CyberSecurityPlan.edited2.docx

CYBERSECURITY PLAN 2

Cybersecurity plan
Name
Institutional Affiliation
date

Cybersecurity Plan

1. Information System Name/Title:

· List 3 major systems that South Balance would have and assign a unique identifier and name given to the system.

System ID

System Description

SB-12012489

Microsoft Dynamics 365 Enterprise resource planning (ERP). This system is an amalgamated procedure of collecting and systematizing data through an incorporated software suite. The ERP system comprises applications for smoothing South balance’s functionalities across all departments

SB- 12112421

AT&T Wireless networks (WLAN). The company uses Local Area Network which is a computer network connecting all devices and computers within the firm’s building.

SB-12117832

Gusto Payroll system. This system computes the amount of wages each worker is to be salaried centered on factors like hourly earnings, taxes, and other withholding sums.

2. Information System Categorization:

· For the 3 systems above, identify the appropriate FIPS 199
Availability
categorization (place an X in the appropriate column). See the FIPS 199 document for definitions.

System ID

LOW

MODERATE

HIGH

SB-12012489

X

SB- 12112421

X

SB-12117832

X

3. Information System Owner:

· For the 3 systems above, identify the name and title of the system owner. In a real Security plan, this would also include agency, address, email address, and phone number.

System ID

System Owner Name

System Owner Title

SB-12012489

Antonio Lazzeri.
115 Glann Rd Apalchin, New York (NY), 13874
Tel- (984) 895- 7997

Email- [email protected]

Chief information officer

SB- 12112421

Christian Ivanov

17 N Middleton Rd, New York (NY), 12867
Tel- (440)212-1784

Email- [email protected]

Chief IT security, Science Soft Inc.

SB-12117832

Louise Gehrig

4744 transit Rd Depew, New York (NY), 14123
Tel- (508) 739-8971

Email- [email protected]

Chief financial officer and vice president of finance

4. Assignment of Security Responsibility:

· For the 3 systems above, identify the name and title of the person responsible for the security of that system. In a real Security plan, this would also include address, email address, and phone number.

System ID

System Owner Name

System Owner Title

SB-12012489

Walter Johnson.

103 S Railroad Ave
Bronxville, New York (NY), 10708
Tel- (515) 127-1218

Email- [email protected]

Chief information security officer and director of IT security

SB- 12112421

Lawrence Berra. 242 Hudson St Long Beach, New York (NY), 11462
Tel-(516)-107-2424

Email: berraL@ Hotmail.com

Director of IT operations

SB-12117832

Mariana Rivera.

18 Willett Ave, New York (NY), 11575
Tel- 516) 108-2014

Email- [email protected]

Director of finance

5. Information System Operational Status:

· For the 3 systems above, indicate the operational status of the system (place an x in the appropriate column).

System ID

Operational

Under Development

Major Modification

SB-12012489

X

SB- 12112421

X

SB-12117832

X

6. Information System Type:

· For the 3 systems above, indicate if the system is a major application or a general support system. If the system contains minor applications, list them in Section 9. General System Description/Purpose.

System ID

Major Application

General Support System

SB-12012489

X

SB- 12112421

X

SB-12117832

X

7. General System Description/Purpose

· For the 3 systems above, describe the function or purpose of the system and the information it processes.

System ID

Description

SB-12012489

The ERP system of South Balance has major application in amalgamating the company’s fiscal recording by incorporating financial data in one network. Also, the ERP interconnects managing, thereby making acquiring, inventory, dissemination, and bookkeeping a much effortless and less error-predisposed procedure. (Bjelland, E. (2020). The ERP systems can also be used as an overall support system in the procurement of products and raw materials and the human resource department for automated duty allocation and candidate selection.
The ERP system process information on the financial stance of the firm, procurement and supplier’s data, accounting information, and supply chain data. Generally, the ERP will process data from divisions across all departments.

SB- 12112421

The wireless LAN system serves as a router to enable faster and safer cableless communiqué between divisions in the office building. The staff can also use the system to access the internet for research and other work-related activities.
WLAN systems do not really process data as it serves as a medium in which connected computers and devices send and receive signals and data.

SB-12117832

The major role of the payroll system in South Balance company is to oversee the procedures of paying workers. The system is also responsible for the production and distributing pay-checks to appropriate persons.
The system is also used for paying and filling occupation taxes and other subtractions such as mortgages, credits, and loans. (Rainer, R. K. (2020).
The payroll system processes the employee information such as their names, social security numbers, addresses, particulars on current payment and contributions, and tax filing standing. The pay amount and regularity for every worker, their state and local tax reserving identification number are also processed by the payroll system.

8. System Environment

· For the 3 systems above, provide a general description of the technical system. Include the primary hardware, software, and communications equipment.

System ID

Description

SB-12012489

The ERP used in south Balance is founded on the cloud and it enables the users to entree ERP software through the internet. The primary hardware needed for the implementation of cloud ERP includes computer servers used for storage and databases. The primary software needed is Microsoft Dynamics 365. Access point/base station is the type of communication equipment used in the ERP system. (Bjelland, E. (2020).

SB- 12112421

The WLAN system uses microwave or radio transmission to convey data from one processor to another without wires. A WLAN consists of connections and access points. A node could be a peripheral or a computer having a system connecter or antenna. The access point or base station serves as transmitters and delivers data among the nodes or between the computers and the additional network. (Rainer, R. K. (2020).

SB-12117832

The payroll system incorporates all things that go into waging and onboarding of the company’s workers. The system requires computers for data input and servers for information storage. The software utilized is the GUSTO payroll system. Communication equipment is the WLAN router.

11. Risk Assessment and Future Plan
• For the 3 systems above, provide a general description of overall cybersecurity risks. Include the primary hardware, software, and communications equipment.

System ID

Description

SB-12012489

The computers and servers would be infected by malware through backdoors. Also, individuals with malicious intentions could obtain passwords to computers and would thereby manipulate or alter data in the servers. the software could be attacked by viruses, trojan, botnets, rootkits, and phasing attacks, which would result in a breach or data destruction. (Turner, L. (2020). When using an access point as communication equipment, online invaders might attempt to piggyback, shoulder surf, or use wireless sniffing to gain entree to the company data, which would be disastrous.

SB- 12112421

WLAN networks are predisposed to unlawful admittance over network capitals such as wardriving, piggybacking, and evil-twin strikes, subsequent in susceptibility of confidential and private company data.

SB-12117832

Viruses and worms could infect the hardware used by the payroll system thereby damaging or manipulating the data which would incur huge financial losses to the company. Also, the use of wireless routers as communication equipment predisposes the system to attacks such as shoulder surfing and wireless sniffing. (Turner, L. (2020).

12. Related Laws/Regulations/Policies
• For the 3 systems above, list any laws or regulations that establish specific requirements for the confidentiality, integrity, or availability of the data in the system.

System ID

Description

SB-12012489

Sarbanes-Oxley Act encompasses obligations intended to aid businesses to avert financial reportage fraud.

SB- 12112421

FCC rules, which are below title 47 of the code of national guidelines. Section 15 (47CFR15) outlines that when using computers or devices falling in the approved range, the user must register the computer or devices, conduct tests, and so on.

SB-12117832

The company guidelines including pay strategy, benefits and leave policy, and attending policy must be adhered to when implementing this system.

13. Minimum Security Controls
· Provide 30 controls (of your choice) from the NIST 800-171 Security Controls documentation. Each one will be to cover all three of the above systems or, if control is specific to one of the three notate that in the control writeup. Copy and paste the below to provide all 30 controls.

NIST 800-171 Control Number:

Control Family:

NIST 800-53 Mapping:

Relevant 20 Critical Control:

Control Summary:

Implementation Status:

Immediate Action Plan (6 months):

Action Plan (12-24 months):

Long Range Action Plan (3-5 years):

References

Bjelland, E., & Haddara, M. (2018). Evolution of ERP systems in the cloud: A study on system updates. Systems, 6(2), 22.
Rainer, R. K., Prince, B., Splettstoesser-Hogeterp, I., Sanchez-Rodriguez, C., & Ebrahimi, S. (2020). Introduction to information systems. John Wiley & Sons.
Turner, L., Weickgenannt, A. B., & Copeland, M. K. (2020). Accounting information systems: controls and processes. John Wiley & Sons.

Tulane University – SOPA
CPST – 3900

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 30% with the discount code HAPPY