Psinuvia Incorporated is a medical supply company specializing in wearable and implantable medical devices. Its chief scientist recently left the organization and returned to St. Petersburg, Russia. During a recent board meeting, the discussion centered on how the company can improve its operations and secure its information and information systems. Board members focused on the possibility of an internal threat from the recently departed chief scientist and the possibility of external threats. As a result of this meeting, the board decided to have an independent assessment of the cybersecurity posture of the company. The assessment was completed by Autojor Security Consultants. This organization uncovered a number of issues with Psinuvia’s security program and sent a security report detailing what was found. (See the “Independent Security Report” in the attachments.)
As Psinuvia Inc.’s chief technology officer (CTO), you act as the leader of the cybersecurity department. You are required to review the report and write Psinuvia’s response to the proposed security improvements. You must determine the appropriate actions to take, resulting in a plan for fixing the revealed issues. Your response must be in a written report outlining the ways Psinuvia will improve security. This report will be given to the board of directors and upper management, including the chief executive officer (CEO).
REQUIREMENTS
Your submission must be your original work. No more than a combined total of 30% of a submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. An originality report is provided when you submit your task that can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
A. Describe both the physical vulnerabilities and physical threats that put the security posture of Psinuvia Inc. at risk. Provide details from the attached “Independent Security Report,” including how each vulnerability or threat is negatively impacting the security posture of the company.
B. Describe both the logical vulnerabilities and logical threats that put the security posture of Psinuvia Inc. at risk. Provide details from the attached “Independent Security Report,” including how each vulnerability or threat is negatively impacting the security posture of the company.
C. Summarize industry standards for securing organizational assets regarding policies for acceptable use, mobile devices, passwords, and personally identifiable information (PII), using industry-respected sources to support your claims.
D. List the IT department duties that belong in the Compliance and Risk Department and the Security Department, as described in part six of the attached “Independent Security Report,” by organizing them into a chart or table.
E. Develop a PCI DSS-compliant policy to address the concerns in the “Independent Security Report,” including the roles and responsibilities of each component of the policy.
F. Propose methods for bringing Psinuvia Inc. into compliance with General Data Protection Regulation (GDPR) requirements, including specific examples for how each method will address international regulations.
G. Identify the HIPAA provisions Psinuvia Inc. needs to address, including the associated consequences for continued noncompliance.
H. Develop a business continuity plan to address the natural disaster described in part four of the “Independent Security Report.” CISSP best practice should inform execution and maintenance of mission critical tasks in the business continuity plan for Psinuvia Inc.
I. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
J. Demonstrate professional communication in the content and presentation of your submission.
