immersive defenses. 2020 IEEE International Conference on Artificial Intelligence and Virtual Reality (AIVR). doi:10.1109/aivr50618.2020.00031

Austin, G. (2018). Corporate cybersecurity. Cybersecurity in China, 65-79. doi:10.1007/978-3-319-68436-9_4

Cheng, L., Liljestrand, H., Ahmed, M. S., Nyman, T., Jaeger, T., Asokan, N., & Yao, D. (2019). undefined. 2019 IEEE Cybersecurity Development (SecDev). doi:10.1109/secdev.2019.00022

Daswani, N., & Elbayadi, M. (2021). Technology defenses to fight the root causes of breach: Part two. Big Breaches, 303-329. doi:10.1007/978-1-4842-6655-7_13

Gupta, B., & Mamta. (2021). undefined. Secure Searchable Encryption and Data Management, 93-98. doi:10.1201/9781003107316-ch07

Hare, C. (2010). Secure socket layer (SSL). Encyclopedia of Information Assurance, 2582-2590. doi:10.1081/e-eia-120046382

Moallem, A. (2021). Cybersecurity technologies classification. Understanding Cybersecurity Technologies, 1-4. doi:10.1201/9781003038429-1

Otero, A. R. (2018). System development life cycle. Information Technology Control and Audit, 201-236. doi:10.1201/9780429465000-8

Raymer, M. G. (2017). Application: Quantum data encryption. Quantum Physics. doi:10.1093/wentk/9780190250720.003.0003

Sethi, M., & Sharma, A. (2013). Information system and system development life cycle. Software Development Techniques for Constructive Information Systems Design, 118-127. doi:10.4018/978-1-4666-3679-8.ch007

Tsukerman, E. (2020). Network intrusion detection data. Designing a Machine Learning Intrusion Detection System. doi:10.1007/978-1-4842-6591-8_4