Businesses involved in mergers and acquisitions must exercise due diligence in ensuring that the technology environment of the future organization is robust and adequately protects their information assets and intellectual property. Such an effort requires time and open sharing to understand the physical locations, computing environment, and any gaps to address. Lack of information sharing can lead to a problematic systems integration and hamper the building of a cohesive enterprise security posture for the merged organization.
Often, the urgency of companies undergoing a merger and acquisition (M&A) impedes comprehensive due diligence, especially in cybersecurity. This creates greater challenges for the cybersecurity engineering architect, who typically leads the cybersecurity assessment effort and creates the road map for the new enterprise security solution in the future organization. However, the business interest and urgency in completing the merger can also represent an opportunity for CISOs to use additional resources and executive attention on strategic security matters.
In this project, you will create a report on system security issues during an M&A. The details of your report, which will also include an executive summary, can be found in the final step of the project.
There are nine steps to the project. The project as a whole should take two weeks to complete. Begin with the workplace scenario and then continue to Step 1.
Step 1: Conduct a Policy Gap Analysis
As you begin Step 1 of your system security report on cybersecurity for mergers and acquisitions (M&A), keep in mind that the networks of companies going through an M&A can be subject to cyberattack. As you work through this step and the others, keep these questions in mind:
Are companies going through an M&A prone to more attacks or more focused attacks?
If so, what is the appropriate course of action?
Should the M&A activities be kept confidential?
Now, look at the existing security policies in regard to the acquisition of the media streaming company. You have to explain to the executives that before any systems are integrated, their security policies will need to be reviewed.
Conduct a policy gap analysis to ensure the target company’s security policies follow relevant industry standards as well as local, state, and national laws and regulations. In other words, you need to make sure the new company will not inherit any statutory or regulatory noncompliance from either of the two original companies. This step would also identify what, if any, laws and regulations the target company is subject to. If those laws are different from the laws and regulations the acquiring company is subject to, then this document should answer the following questions:
How would you identify the differences?
How would you learn about the relevant laws and regulations?
How would you ensure compliance with those laws and regulations?
The streaming company that is being acquired has a current customer base of 150,000 users, who on average pay $14.99 in monthly fees. Based on the overall income, use PCI Standards DSS 12 requirements and the PCI DSS Quick Reference Guide to identify a secure strategy and operating system protections to protect the credit card data.
Select at least two appropriate requirements from the PCI Standards DSS 12 set of requirements and explain how the controls should be implemented, how they will change the current network, and any costs associated with implementing the change.
This policy gap analysis will be part of the final Cybersecurity System Security Report.
In the next step, you will review the streaming protocols that the companies are using.
Enterprise Network Security
Step 2: Review Protocols for Streaming Services
After reviewing the policies from the company and the policy gap analysis, the M&A leader asks you about the protocols used by the streaming company. He wants to know if the protocols used would affect the current state of cybersecurity within the current company environment. For this section of the report, review the protocols, explain how they work along with any known vulnerabilities, and how to secure the company from cyberattacks. Start with researching the commonly known streaming protocols and the vulnerabilities of those protocols. Some examples are the (RTSP), (RTP), and the Real-Time Transport Control Protocol (RTCP).
Additionally, the leadership wants to know if any vulnerabilities identified would or could lead to a no-go on the M&A.
In other words:
You need to identify the kind of streaming that such companies might be doing and the specific technology they would be using.
What are the technical vulnerabilities associated with the protocols involved?
Have those been mitigated? And to what extent (i.e., has the risk been reduced to zero, reduced somewhat, shifted to a third party, etc.)?
What residual risk to the target company’s assets and IP remain?
Would those risks extend to the current (takeover) company after the merger? Would that be bad enough to cancel the M&A?
If the response to the last question is yes, then what should the target company do to further mitigate the risk? How should the takeover company mitigate the risk?
What are the costs associated to the target company (implementing the appropriate mitigation)? If the takeover firm has to take additional measures, identify those costs as well.
After assessing and reviewing the streaming protocols, move to the next step, where you will assess the infrastructure of the merged netw
Enterprise Network Security
Step 4: Review the Wireless and BYOD Policies
Within Project 2, you learned about and discussed wireless networks. An M&A provides an opportunity for both companies to review their wireless networks. Within your report, explain the media company’s current stance on wireless devices and BYOD. However, the company that is being acquired does not have a BYOD policy. Explain to the managers of the acquisition what needs to be done for the new company to meet the goals of the BYOD policy.
When the review of the wireless and BYOD policies is complete, move to the next step: developing a data protection plan.
Enterprise Network Security
Step 5: Develop a Data Protection Plan
Youve completed the review of the wireless and BYOD policies. In this step, you will develop the recommendations portion of your report in which you will suggest additional mechanisms for data protection at different levels of the acquired companys architecture.
Include the benefits of defense measures such as full disk encryption (BitLocker is an example) and platform identity keys as well as the required implementation activities. You also want to convey to your leadership the importance of system integrity and an overall trusted computing base, environment, and support. Describe what this would entail and include Trusted Platform Module (TPM) components and drivers. How are these mechanisms employed in an authentication and authorization system? Include this in the report and whether the merging company has this.
In the next step, you will assess any risks with the supply chain of the acquired company.
Enterprise Network Security
Step 6: Review Supply Chain Risk
The data protection plan is ready. In this step, you will take a look at risks to the supply chain. Acquiring a new company also means inheriting the risks associated with its supply chain and those firm’s systems and technologies. Include in your report the supply chain risks and list the security measures in place to mitigate those risks. Use the NIST Special Publication 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations, to explain the areas that need to be addressed.
After your supply chain review is complete, move to the next step, where you will create a vulnerability management program.
Enterprise Network Security
Step 7: Build a
After your supply chain review, you conduct an interview with the company’s current cybersecurity team about vulnerability management. The team members explain to you that they never scanned or had the time to build a vulnerability management program. So, you need to build one. Use the NIST Guide to Enterprise Patch Management Technologies, Special Publication 800-40
, to develop a program to meet the missing need.
Explain to the managers how to implement this change, why it is needed, and any costs involved.
The next step is a key one that should not be overlookedthe need to educate users from both companies of the changes being made.
Enterprise Network Security
Step 8: Educate Users
Youve completed your vulnerability management program, but its important to educate all the users of the network about the changes. During the process of acquiring a company, policies, processes, and other aspects are often updated. So the last step in the process is to inform users in both the parent company and the acquired company of the changes. Within your report, explain to the acquisition managers the requirements for training the workforce.
When youve completed this step, move to the final section of this project, in which you will prepare and submit your final report.
Enterprise Network Security
Step 9: Prepare and Submit Your Report and Executive Summary
Youre ready now for the final step, in which you will compile and deliver the Cybersecurity System Security Report for a Successful Acquisition for the company leaders to enable them to understand the required cybersecurity strategy.
Again, keep in mind that companies undergoing an acquisition or merger are more prone to cyberattacks. The purpose of this paper is to analyze the security posture of both companies and to develop a plan to reduce the possibility of an attack.
The assignments for this project are as follows:
Cybersecurity System Security Report for Successful Acquisition: Your report should be a minimum 12-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Executive summary: This is a one-page summary at the beginning of your report.
Submit both components to the assignment folder.
Submission for Project 3: Enterprise Network Security
Drop files here, or click below.Add Files
CHECK YOUR EVALUATION CRITERIA
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.
2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
5.9: Manages and administers integrated methods, enabling the organization to identify, capture, catalog, classify, retrieve, and share intellectual capital and information content. The methods may include utilizing processes and tools (e.g., databases, documents, policies, procedures) and expertise pertaining to the organization.
7.3: Knowledge of methods and tools used for risk management and mitigation of risk.
8.7: Provide theoretical basis and practical assistance for all aspects of digital investigation and the use of computer evidence in forensics and law enforcement.
Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?
Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.
Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.
Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.
While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.
Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.
In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.
Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.
We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!
We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.
Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.
We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.
Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.
There is a very low likelihood that you won’t like the paper.
Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.
We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.
You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.
We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.
You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.
Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.
You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.
The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more