Implement a security framework to identify and close gaps between an organisation’s current cyber-security status and its target (future) cyber-security status. Make sure to align to an appropriate regulation (e.g., PCI DSS, HIPAA, SOX, GLBA). In CYB-650, the NIST Cyber-security Framework was utilised, and therefore it cannot be utilised for this assignment.
Develop a report that addresses the following:
Organisational Objectives and Priorities
Current Framework Compliance Status: Describe the current cyber-security environment, such as processes, information, and systems directly involved in the delivery of services. Describe the current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organisational constraints using the framework identified.
Include a diagram related to the common workflow of information and decisions at the major levels within the organisation.
Future Cyber-security Policy Implementations: Describe the critical cyber-security needs that should be in place to ensure compliance with the appropriate regulation (e.g., PCI DSS, HIPAA, SOX, GLBA) and then prioritise organisational efforts, business needs, and outcomes.
Operational Compliance and Risk Assessment
Cyber-security Risk Assessment: Describe the likelihood of risks occurring and the resulting impact. Identify threats to, and vulnerabilities of, those systems and assets. Express risks both internally and externally. Determine the acceptable level of risk (risk tolerance). Describe the response to the risk. Describe how identified risks are managed and resolved. Include an Organisational Risk Assessment Chart.
Privacy Risk Management: Describe how the business is integrating privacy laws and regulations, prioritizing, and measuring progress.
Compliance Gaps: Describe the type of audits that should be performed in order to keep a consistent measure of risk. Determine what type of gap analysis should be performed in order to properly identify the security elements and variables within the environment that pose the most risk. Formulate a cyber-security governance strategy that establishes mitigation plans to achieve security objectives.
Web Portal Diagram: Create a web portal data flow diagram of the hypothetical organisation’s operational environment using Visio or a similar diagramming software. Within the web portal data flow diagram, students will show how the web portal is compliant.
The web portal data flow diagram must: