Week 5 Discussion - Assessing Maturity For Cybersecurity Program Management

Assessing Maturity for Cybersecurity Program Management

[Author Name(s), First M. Last, Omit Titles and Degrees]

[Institutional Affiliation(s)]

Author Note

[Include any grant/funding information and a complete correspondence address.]

Introduction

Padgett-Beale is executing its operations on national and international level for many years having resorts and hotels in different countries across the globe. The company has started its financial services in the form of business acquisition of previous Island Banking Service. Due to increase of cybercrimes and data beach incidents, cybersecurity of the company’s online and financial services is very important. Financial services and International banking have been the primary targets of cyber criminals and implementation of regulatory frameworks and standards are very important for prevention and deterrence. In this discussion, we will discuss the laws and regulations which must be followed in the management program for financial services firm of Padgett-Beale and also will analyze the level maturity of PBI-FS, the financial services firm of company along with best practices in this regard.

Analysis

Cybersecurity of an organization is based on effective management and adoption of reliable set of standards and frameworks in order to ensure safety and reliability of information and financial transactions within the organization. There are several approaches an organization can adopt in order to achieve the desired outcomes. One of the approaches is the adaption of NIST cybersecurity framework for the development of cybersecurity management program which is the collaboration of private sector organizations and US government. According to reports and estimates about 50 percent of the cybersecurity organizations are using NIST standards and frameworks in their operations and information security practices CITATION Dre17 \l 1033 (Matto, 2017).

For financial services there are several guidelines and regulations regarding protection of customers information from cyberattacks. Department of financial services have issued regulation of 23 NYCRR 500 for the companies to comply with. It requires banks to have a thorough plan of cybersecurity and also enforces the declaration of cyber incidents in 72 hours. One of the best practices for these services and retailers is adherence with PCI-DSS which is the acronym of Payment Card Industry Security Standard. This standard provides information as how to transmit and store the payment information in order to minimize the risk of fraud and data breach CITATION Bea17 \l 1033 (Patel, 2017).

Maturity model of the cybersecurity of an organization helps to define a path forward and assess its performance along the path. Several models are used in the organizations in this regard which give a comprehensive approach to cover many aspects of information security. For the maturity model assessment of PBI-FS’s cybersecurity management program, two models are suggested, NIST CSF and C2M2. C2M2 cybersecurity capability model and was introduced by the United States Department of Energy for utility and power companies but it can be utilized by any company to measure capabilities of their cybersecurity maturity CITATION Jas18 \l 1033 (Christopher, 2018). The model identifies the weakness and strength of cybersecurity of an organization in following domains.

Risk management

Situational awareness.

Change and configuration, asset management.

Operation continuity

Vulnerability and threat management

Communications and Information sharing

Summary

PBI-FS’s cybersecurity management program is suggested to be based on certain laws and regulations and practices must be adopted in compliance with standards and frameworks. For the most part, NIST cybersecurity framework is suggested which provides a variety of standards and frameworks for different purposes. For financial services, PCI-DSS and 23 NYCRR 500 regulation is suggested for smooth and reliable operations. In order to carry out effective assessment of company’s cybersecurity maturity, C2M2 and NIST-CSF are suggested and it is expected that implementation of these standards and framework will increase confidentiality, integrity and accessibility of PBI-FS’s services.

References

BIBLIOGRAPHY Christopher, J. (2018, 11 1). The Cybersecurity Maturity Model: A Means To Measure And Improve Your Cybersecurity Program. Retrieved from Forbes: https://www.forbes.com/sites/forbestechcouncil/2018/11/01/the-cybersecurity-maturity-model-a-means-to-measure-and-improve-your-cybersecurity-program/#65a67745680b

Last Name, F. M. (Year). Article Title. Journal Title, Pages From - To.

Last Name, F. M. (Year). Book Title. City Name: Publisher Name.

Matto, D. D. (2017, 12 5). Executive Insights: Changing Cybersecurity Regulations that Global Financial Services Firms Need to Know About. Retrieved from FORTINET: https://www.fortinet.com/blog/business-and-technology/changing-cybersecurity-regulations-that-global-financial-services-firms-need-to-know-about5a21e0c8bde24.html

Patel, B. (2017, 9 29). Cyber Security Regulations : Financial Services. Retrieved from Finextra: https://www.finextra.com/blogposting/14569/cyber-security-regulations--financial-services