I have two more images to attach.

Ris Severi Mitigatio NIST Subcategor . Install endpoint protection and automated patch management. Description: Enforce MFA across all platforms handling sensitive or financial data for . People: IT staff need training on new architecture and tools. ty (1- Laws/Standa Ris Implementat Category remote and privileged access. Irds Policies: Update network access policies according to the new design. 5) Strategy Ref Descriptio Deploy a Security Information and Event Management (SIEM) system for monitoring. d. Infrastructure Impact: Processes: Establish routine audits and maintenance, including patch and update Weak People: Employees will be required to adopt new login procedures but will benefit from schedules (ENISA, 2022). MFA for Upgrade outdated hardware and software. Confidential added security (Microsoft, 2022). remote ARemote GLBA remote PR.Access MFA solution Design a segmented network with secure zones for sensitive data. Technologies: Use industry-standard devices and software for network delineation and access . Policies: Update all access control policies to mandate MFA for critical systems. controls secured traffic control. Ensure regular, secure backups and test recovery procedures. Processes: Develop support materials and help desk guidance to facilitate smooth Example: Inadequate Vendor Cybersecurity Strategy for Padgett-Beale Financial Services adoption. A typical secure financial services network includes a DMZ for public-facing web 9 vendor Confidential risk Third-party ID.SC-Vendor risk servers, a private zone for databases, and internal IDS/IPS for continuous threat detection GLBA Following the recent merger between Island Banking Services and Padgett-Beale Technologies: Implement solutions compatible with existing systems, such as Duo manageme ity assessmen risk program 3 managed Financial Services (PB-FS), there is an urgent need for a robust cybersecurity strategy Security or Google Authenticator. (Scarfone Mell, 2007). its that aligns with current risks and regulatory requirements. The financial sector is a frequent target for cyber threats, making a well-structured approach to cybersecurity Example: Sample Network Diagram: Deploy essential for protecting sensitive customer data and maintaining regulatory compliance Here's a simplified description of a possible network diagram for the "to-be" state Lack of Integrity SIEM, If hackers acquire a password through phishing, MFA will prevent them from SIEM 1 monitoring SOX DE.C Events lenable immediately accessing sensitive accounts (Microsoft, 2022). of the IT infrastructure: solution M-1 monitored (Verizon, 2023; Federal Trade Commission, 2023). This document outlines practical, logging evidence-based steps in the areas of people, policy, technology, and process, designed to 3. Establish a Security Information and Event Management (SIEM) System [ Internet] strengthen PB-FS's security posture. Description: Implement a SIEM solution to centralize real-time monitoring, log analysis, 1. Conduct a Comprehensive Security Awareness Training Program and incident response. [Firewall] Cybersecurity Strategy Description: Mandate regular cybersecurity awareness training for all employees to build Impact: [DMZ] --- [Web Server] (Public) PB-FS's cybersecurity strategy will focus on the following pillars: a security-conscious corporate culture. People: Train the cybersecurity team to manage and interpret SIEM alerts (Gartner, a. People Impact: 2023). [Database Server] (Private) Hire a dedicated cybersecurity officer and support staff People: Employees serve as the first line of defense. Training helps them recognize Policies: Develop incident response procedures tied directly to STEM monitoring for Internal Network] Conduct regular security awareness training for all employees. threats like phishing and social engineering (Ablon Libicki, 2015). rapid action (NIST, 2018). [IDS/IPS] ---- [Workstation/Security Team Define clear roles and responsibilities for cybersecurity. . Policies: Establish clear, routine training requirements and incorporate them into Processes: Automate alerting for anomalies and streamline documentation during onboarding processes. incidents. b. Processes 5. Develop a Comprehensive Incident Response a d Business Continuity Plan . Processes: Integrate periodic assessments to evaluate knowledge retention and adapt Technologies: Options include platforms such as Splunk or IBM QRadar, integrated with Description: Document and regularly test tailored incident response and business Develop and enforce cybersecurity policies and procedures. training as needed (SANS Institute, 2023). the existing IT ecosystem. continuity plans as per legal and industry standards (NIST, 2018). Implement a formal incident response plan. Technologies: Utilize e-learning tools and simulated phishing exercises to engage staff. Example: Impact: Establish a vendor risk management process. Example: A SIEM system will notify security teams of suspicious activity, such as unauthorized access attempts to customer data, enabling timely investigation (Splunk, 2022). . People: Assign roles and train teams for crisis management and communication c. Technology Leveraging comment g commercial platforms such as KnowBe4, employees can participate in (Ponemon Institute, 2023). interactive modules on data protection, credential safety, and acceptable use practices 4. Strengthen Network Security Architecture Deploy firewalls, IDS/IPS, and network segmentation. (KnowBe4, 2023). . Policies: Craft IR and BCP documents aligned with GLBA and state breach notification Description: Redesign the network to include strong perimeter defenses-next-gen laws (FTC, 2023). Implement encryption for sensitive data. . Implement Multi-Factor Authentication (MFA) firewalls, IDS/IPS, and segmented subnetworks (DMZs). Use MFA for all remote and privileged access. Processes: Conduct annual tabletop exercises to validate and update plans. Impact