Cybersecurity plan
Name
Institutional Affiliation
date
Cybersecurity Plan
1. Information System Name/Title:
· List 3 major systems that South Balance would have and assign a unique identifier and name given to the system.
System ID | System Description |
SB-12012489 | Microsoft Dynamics 365 Enterprise resource planning (ERP). This system is an amalgamated procedure of collecting and systematizing data through an incorporated software suite. The ERP system comprises applications for smoothing South balance’s functionalities across all departments |
SB- 12112421 | AT&T Wireless networks (WLAN). The company uses Local Area Network which is a computer network connecting all devices and computers within the firm’s building. |
SB-12117832 | Gusto Payroll system. This system computes the amount of wages each worker is to be salaried centered on factors like hourly earnings, taxes, and other withholding sums. |
2. Information System Categorization:
· For the 3 systems above, identify the appropriate FIPS 199 Availability categorization (place an X in the appropriate column). See the FIPS 199 document for definitions.
System ID | LOW | MODERATE | HIGH |
SB-12012489 | X | ||
SB- 12112421 | X | ||
SB-12117832 | X |
3. Information System Owner:
· For the 3 systems above, identify the name and title of the system owner. In a real Security plan, this would also include agency, address, email address, and phone number.
System ID | System Owner Name | System Owner Title |
SB-12012489 | Antonio Lazzeri. 115 Glann Rd Apalchin, New York (NY), 13874 Tel- (984) 895- 7997 Email- alazzeri@hotmail.com | Chief information officer |
SB- 12112421 | Christian Ivanov 17 N Middleton Rd, New York (NY), 12867 Tel- (440)212-1784 Email- ivanova@gmail.com | Chief IT security, Science Soft Inc. |
SB-12117832 | Louise Gehrig 4744 transit Rd Depew, New York (NY), 14123 Tel- (508) 739-8971 Email- gehriglouise@hotmail.com | Chief financial officer and vice president of finance |
4. Assignment of Security Responsibility:
· For the 3 systems above, identify the name and title of the person responsible for the security of that system. In a real Security plan, this would also include address, email address, and phone number.
System ID | System Owner Name | System Owner Title |
SB-12012489 | Walter Johnson. 103 S Railroad Ave Bronxville, New York (NY), 10708 Tel- (515) 127-1218 Email- walterjohnson@hotmail.com | Chief information security officer and director of IT security |
SB- 12112421 | Lawrence Berra. 242 Hudson St Long Beach, New York (NY), 11462 Tel-(516)-107-2424 Email: berraL@ Hotmail.com | Director of IT operations |
SB-12117832 | Mariana Rivera. 18 Willett Ave, New York (NY), 11575 Tel- 516) 108-2014 Email- riveramariana@hotmail.com | Director of finance |
5. Information System Operational Status:
· For the 3 systems above, indicate the operational status of the system (place an x in the appropriate column).
System ID | Operational | Under Development | Major Modification |
SB-12012489 | X | ||
SB- 12112421 | X | ||
SB-12117832 | X |
6. Information System Type:
· For the 3 systems above, indicate if the system is a major application or a general support system. If the system contains minor applications, list them in Section 9. General System Description/Purpose.
System ID | Major Application | General Support System |
SB-12012489 | X | |
SB- 12112421 | X | |
SB-12117832 | X |
7. General System Description/Purpose
· For the 3 systems above, describe the function or purpose of the system and the information it processes.
System ID | Description |
SB-12012489 | The ERP system of South Balance has major application in amalgamating the company’s fiscal recording by incorporating financial data in one network. Also, the ERP interconnects order managing, thereby making order acquiring, inventory, dissemination, and bookkeeping a much effortless and less error-predisposed procedure. (Bjelland, E. (2020). The ERP systems can also be used as an overall support system in the procurement of products and raw materials and the human resource department for automated duty allocation and candidate selection. The ERP system process information on the financial stance of the firm, procurement and supplier’s data, accounting information, and supply chain data. Generally, the ERP will process data from divisions across all departments. |
SB- 12112421 | The wireless LAN system serves as a router to enable faster and safer cableless communiqué between divisions in the office building. The staff can also use the system to access the internet for research and other work-related activities. WLAN systems do not really process data as it serves as a medium in which connected computers and devices send and receive signals and data. |
SB-12117832 | The major role of the payroll system in South Balance company is to oversee the procedures of paying workers. The system is also responsible for the production and distributing pay-checks to appropriate persons. The system is also used for paying and filling occupation taxes and other subtractions such as mortgages, credits, and loans. (Rainer, R. K. (2020). The payroll system processes the employee information such as their names, social security numbers, addresses, particulars on current payment and contributions, and tax filing standing. The pay amount and regularity for every worker, their state and local tax reserving identification number are also processed by the payroll system. |
8. System Environment
· For the 3 systems above, provide a general description of the technical system. Include the primary hardware, software, and communications equipment.
System ID | Description |
SB-12012489 | The ERP used in south Balance is founded on the cloud and it enables the users to entree ERP software through the internet. The primary hardware needed for the implementation of cloud ERP includes computer servers used for storage and databases. The primary software needed is Microsoft Dynamics 365. Access point/base station is the type of communication equipment used in the ERP system. (Bjelland, E. (2020). |
SB- 12112421 | The WLAN system uses microwave or radio transmission to convey data from one processor to another without wires. A WLAN consists of connections and access points. A node could be a peripheral or a computer having a system connecter or antenna. The access point or base station serves as transmitters and delivers data among the nodes or between the computers and the additional network. (Rainer, R. K. (2020). |
SB-12117832 | The payroll system incorporates all things that go into waging and onboarding of the company’s workers. The system requires computers for data input and servers for information storage. The software utilized is the GUSTO payroll system. Communication equipment is the WLAN router. |
11. Risk Assessment and Future Plan
• For the 3 systems above, provide a general description of overall cybersecurity risks. Include the primary hardware, software, and communications equipment.
System ID | Description |
SB-12012489 | The computers and servers would be infected by malware through backdoors. Also, individuals with malicious intentions could obtain passwords to computers and would thereby manipulate or alter data in the servers. the software could be attacked by viruses, trojan, botnets, rootkits, and phasing attacks, which would result in a breach or data destruction. (Turner, L. (2020). When using an access point as communication equipment, online invaders might attempt to piggyback, shoulder surf, or use wireless sniffing to gain entree to the company data, which would be disastrous. |
SB- 12112421 | WLAN networks are predisposed to unlawful admittance over network capitals such as wardriving, piggybacking, and evil-twin strikes, subsequent in susceptibility of confidential and private company data. |
SB-12117832 | Viruses and worms could infect the hardware used by the payroll system thereby damaging or manipulating the data which would incur huge financial losses to the company. Also, the use of wireless routers as communication equipment predisposes the system to attacks such as shoulder surfing and wireless sniffing. (Turner, L. (2020). |
12. Related Laws/Regulations/Policies
• For the 3 systems above, list any laws or regulations that establish specific requirements for the confidentiality, integrity, or availability of the data in the system.
System ID | Description |
SB-12012489 | Sarbanes-Oxley Act encompasses obligations intended to aid businesses to avert financial reportage fraud. |
SB- 12112421 | FCC rules, which are below title 47 of the code of national guidelines. Section 15 (47CFR15) outlines that when using computers or devices falling in the approved range, the user must register the computer or devices, conduct tests, and so on. |
SB-12117832 | The company guidelines including pay strategy, benefits and leave policy, and attending policy must be adhered to when implementing this system. |
13. Minimum Security Controls
· Provide 30 controls (of your choice) from the NIST 800-171 Security Controls documentation. Each one will be to cover all three of the above systems or, if control is specific to one of the three notate that in the control writeup. Copy and paste the below to provide all 30 controls.
NIST 800-171 Control Number:
Control Family:
NIST 800-53 Mapping:
Relevant 20 Critical Control:
Control Summary:
Implementation Status:
Immediate Action Plan (6 months):
Action Plan (12-24 months):
Long Range Action Plan (3-5 years):
References
Bjelland, E., & Haddara, M. (2018). Evolution of ERP systems in the cloud: A study on system updates. Systems, 6(2), 22.
Rainer, R. K., Prince, B., Splettstoesser-Hogeterp, I., Sanchez-Rodriguez, C., & Ebrahimi, S. (2020). Introduction to information systems. John Wiley & Sons.
Turner, L., Weickgenannt, A. B., & Copeland, M. K. (2020). Accounting information systems: controls and processes. John Wiley & Sons.
Tulane University – SOPA
CPST – 3900
-
GET SOLUTION FOR THIS ASSIGNMENT
TO BE RE-WRITTEN FROM THE SCRATCH
- Original and non-plagiarized custom papers. Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
- Timely Delivery. capitalessaywriting.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
- Customer satisfaction. Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
- Privacy and safety. It’s secure to place an order at capitalessaywriting.com We won’t reveal your private information to anyone else.
- Writing services provided by experts. Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
- Enjoy our bonus services. You can make a free inquiry before placing and your order and paying this way, you know just how much you will pay. bank robbery would be property theft of money
- Premium papers. We provide the highest quality papers in the writing industry. Our company only employs specialized professional writers who take pride in satisfying the needs of our huge client base by offering them premium writing services.