System Security Report on Cybersecurity for Successful Acquisitions I. Introduct

Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.

GET A 40% DISCOUNT ON YOU FIRST ORDER

ORDER NOW DISCOUNT CODE >>>> WELCOME40

System Security Report on Cybersecurity for Successful Acquisitions
I. Introduction
a. Provide a very brief introduction to a major media and entertainment company, in which you are their cybersecurity engineering architect.
b. What is the purpose of the work you were asked to perform (e.g., you were ask to and you are reporting on assessing the cybersecurity posture of a media streaming business that your company is planning to acquire and merge with.
c. What does your report contain, cover, etc.? Note, that I did not say what it will cover, because I want you to stay in the present or past tense.
d. What brief remark(s) can you state in the Introduction about your conclusions and recommendations?
II. Policy Gap Analysis
a. Security Policies
i. What are the relevant industry standards and local, state, and national laws and regulations to which the target company is subject? Discuss them and the extent that they are followed by the target company.
ii. Would the relevance of these standards, laws and regulations change or would there be others that would pertain to the merged companies? Discuss what the relevant industry standards and local, state, and national laws and regulations are which the merged company is subject to?
iii. If there are differences from the laws and regulations your own media company is subject to, adress the following: How you identified the differences. How you learned about the relevant laws and regulations. How you will ensure compliance with those laws and regulations.
iv. You need to make sure that the new company will not inherit any noncompliance situations from either the target or acquiring company.
b. Secure Strategy and Operating System Protections
i. What is the overall income of the streaming company?]
ii. Use the PCI Standards DSS 12 Requirements Document and the PCI DSS Quick Reference Guide to identify a secure strategy and operating system protections to protect the company’s credit card data.
1. Example Requirement #1 of 2 from the PCI Standards DSS 12
a. Select a PCI Standards DSS 12 requirement and explain how the control should specifically be implemented.
b. How it will change the current network?
c. What are the costs associated with implementing the change?
d. Are there any risks, issues or concerns that the leadership needs to be aware of?
2. Example Requirement #2 of 2 from the PCI Standards DSS 12
a. Select a second PCI Standards DSS 12 requirement and explain how the control should specifically be implemented.
b. How it will change the current network?
c. What are the costs associated with implementing the change?
d. Are there any risks, issues or concerns that the leadership needs to be aware of?
III. Multimedia Streaming Protocols
a. Discuss the multimedia streaming protocols of the target company. Explain how they work.
b. Discuss the known vulnerabilities and how to secure the target company from any corresponding cyber attacks. Have those been or will they be mitigated? To what extent has or could the risk be reduced to zero, reduced somewhat, shifted to a third party, etc.)? What residual risks remain to the target company’s assets and intellectual property?
c. Discuss how the protocols used by the target company will affect the current state of cybersecurity within the acquiring company environment. Would the risks you covered extend to the acquiring company after the merger? Would or could this lead to a no-go decision on the merger and acquisition? What should the target company do to further mitigate the risk? How should the acquiring company mitigate the risk?
d. What are the costs associated to the target company’s implementation of the appropriate mitigation(s)? What are costs to the acquiring company if additional mitigation measures are required to be taken?
IV. Merged Network Infrastructure
a. The network for the merged company could be the existing networks of the two companies, which might be configured differently, or the same hardware and software could be used and configured together, or, completely different hardware and software could be used and configured together. Discuss the network infrastructure of the new “merged” network.
b. Explain what tactics, techniques, and procedures you would use to understand the network for the acquired company. Explain what tools the merged company would use to understand the network security and, the benefits and shortcomings of those tools.
c. You should identify network boundaries and regions, such as DMZ(s), backend servers, access networks, and security systems, such as firewalls, IDS/IPS(s) and other network systems. Identify where data is at rest, in transit and in use. Remember that there is multimedia data, financial data such as customer transactions, and also administrative business data.
d. What are the gaps within the merged network? What is the cost associated with closing the gaps?
V. Recommended Data Protection Plan
a. Convey the importance of system integrity and an overall trusted computing base, environment, and support. Explain what this would entail and include Trusted Platform Module (TPM) components and drivers. How are these mechanisms employed in an authentication and authorization system? Explain whether the merged company has this or what must be done.
b. What additional mechanisms are required for protecting the different types of data at the different stages of rest, transit and use? Include the benefits, implementation activities required for protection and defense measures such as full disk encryption, BitLocker, and platform identity keys.
VI. Supply Chain Risks and Mitigation
a. Acquiring a new company also means inheriting the risks associated with its supply chain and their systems and technologies. Thus, third party systems can unknowingly put a company at risk.] Discuss risks to the supply chain, in general. Then include specific supply chain risks for this merged company and list the security measures in place to mitigate those risks. Use the NIST Special Publication 800-161 to explain the areas that need to be addressed.
VII. Recommended Vulnerability Management Program
a. Create and discuss a specific vulnerability management program for the merged company. Use NIST Special Publication 800-40 as a guide to develop a specific program to meet the missing need(s).
b. Why is the program needed?
c. How should it be implemented?
d. What are the associated costs?
VIII. Recommended User Education
a. During the process of acquiring a company, policies, processes, networks, supply chains and other aspects are often updated, removed and added. It is important to inform the users for the new and old company of the changes as well as to provide relevant training. Explain the requirements for training the merged workforce about the changes compared to their old environment.
IX. Summarized Recommendations
a. State a brief summary of your recommendations. Why are these recommendations being made? From a cybersecurity perspective, should the merger and acquisition continue? What cost is involved from a cybersecurity perspective?
X. Conclusions
XI. References
a. Provide APA formatted references here. Each should have at least one in-line citation within the report.
Please use atleast 8 scholarly sources

Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.

GET A 40% DISCOUNT ON YOU FIRST ORDER

ORDER NOW DISCOUNT CODE >>>> WELCOME40