Throughout your career in cybersecurity management, you will be expected to be able to develop and improve an IT department to support a company's strategic goals and mission. To accomplish this, assessments of the organization's cybersecurity posture will need to be conducted to secure the company's information and systems. The organization's leadership may decide to hire external consultants to do this assessment. The consultants will review the security policies, standards, procedures, and guidelines that are used to secure the company's assets. Additionally, they will look at compliance issues, personnel roles and assignments, continuity plans, and overall risk management.

In this task, you will analyze an independent assessment and respond to it in a detailed written report. You will need to read the attached "Company Overview" and "Independent Security Report" that correspond with the following scenario. Scenario SAGE Books is a retail bookseller that provides customers with a one-stop-shopping experience for books, magazines, and multimedia (music, DVDs, and Blu-ray). During a recent board meeting, the discussion centered on how the company can improve its operations and secure its information and information systems. Board members focused on enhancing SAGE's e-commerce website, keeping cybersecurity at the forefront of its new website design and marketing plan. As a result of this meeting, the board decided to have an independent assessment of the cybersecurity posture of the company. The assessment was completed by Secure Tech Solutions. This organization uncovered a number of issues with SAGE Books's security program and sent a security report detailing what was found. (See the "Independent Security Report" supporting document.)

As SAGE Books's chief information security officer (CISO), you act as the leader of the cybersecurity department. You are required to review the report and write SAGE Books's response to the proposed security improvements. You must determine the appropriate actions to take, resulting in a plan for fixing the revealed issues. Your response must be provided in a written report outlining the ways SAGE Books will improve security. This report will be given to the board of directors and upper management, including the chief executive officer (CEO). Requirements Your submission must represent your original work and understanding of the course material. Most performance assessment submissions are automatically scanned through the WGU similarity checker. Students are strongly encouraged to wait for the similarity report to generate after uploading their work and then review it to ensure Academic Authenticity guidelines are met before submitting the file for evaluation. See Understanding Similarity Reports for more information.

Grammarly Note: Professional Communication will be automatically assessed through Grammarly for Education in most performance assessments before a student submits work for evaluation. Students are strongly encouraged to review the Grammarly for Education feedback prior to submitting work for evaluation, as the overall submission will not pass without this aspect passing. See Use Grammarly for Education Effectively for more information.

Microsoft Files Note: Write your paper in Microsoft Word (.doc or .docx) unless another Microsoft product, or pdf, is specified in the task directions.Tasks maynotbe submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc. All supporting documentation, such as screenshots and proof of experience, should be collected in a pdf file and submitted separately from the main file.For more information, please see Computer System and Technology Requirements.

You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.

A. Summarize the gaps that exist currently in the company's security framework as described in the attached "Independent Security Report."

B. Develop mitigation strategies to address the gaps identified in the "Independent Security Report," ensuring compliance with PCI DSS and GDPR.

C. Identify three critical security staff positions and the responsibilities for each position, which must be hired to meet compliance, risk, and governance requirements using the NICE Framework discussed in the "Independent Security Report."

D. Describe at least three physical vulnerabilities and/or threats and at least three logical vulnerabilities and/or threats and how each impacts the security posture of the company based on the attached "Company Overview" document and "Independent Security Report."

E. Develop a cybersecurity awareness training program in alignment with NIST standards, including the following:

annual training requirements

specialized training requirements

continued awareness

F. Summarize the standards required for securing organizational assets regarding policies for acceptable use, mobile devices, passwords, and personally identifiable information (PII), using regulatory or contractual sources to support your claims.

G. Develop an incident response plan for the company in alignment with the attached "Independent Security Report," following the four incident handling phases according to NIST standards.

H. Develop a business continuity plan (BCP) to address potential natural disasters as described in the "Independent Security Report," including the following phases:

project scope and planning

business impact analysis

continuity planning

plan approval and implementation

I. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.

J. Demonstrate professional communication in the content and presentation of your submission.