Purpose You are a cybersecurity threat analyst for a consulting company that

 
Purpose
You are a cybersecurity threat analyst for a consulting company that does work for both the public and private sectors. Your project is to create an action plan/framework to help mitigate cyber risks due to development operations, application development, and insider threats. Realizing insider threats are a concern, it is also your job to ease the director of research and development’s mind in regard to continuing to use contractors, including those from foreign countries.
Assignment Instructions
You have been assigned a new project, and it is to help to develop a process or framework for a mid-sized (200 employees) software company. The software company develops a commercially available Web-based system with an accompanying mobile application (Android and iOS) for the financial sector. The company’s yearly revenue is approximately $15 million. The director of research and development is concerned about their application development and the development operations (DevOps) activities in regard to insider threats. The software company frequently uses contractors, (on-site and remote), and some of the contractors are from foreign countries. The contractors help develop and test their software product and are also used for in-house software development and maintenance. There is only one research and development (R&D) facility for the company. Your project is to create an action plan/framework to help mitigate cyber risks due to development operations, application development, and insider threats. Realizing insider threats are a concern, it is also your job to ease the director of research and development’s mind in regard to continuing to use contractors, including those from foreign countries. He is a fact-driven decision maker and would benefit from facts regarding how multiculturalism and diversity could benefit his company and not harm it.
Consider the following in your action plan:
How you will convince the director you can effectively address any potential issues related to multiculturalism and diversity
How you will utilize problem-solving skills and conflict resolution to bridge cultural differences
How you will address change that occurs due to the presence of multiculturalism and diversity in a business environment
In addition to creating and maintaining a Web-based financial system and mobile application to accompany it, the company uses several enterprise-based systems for day-to-day operations. They have an email system, customer relationship management system, source code control system, bug tracking system, and technical support tracking system. The technical support tracking system is an in-house developed system and is considered a legacy system. The company is researching various technical support systems to replace the legacy system. The other enterprise systems were purchased/leased from various vendors. The customer relationship management system is cloud-based and an Oracle product. The other systems reside on-premises and are in a hardened data center located 10 miles from the R&D facility. The data center has successfully gone through an SSAE 16 audit.
The company has a business continuity plan; however, the disaster recovery plan needs to be improved as the company does not have a hot backup site. They do back up all critical systems several times per day. The backup data is automatically streamed to another hardened data center (also SSAE 16 certified) that is located 25 miles away. All of the systems at the data center are considered critical systems. In addition, the system test and software quality assurance departments have all the necessary software and hardware (mobile/tablets included) to maintain high-quality assurance sufficiently. This testing infrastructure is located at the R&D facility and not in the data center.
Analyze the NIST Cybersecurity Framework.
Determine if it can be used as a guide to producing an action plan/framework for the company to use in an effort to reduce the likelihood of insecure application development and insider threats. If it cannot be used/mapped to the software company, then what framework or method is better suited for the software company?
Discuss if you recommend using various frameworks/guides, resulting in a hybrid approach? You have to produce an action plan/framework, so it is important for you to do as much research as possible on other types of solutions.
It is very important for you to consider that the cybersecurity landscape includes cybercriminals, hackers, activists, etc., who use the latest technological tools and technologies to cause harm. The action plan/framework that you create should be agile enough so it can adapt to changing risk environments over time. Finally, as you formulate your plan, costs will have to be justified in time, so consider the revenue of the company and an industry-standard percentage spent on cybersecurity budgets.
Your action plan should be at least 3–4 pages of content (exclusive of title page, etc.), double-spaced in 12pt Times New Roman font, use correct APA formatting, and include a title page, table of contents, abstract, and reference page(s). If applicable, be sure to document your content with proper APA in-text citations that match your reference list. You can have more than one table and more than one figure; however, they must be fully explained.
You must support your research and assertions with at least three credible sources. You may use peer-reviewed articles, trade magazine articles, or IT research company (Gartner, Forrester, etc.) reports to support your research; you can use the Library to search for supporting and peer-reviewed articles. Wikipedia and similar sources are unacceptable.
Assignment Requirements
At least 3–4 pages of content (exclusive of title page, etc.), double-spaced in 12pt Times New Roman font, using correct APA formatting and including a title page, table of contents, abstract, and reference page(s).
At least 3 credible sources.
No spelling errors.
No grammar errors.
No APA errors.