Step 1: Conduct a Policy Gap AnalysisAs you begin Step 1 of your system security report on cybersecurity for mergers and acquisitions, keep in mind that the networks of companies going through an M&A can be subject to cyberattack. As you work through this step and the others, keep these questions in mind:Are companies going through an M&A prone to more attacks or more focused attacks?If so, what is the appropriate course of action?Should the M&A activities be kept confidential?Now, look at the existing security policies in regard to the acquisition of the media streaming company. You have to explain to the executives that before any systems are integrated, their security policies will need to be reviewed.Conduct a policy gap analysis to ensure the target company’s security policies follow relevant industry standards as well as local, state, and national laws and regulations. In other words, you need to make sure the new company will not inherit any statutory or regulatory noncompliance from either of the two original companies. This step would also identify what, if any, laws and regulations the target company is subject to. If those are different from the laws and regulations the acquiring company is subject to, then this document should answer the following questions:How would you identify the differences?How would you learn about the relevant laws and regulations?How would you ensure compliance with those laws and regulations?The streaming company that is being acquired has a current customer base of 150,000 users, who on average pay $14.99 in monthly fees. Based on the overall income, use PCI Standards DSS 12 requirements, and the PCI DSS Quick Reference Guide to identify a secure strategy, and operating system protections to protect the credit card data.Select at least two appropriate requirements from the PCI Standards DSS 12 set of requirements and explain how the controls should be implemented, how they will change the current network, and any costs associated with implementing the change.In the next step, you will review the streaming protocols that the companies are using.Step 2: Review Protocols for Streaming ServicesAfter reviewing the policies from the company and the policy gap analysis, the M&A leader asks you about the protocols used by the streaming company. He wants to know if the protocols used would affect the current state of cybersecurity within the current company environment. For this section, review the protocols, explain how they work along with any known vulnerabilities, and how to secure the company from cyberattacks. Start with researching the commonly known streaming protocols and the vulnerabilities of those protocols. Some examples are the Real-Time Streaming Protocol (RTSP), Real-Time Transport Protocol (RTP) and the Real-Time Transport Control Protocol (RTCP).Additionally, the leadership wants to know if any vulnerabilities identified would or could lead to a no-go on the M&A.In other words:You need to identify what streaming the companies are doing and the specific technology they are leveraging.What are the technical vulnerabilities associated with the protocols involved?Have those been mitigated? And to what extent (i.e., has the risk been reduced to zero, reduced somewhat, shifted to a third party, etc.)?What residual risk to the target company’s assets and IP remain?Would those risks extend to the current (takeover) company after the merger?a. Would that be bad enough to cancel the M&A?If the response to #5 is yes, then, what should the target company do to further mitigate the risk? How should the takeover company mitigate the risk?What are the costs associated to the target company (implementing the appropriate mitigation)? If the takeover firm has to take additional measures, identify those costs as well.After assessing and reviewing the streaming protocols, move to the next step, where you will assess the infrastructure of the merged network.Step 3: Assess the Merged Network InfrastructureYouve just reviewed the streaming services of the companies, and now you will assess the infrastructure of the new network. The networks of the two companies could be configured differently, or they could use the same hardware and software, or completely different hardware and software.The purpose of this section is to understand what tools the company is using, the benefits and shortcomings of those tools, and the gaps within the network. Explain what tactics, techniques, and procedures you would use to understand the network. You should identify firewalls, DMZ(s), other network systems, and the status of those devices.When your assessment of the infrastructure is complete, move to the next step, where you will assess any existing policies for wireless and bring your own device (BYOD) within the companies.Step 4: Review the Wireless and BYOD PoliciesWithin Project 2, you learned about and discussed wireless networks. An M&A provides an opportunity for both companies to review their wireless networks. Within your report, explain the media company’s current stance on wireless devices and BYOD. However, the company that is being acquired does not have a BYOD policy. Explain to the managers of the acquisition what needs to be done for the new company to meet the goals of the BYOD policy.When the review of the wireless and BYOD policies is complete, move to the next step: developing a data protection plan.Step 5: Develop a Data Protection PlanYouve completed the review of the wireless and BYOD policies. In this step, you will develop the recommendations portion of your report in which you will suggest additional mechanisms for data protection at different levels of the acquired companys architecture.Include the benefits, implementation activities required for protection and defense measures such as full disk encryption, BitLocker, and platform identity keys. You also want to convey to your leadership the importance of system integrity and an overall trusted computing base, environment, and support. Describe what this would entail and include Trusted Platform Module (TPM) components and drivers. How are these mechanisms employed in an authentication and authorization system? Include this in the report and whether the merging company has this.In the next step, you will assess any risks with the supply chain of the acquired company.Step 6: Review Supply Chain RiskThe data protection plan is ready. In this step, you will take a look at risks to the supply chain. Acquiring a new company also means inheriting the risks associated with its supply chain and those firm’s systems and technologies. Include supply chain risks and list the security measures in place to mitigate those risks. Use the
. WITH BEST NURSING TUTORS TODAY AND GET AN AMAZING DISCOUNT
The post Step 1: Conduct a Policy Gap AnalysisAs you begin appeared first on BEST NURSING TUTORS .
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount! Use Discount Code “Newclient” for a 15% Discount!NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.
The post Step 1: Conduct a Policy Gap AnalysisAs you begin appeared first on The Nursing Hub.