Project #1: Cybersecurity Strategy & Plan of Action

Your Task:

You have been assigned to support the Padgett-Beale Merger & Acquisition (M&A) team working under the direct supervision of Padgett-Beale’s Chief Information Security Officer (CISO). The M&A team is in the planning stages for how it will integrate a new acquisition, Island Banking Services, into the company as its financial services arm (PBI-FS). Initially, PBI-FS will function as a wholly owned subsidiary which means that it must have its own separate cybersecurity program.
 
Your first major task (Project #1) will be to help develop a Cybersecurity Strategy & Plan of Action for PBI-FS. Island Banking Services never had a formal cybersecurity program so you’re starting from scratch. You will need to research best practices as well as relying heavily upon what you learned in your undergraduate studies in Cybersecurity Management and Policy. The CISO has provided detailed instructions for this task. (These appear after the Background section below.)

Background

After five years of operation, Island Banking Services — a non-U.S. firm — was forced into bankruptcy after criminal money laundering charges were filed against the company and its officers. Padgett-Beale, Inc. purchased the digital assets and records of this financial services firm from the bankruptcy courts. The purchased assets include licenses for office productivity software, financial transactions processing software, database software, and operating systems for workstations and servers. Additional assets included in the sale include the hardware, software, and licensing required to operate the company’s internal computer networks.
 
Figure 1. Island Banking Services IT Infrastructure Purchased by Padgett-Beale, Inc.
 
Padgett-Beale’s legal counsel successfully negotiated with the bankruptcy court and the criminal courts for the return of copies of the company’s records so that it could restart Island Banking Service’s operations. The courts agreed to do so after Padgett-Beale committed in writing to reopening the customer service call center (but not the branch offices) on the island. Reopening the call center will provide continued employment for 10 island residents including 2 call center supervisors. Padgett-Beale intends to relocate the call center to a company owned property approximately 10 miles away from the current location and adjacent to a newly opened Padgett-Beale resort.
 
Padgett-Beale’s Risk Manager has recommended that the Merger & Acquisition plan be amended such that Island Banking Services would be operated as a wholly owned subsidiary for a period of 5 years rather than being immediately and fully integrated as an operating element of Padgett-Beale. The company’s attorneys agreed that this would be the best approach given the potential for additional legal troubles related to the actions of the previous owners and employees. The Board of Directors has signed off on this amendment to the M&A plan and stipulated that the new subsidiary will be named PBI Financial Services (PBI-FS). The company officers and senior managers for PBI-FS will be named at a later date. For now, the leader of the M&A Team will serve as the Chief Operating Officer. Padgett-Beale’s Chief Information Security Officer will be loaned to PBI-FS while a search is conducted for a dedicated CISO for the subsidiary.

CISO’s Detailed Instructions to You

The CISO has given you and your team mates a set of instructions (below) which you should follow as you complete this task.

Task #0: Read and Analyze the Background Materials

If you have not already done so, read the Background information in this file. Next, review the Padgett-Beale M&A Profile 2020 which was posted to the LEO classroom. You should also review all materials from the classroom for Weeks 1 – 4 as these provide needed information about the Financial Services industry and the legal and regulatory requirements which apply to this industry.

Task #1: Perform a Gap Analysis & Construct a Risk Register

Using the information available to you, determine the most likely information technology/security gaps which existed at Island Banking Services prior to its being acquired by PBI. Next, determine which of these, if not addressed, will likely exist in the newly formed subsidiary PBI-FS. Document your analysis and evaluation in a Gap Analysis.
 
Your Gap Analysis should address operating issues relating to confidentiality, integrity, and availability (CIA) of information, information systems, and information infrastructures owned or used by PBI-FS. Your analysis should also consider and use the People, Process, and Technology framework.
 
Step 1: Identify 10 or more significant cybersecurity issues/challenges/risks which the background information and M&A profile indicate currently exist at PBI-FS / Island Banking Services. You are allowed to “read between the lines” but must be able to map your analysis and findings to specific statements from these documents. These items will become your “Gaps” for the Gap Analysis. Use one or more cybersecurity frameworks or standards (e.g. NIST CSF; People, Processes, and Technologies; Confidentiality, integrity, availability) to organize your analysis.
 
Note: there was significant criminal behavior found at Island Banking Services. Your analysis must address internal weaknesses which allowed this to occur without being discovered by the employees who were not involved in the crimes.
 
Step 2: Using your Gap Analysis (step 1) create a Risk Register in which you list 10 or more specific and separate risks. For each risk, assign a category (confidentiality, integrity, availability, people, process, technology) and a severity (impact level using a 1 – 5 scale with 5 being the highest potential impact).
 
Step 3: Review the laws and regulatory guidance which apply to the Financial Services industry and companies like Island Banking Services. For each entry in your risk register, identify and record the laws, regulations, or standards which provide guidance as to how the identified risks must be addressed or mitigated. Record this in your risk register.
 
Step 4: Review laws and regulations which apply to all companies, i.e. Sarbanes Oxley, IRS regulations for Business Records, SEC regulations and reporting requirements, etc. Review your Risk Register and either map these requirements to existing entries in your risk register or insert new entries for significant legal or regulatory requirements which you were not able to map to your previously identified risks. (Include risk related to non-compliance.)
 
Step 5: Review section 1.2 Risk Management and the Cybersecurity Framework in the NIST Cybersecurity Framework v1.1 (https://‌nvlpubs.nist.gov/‌nistpubs/‌CSWP/‌NIST. ‌CSWP. ‌04162018.pdf)
Using this information, determine the best strategy for addressing (“treating”) each of your identified risks. Remember the four types of risk mitigation strategies (accept, avoid, control, transfer).
 
Consider the business impact for each of your mitigation strategies (e.g. if you applied an “avoid” strategy across the board, the company would not be able to operate in the financial services industry because it would need to shut down all operations).
 
Record your risk mitigation strategy for each risk in your risk register. For each of your “control” entries, include the corresponding control category and subcategory (if applicable) from the NIST Cybersecurity Framework (see Tables 1 and 2 in version 1.1). Examples: ID.AM Asset Management or PR.AC Identity Management and Access Control. Remember to cite your sources.
 
Step 6: Develop a Cybersecurity Strategy that presents five or more specific actions (strategies) that the company should take to implement your recommended risk mitigations. Include information from your gap analysis, legal and regulatory analysis, risk analysis and proposed risk mitigations. Under each strategy include information about how the strategy will affect or leverage people, policies, processes, and technologies (hardware, software, infrastructure). Include examples and other pertinent information about Island Banking Services and Padgett-Beale. You should have at least one technology related strategy which includes an updated Network Diagram. This diagram must show the to-be state of the IT infrastructure including recommended mitigating or “control” technologies, e.g. intrusion detection, firewalls, DMZ’s, etc. (start with the diagram provided in this assignment file).
 
Note: Your strategy will be presented to the Board of Directors by the executive who is leading the Merger & Acquisition Team so make sure that you write in appropriate language and include sufficient detail to explain your recommended strategy.
 
Step 7: Develop and document a proposed plan of action and implementation timeline that addresses each element of the cybersecurity strategy that you identified previously (in step 6). Provide time, effort, and cost estimates for implementing your recommended actions (include appropriate explanations of your reasoning). Include the resources (people, money, etc.) necessary for completing each task in the timeline.
 
Step 8: Develop a set of 5 or more high-level summary of recommendations regarding the next steps to take in mitigating the risks that you identified in steps 1-7. These recommendations should logically flow from your analysis and be supported by your Cybersecurity Strategy and Plan of Action.
 

Putting It All Together

1. Format your work for Steps 1-7 as a Cybersecurity Strategy and Plan of Action. The six major elements listed below should appear in this order in a single file. Your MS Word format document file must include:

• Introduction (what is in this document and to what organization does it apply)
• Gap Analysis (Step 1)
• Legal & Regulatory Requirements Analysis (Steps 3, 4)
• Risk Analysis & Risk Register (Steps 2, 3, 4, 5)
• Cybersecurity Strategy (Step 6)
• Plan of Action and Implementation Timeline (Step 7)

 
The Cybersecurity Strategy and Plan of Action is a comprehensive MS Word document that includes a separate title page followed by the six major elements (see list under step 7) and ending with a reference list. Your document must include a reference list and appropriate citations throughout. You will need 10 – 12 pages to fully document your strategy and plan. Use section headings and sub headings to organize your work. You may use internal title pages (section titles) to make it clear where each of the major elements begins and ends. Title pages and reference pages are not included in the recommended length.
 

2. Format your recommendations from Step 8 as a Cover Letter / Recommendations Memo to accompany your Security Strategy document.

The Recommendation Memo is a 2 page, professionally formatted memorandum addressed to the Merger & Acquisition Team. This cover letter / memo should summarize why this package is being forwarded to the M&A team for “review and action.” The memo should introduce and provide a brief summary of the purpose and contents of the Cybersecurity Strategy and Plan of Action (name and describe each of the major sections). Use a professional format for your memo (consider using one of the MS Word templates). The memo does not include citations or references but, you may need to name laws or regulations.

Notes on Constructing Your Network Diagram (for step 6):

Your diagram must be based upon the provided network diagram with additions or deletions that are clearly your own work. You may use MS Word’s drawing tools, Power Point, or other drawing program. When you have completed your diagram, you may find it helpful to take a screen snapshot and then pasted that into your deliverable file(s).
 
You may use commercial or “free” clip-art to represent individual end point devices or network appliances such as routers, firewalls, IDPS, etc.) Clip art does not need to be cited provided that it is clip art (not screen captures from another author’s work).

Additional Information

1. Consult the grading rubric for specific content and formatting requirements for this assignment.
2. Your paper should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper.
3. Your paper should use standard terms and definitions for cybersecurity.
4. The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources > APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,Nov2014).docx.
5. All submission files must begin with a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file.
6. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs.
7. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA, MLA, etc.).

Professional socialization relates to the manner in which we learn the roles and functions of being a nurse once we enter the healthcare system. What are some of the ways this socialization occurs in your place of employment, and do you believe it leads to effective assumption of the nursing role? This socialization occurs in a patriarchal healthcare system that still remains predominantly male physician-based. Discuss the impact, you believe, this has on socialization to the nursing role.                   

Need at least 2 references in APA style.

Also I did attach a source from our book that we use in the class.

Thank you very much.Files: fwcrydotv6.docx

Details:

Select a family to complete a family health assessment. (The family cannot be your own.)

Before interviewing the family, develop three open-ended, family-focused questions for each of the following health patterns:

1. Values, Health Perception
2. Nutrition
3. Sleep/Rest
4. Elimination
5. Activity/Exercise
6. Cognitive
7. Sensory-Perception
8. Self-Perception
9. Role Relationship
10. Sexuality
11. Coping

NOTE: Your list of questions must be submitted with your assignment as an attachment.

After interviewing the family, compile the data and analyze the responses. 

In 1,000-1,250 words, summarize the findings for each functional health pattern for the family you have selected.

Identify two wellness problems based on your family assessment.

Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.

For the DNP-prepared nurse, it is important to hone skills related to reviewing and evaluating research literature to implement evidence-based practices. As you examine epidemiological research, in particular, it is essential to ask, “What are the strengths and weakness of the research method(s)? Are the data analysis and interpretation sound? Is there any evidence of bias?” This Discussion provides you and your colleagues valuable practice in critically analyzing research literature.

To prepare:

• With      this week’s Learning Resources in mind, reflect on the importance of      analyzing epidemiological research studies.
• Critically      appraise the Oppenheimer (2010) and Elliott, Smith, Penny, Smith and      Chambers (1999) articles presented in the Learning Resources using      Appendix A in Epidemiology for Public Health Practice as a guide.
• Determine      the strengths and weaknesses of the research methods and data analysis of      each study.
• Ask      yourself, “Is any bias evident in either study? What did the researchers      do to control for potential bias?”
• Finally,      consider the importance of data interpretation in epidemiologic literature      and the issues that may arise if potential confounding factors are not      considered.

By tomorrow 04/05/2018 3pm, write a minimum of 550 words in APA format with at least 3 scholarly references from the list of required readings below. Include the level one headings as numbered below”

Post a cohesive scholarly response that addresses the following:

1) Appraise the Oppenheimer (2010) and Elliott et al. (1999) articles, summarizing the strengths and weaknesses of each study (see attached files for those articles).

2) Analyze potential sources of bias in each study and suggest strategies for minimizing bias.

3) Suggest possible confounding variables that may have influenced the results of each study.

Required Readings

Friis, R. H., & Sellers, T. A. (2014). Epidemiology for public health practice (5th ed.). Sudbury, MA: Jones & Bartlett.

Chapter 10, “Data Interpretation Issues”

Chapter 15, “Social, Behavioral, and Psychosocial Epidemiology”

Appendix A – Guide to the Critical Appraisal of an Epidemiologic/Public Health Research Article

In Chapter 10, the authors describe issues related to data interpretation and address the main types of research errors that need to be considered when conducting epidemiologic research, as well as when analyzing published results. It also presents techniques for reducing bias. Chapter 15 features psychosocial, behavioral, and social epidemiology. Appendix A includes criteria to consider when reading an empirical journal article.

Elliott, A. M., Smith, B. H., Penny, K., Smith, W. C., & Chambers, W. A. (1999). The epidemiology of chronic pain in the community. The Lancet, 354(9186), 1248–1252.

This article describes an early epidemiologic study on chronic pain. Carefully review this article noting the structure of the research design, assessment and data collection, and analysis strategies. You will refer to this article for Discussion 2. (see attached file)

Oppenheimer, G. M. (2010). Framingham Heart Study: The first 20 years. Progress in Cardiovascular Diseases, 53(1), 55–61.

The Framingham Heart Study is a landmark epidemiologic study that began in the 1940s. The author of this article reviews the history of the Framingham Heart Study and its contribution to population health. As you read this article, consider any sources of bias or potential conflict of interest. You will refer to this article for Discussion 2. (See attached file).

Phillips, C. V., & Goodman, K. J. (2004). The missed lessons of Sir Austin Bradford Hill. Epidemiologic Perspectives & Innovations, 1(3). Retrieved from http://www.biomedcentral.com/1742-5573/1/3 

In 1965, Austin Bradford Hill worked on a paper that has become a standard in public health and epidemiologic study about how to make decisions based on epidemiologic evidence. Hill put forth strategies for inferring causation and stressed the need for considering costs and benefits when planning health-promoting interventions. Review this article, which examines how Hill’s strategies are often misused or misinterpreted.

Centers for Disease Control and Prevention. (2011). CDC health disparities and inequalities report—United States, 2011. Morbidity and Mortality Weekly Report, Supplement, (60), 1–114. Retrieved from http://www.cdc.gov/mmwr/pdf/other/su6001.pdf. [Read pages 11–32]

This report consolidates national data on disparities in mortality, morbidity, behavioral risk factors, health care access, preventive health services, and social determinants of critical health problems in the United States by using selected indicators. The required section of reading introduces the social determinants of health and environmental hazards.

World Health Organization. (2011). Social determinants of health. Retrieved from http://www.who.int/social_determinants/en/

According to the World Health Organization, “The social determinants of health are mostly responsible for health inequities—the unfair and avoidable differences in health status seen within and between countries.” This article presents an introduction to social determinants of health.

World Health Organization. (2011). Social determinants of health: Key concepts. Retrieved from http://www.who.int/social_determinants/thecommission/finalreport/key_concepts/en/index.html

This article outlines key concepts related to the social determinants of health.

Healthy People 2020. (2011). Social determinants of health. Retrieved from http://healthypeople.gov/2020/topicsobjectives2020/overview.aspx?topicid=39

This website presents an overview of the social determinants of health and addresses how the information relates to Healthy People 2020.

UCL Institute of Health Equity. (2012). ‘Fair society healthy lives’ (The Marmot Review). Retrieved from http://www.instituteofhealthequity.org/projects/fair-society-healthy-lives-the-marmot-review

Optional Resources

Genaidy, A. M., Lemasters, G. K., Lockey, J., Succop, P., Deddens, J., Sobeih, & Dunning, K. (2007). An epidemiological appraisal instrumental – a tool for evaluation of epidemiological studies. Ergonomics, 50(6), 920–960.

Centers for Disease Control and Prevention. (2011). Social determinants of health. Retrieved from http://www.cdc.gov/socialdeterminants/