1 | P a g e ACCG8086 Cybersecurity, Governance Frameworks and Ethics Strategy Cybersecurity...

Question

1 | P a g e
ACCG8086 Cybersecurity, Governance Frameworks and Ethics
Strategy Cybersecurity Roadmap/Plan for the Board
Due Week 7 (Sunday 12 April 2020)
Value: 30 per cent of final marks
Final 10 Fe
uary 2020
The assessment task aim is to develop a Cybersecurity Roadmap/Plan for Board members targeted for a specific company.
Instructions
1. Download and Read the Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 National Institute of Standards
and Technology (NIST) (available here: https:
www.nist.gov/cyberframework/framework). The Framework is designed to be a key part of an
organisation’s systematic process for identifying, assessing, and managing cybersecurity risk.
2. Find a recent (2019/2020) case study relating to a data
each (this website might be useful: https:
www.data
eachtoday.com/cybercrime-c-
416). Investigate the
each (including finding other sources) and explain why you selected the case study, who was responsible for the
each, the consequences and actions taken.
3. Develop a cybersecurity roadmap/plan for the case study organisation you selected to present to the Board. Use the relevant components of
the Framework for Improving Critical Infrastructure Cybersecurity Version 1.1 National Institute of Standards and Technology to structure
your report (justify your selection of components).
4. Using the roadmap/plan critically evaluate how your case study organisation could have avoided the
each.
Report Requirements
1. Write a report that addresses the areas outlined above. The report should not exceed 3,000 words (between 6 and 8 pages depending on the Font
style selected). The word count excludes the reference list, title page, table of contents and appendices – if applicable. The report should be in 12-point
font, single-spaced in word processing software such as Microsoft Word. The report should have appropriate headings and subheadings (including a
cover page, an introduction and conclusion).
2. This report must use scholarly articles to support any claims you make. You must use the Harvard referencing style (see
http:
libguides.mq.edu.au/Referencing).
3. Take advantage of the resources available to you. Learning skills workshops https:
students.mq.edu.au/support/study/skills-
development/workshop-calendar are highly recommended. Other resources are available here: https:
students.mq.edu.au/support/study/skills-
development.
4. Review the marking ru
ic so that you understand how you will receive feedback.
5. You need to upload your assignment to http:
ilearn.mq.edu.au by 23:00 12th April. Otherwise, your assignment will be considered late (see unit
guide for penalties).
https:
www.nist.gov/cyberframework/framework
https:
www.data
eachtoday.com/cybercrime-c-416
https:
www.data
eachtoday.com/cybercrime-c-416
http:
libguides.mq.edu.au/Referencing
https:
students.mq.edu.au/support/study/skills-development/workshop-calenda
https:
students.mq.edu.au/support/study/skills-development/workshop-calenda
https:
students.mq.edu.au/support/study/skills-development
https:
students.mq.edu.au/support/study/skills-development
http:
ilearn.mq.edu.au
2 | P a g e
ACCG8086 Cybersecurity, Governance Frameworks and Ethics
Strategy Cybersecurity Roadmap/Plan for the Board
Due Week 7 (Sunday 12 April 2020)
Value: 30 per cent of final marks
Final 10 Fe
uary 2020

Fail (0)

Fail

Pass

Credit

Distinction

High Distinction

Total
Structure and
clarity of work/
writing structure
(including
spelling/gramma

paragraph
structure)
No attempt,
or
The report is difficult
to comprehend and
is inappropriately
structured.
Paragraphs are
hard to follow,
and the writing
does not flow
ecause of the
lack of structure.
Writing is very
choppy. There are
few to no
transition
statements which
connect the ideas
in work. Work is
difficult to
comprehend
ecause of
grammar and
spelling e
ors or
there are many
incomplete or run-
on sentences. It
appears that
grammar and
spell-check were
not used.
Many paragraphs
lack a topic
sentence, or the
detail sentences do
not flow from the
topic sentence.
Detail sentences do
not follow the order
introduced in the
topic sentence.
Work is hard to
follow because of
the paragraph
structure. The writing
is choppy, and the
eader doesn't
understand how we
got to the cu
ent
topic or concept from
the previous one.
There are many
e
ors in grammar
and spelling. It
appears that
grammar and spell-
check were not used
— incomplete or
un-on sentences
throughout the
eport.
Nearly all
paragraphs have a
topic sentence and
detail sentences
which flesh out the
topic. Some
paragraphs do not
flesh out the topic
in the order
introduced in the
topic sentence.
There are some
places where the
eader doesn't
understand how
the previous
concept or topic
connects to the
cu
ent one. Few
e
ors in grammar,
spelling, or
sentence structure
All paragraphs have
a topic sentence.
Detail sentences
flesh out the
information from the
topic sentence in
the order introduced
in the topic
sentence. End of
paragraph leads
into the next topic.
There are some
places where the
eader doesn't
understand how the
previous concept or
topic connects to
the cu
ent one.
Excellence in
grammar, spelling,
and sentence
structure.
Sentences are not
too long and are
complete
sentences.
All paragraphs have
a topic sentence.
Detail sentences
flesh out the
information from the
topic sentence in
the order introduced
in the topic
sentence. End of
paragraph leads into
the next topic. The
eader experiences
no inte
uption to
the flow and
understands how
each concept or
topic connects to
the previous one —
excellence in
grammar, spelling,
and sentence
structure.
Sentences are not
too long and are
complete
sentences.

4
Case Study No attempt,

or

The case is
inappropriate,
or there is no
analyse or link
to
cybersecurity
The case is
i
elevant, with little
or no analysis of
the issues in the
case study.
The case selected
is slightly relevant.
Presents a
superficial or
incomplete analysis
of some of the
identified issues;
omits some
components.
The case selected
is relevant.
Presents a good
analysis of most of
the issues
identified; missing
some necessary
components.
The case selected
is relevant.
Presents a
thorough analysis
of all identified
issues/problems;
includes all
necessary
components.
The case selected is
elevant. Presents
an insightful and
thorough analysis of
all identified
issues/problems;
includes all
necessary
components.

6
3 | P a g e
ACCG8086 Cybersecurity, Governance Frameworks and Ethics
Strategy Cybersecurity Roadmap/Plan for the Board
Due Week 7 (Sunday 12 April 2020)
Value: 30 per cent of final marks
Final 10 Fe
uary 2020
Sources and
Citations
No attempt,
or
The sources are
cited
inconsistently or
not at all. The
Harvard
eferencing
style is not
used.
Fewer than five
cu
ent sources or
fewer than two of
five are peer-
eviewed journal
articles or scholarly
ooks. Not all web
sites utilised are
credible, and/or
sources are not
cu
ent. Does not
cite data obtained
from other sources
or use the Harvard
citation style in text
or in the reference
list.
More than five
cu
ent sources of
which at least two
are peer review
journal articles or
scholarly books. All
web sites utilised
are authoritative. All
data obtained from
other sources is
cited. Harvard
citation style is used
in both intext and
eference list.
More than six
cu
ent sources, of
which at least three
are peer-review
journal articles or
scholarly books. All
web sites utilised
are authoritative.
Cites all data
obtained from other
sources. Harvard
citation style is
used in both intext
and reference list.
More than eight
cu
ent sources, of
which at least four
are peer-review
journal articles or
scholarly books. All
web sites utilised
are authoritative.
Cites all data
obtained from other
sources. Harvard
citation style is
used in both intext
and reference list.
More than ten
cu
ent sources, of
which at least six
are peer review
journal articles or
scholarly books.
Sources include
oth general
ackground sources
and specialised
sources. Special
interest sources and
popular literature
are acknowledged
as such if they are
cited. All web sites
utilised are
authoritative. Cites
all data obtained
from other sources.
Harvard citation
style is used in both
text and reference
list

4
Strategic Security
Roadmap
No attempt,
or
The roadmap/plan
shows no evidence
of synthesis of
ideas presented
and insights gained
throughout the
eport or linked to
the NIST
framework.
The roadmap/plan
does not clearly
flow from the report,
and/or misses key
issues. The
oadmap is not well
organised and is not

strategic-security-roadmap-rubric-10-february-2020-gpjgqfsc.pdf

Kuldeep · Accepted Answer

Cyber Security
Finastra
Student Name:
Unit Name:
University Name:
Date:
Contents
Selected the case study, who was responsible for the breach, the consequences and actions were taken	2
Ransomware Attack	2
Consequences	3
A cybersecurity roadmap/plan for the case study organization	4
ISO/IEC 27000, 27001 & 27002	6
NIST CSF	7
Case study organization could have avoided the breach	9
Conclusion	11
References	12
Selected the case study, who was responsible for the breach, the consequences and actions taken
The company’s chief executive said that London-based large financial services software provider Finastra continues to recover from the ransomware attack, which forced the company to take its IT business offline on Friday to prevent further damage to its corporate network damage. Founded in 2017, Finastra is one of the world's largest fintech companies, with revenue of $ 1.9 billion in 2019 (Finastra, World’s Third Largest Fintech, Hit by Ransomware, 2020). The company's website states that its software has been used by some of the world's largest banks. It has offices in 42 countries/regions, has 10,000 employees, and serves more than 9,000 customers. Finastra sells cloud-based local financial software, including mobile banking tools, financial institutions, investment companies, and retail stores.
Ransomware Attack
CEO Tom Kilroy, who published a series of announcements on the company’s website on Monday, pointed out that Finastra is still struggling to "restore full IT operations. As mentioned earlier, our solutions have their details. The process from available to operational Life; we are working closely with the affected customers to complete these important steps safely (Jain and Tripathi, 2019). An online update revealed that the program began on Friday, forcing Finastra to take its servers offline to prevent further spread of malware within its network. Kilroy did not provide details on the type of ransomware used to attack the company's infrastructure but noted that no customer or employee data was improperly accessed or leaked. Finastra, a company that provides a range of technology solutions to banks around the world, said today that it will shut down critical systems due to a security breach discovered this morning (Jongmo Yang, 2019). The company's public statements and notices to customers did not mention the cause of the interruption, but so far, their response has been entirely a script for handling ransomware attacks. On March 20th, sources from two independent financial institutions in the United States warned cybersecurity writer Brian Krebs that they had received notice from Finastra that they expected the “blackout” to immediately interrupt the main service of the fintech company Especially for North American customers. The notice also states that the disruption was due to "potential security breaches" and that the fintech company is investigating its origins (Malecki, 2019). Hours after communicating this news to customers, Finastra issued another statement, which provided more detailed information about the nature of the violation, indicating that the fintech company was subjected to a ransomware attack due to the incident.
Consequences
London’s Finastra has offices in 42 countries, and last year’s revenue exceeded $ 2 billion. The business has more than 10,000 workers and more than 9,000 clients in 130 countries-almost including the top 50 banks worldwide. Brian Krebs reports that a security breach disrupted the operations of London-based fintech company Finastra, which serves the world's top 50 banks. Finastra has more than 9,000 customers in 130 countries; sources at two different financial institutions in the United States forwarded the notifications they received from Finastra, saying that a power outage would disrupt certain services, especially for North American customers. The financial technology company Finastra has taken some of its servers offline after learning about "potentially unusual activity on our system." Chief Operating Officer Tom Kilroy said in a brief statement that Finastra has called an independent forensic company to investigate the scope of the incident. Finastra is a high-profile target of cybercriminals. It is the third leading fintech business in the whole world, with offices in 42 countries/regions, more than 10,000 employees and 9,000 customers. In 2019, the company's revenue exceeded $ 2 billion, and its customers include 90 of the world's top 100 banks. In addition to the company's status, Finastra's appeal to hackers also stems from the fact that there are many shortcomings in the track record related to network security and data protection. For example, according to threat intelligence company Bad Packets, the fintech company has long been running unpatched servers, which has made its system more vulnerable to various attacks and may be responsible for recent ransomware attacks. According to Bad Packets, this was determined by the entire Internet scan conducted last year. Bad Packets also noted that Finastra has been running outdated Pulse Secure VPN servers in 2019 and that they are still running outdated Citrix servers at the beginning of the year. As we all know, both server technologies have inherent vulnerabilities and have suffered cyber attacks in the past few months, and maybe attributed to Finastra's recent ransomware attacks. The use of ransomware attacks to exploit corporate security vulnerabilities, once considered an isolated niche data type, has recently become an increasingly standard technology among cybercriminals. According to ZDNet, this trend is because active ransomware groups have exploited the vast amount of data obtained from victims before launching ransomware attacks on their systems. After the attack, some or all of the stolen data is then posted on a "victim fraud site created by a ransomware gang" so that hackers can "strengthen the victim company" to pay a high ransom. KnowBe4's security awareness advocate James McQuiggan said: "With ransomware, the first weapon for data breaches is social engineering phishing scams." "For organizations, it is important to have a strong security awareness training program to Inform employees of the technology used by criminal hackers so that when phishing emails are in their inboxes, they can reduce the risk of being attacked. "
A cybersecurity roadmap/plan for the case study organization
Developing a security roadmap can help to align Finastra security processes with their business goals and optimize thier overall network security posture. With a solid roadmap, you will know where you are today, where you need to go to be more efficient,

1 | P a g e ACCG8086 Cybersecurity, Governance Frameworks and Ethics Strategy Cybersecurity Roadmap/Plan for the Board Due Week 7 (Sunday 12 April 2020) Value: 30 per cent of final marks Final 10...

Solution

Answer To This Question Is Available To Download

Related Questions & Answers

Submit New Assignment