Cyber Resilience and Risk Management
Ollie Hall Jr.
Portfolio Project
Codecademy
June 03, 2023
Introduction
As the new Chief information Security Officer (CISO) of Mango Wearable Solutions. It’s important to discuss why cybersecurity is important. The frameworks, procedures, and policies that control our company’s information technology, protect the company’s assets and data. There are many threats, risks, and opportunities to be exploited through social engineering attempts. It is important to put security first culture at our company, especially since our latest product involves the development of wearable devices of personal and medical use. It is important to ensure the confidentiality, integrity, and availability of data within these products as well as the systems and data that need to remain secure. There have been several tech startups that have been affected by high profile data breaches. It is important to protect against potential attacks or loss of data through human error as well as the potential reputational damage that will affect Mango Wearable Solutions.
Security Culture
While our company will be forming a department for information technology (IT) and a cyber security incident response team (CSIRT), security is a team effort. Everyone has the potential to be affected by a risk or developing a vulnerability. It is important as a technology solutions company to be aware and trained on risks such as viruses, intentional threat actors, privilege escalation, and risks to all administrative, technical, and physical safeguards. Many new members of the workforce to our senior engineers, scientists, and IT professionals may become complacent or unaware of the new and rising threats within the cybersecurity landscape. In order to help build a cybersecurity focused culture at our company, there are plans to provide bi-annually paid cybersecurity at our company and provide paid training and encourage paid professional certifications for all employees. Not only does Mango Wearable Solutions seek to help promote the professional development of all out employees. It is important to provide all the resources available to help build a culture of vigilance, familiarity, and experts.
Cyber Resilience
Implementing cyber resilience involves the implementation of several areas such as redundancy, policies, risk management, frameworks, security configurations, risk identification, cryptography, and public key infrastructure (PKI). It is important to balance the constant improvement of systems, hardening of configurations, implementation of guidelines regarding the costs that affect the level of security. It is best to adopt an approach to avoid and use mitigations for all risks that may affect the company. Within the CIA standards of cybersecurity, it is important to maximize our company’s confidentiality and integrity while minimizing availability to acceptable levels to both employees and outside threats. The company will utilize VLAN and VPN configured with on-site servers and switches with RAID redundancies. Resilient and hardened systems will help our organization survive the targeted attacks on new startups in technology.
Going Forward
The company will be closely following the National Institute of Standards and Technology (NIST) framework. Security policies, training, and configurations will become dynamic in the face of the evolving cybersecurity landscape. Multifactor authentication will be utilized with various methods and policies for account access. Going forward, our company will be overtly focused on security by conducting penetration tests, assessments, and audits semi-annually due to the hostility that new companies against threat actors. This will help ensure the systems, policies, and procedures are secured to the best of their ability.
Conclusions
In order to ensure a successful company and development of our product, Mango Wearable Solutions will focus heavily on building a prestigious cybersecurity-based culture regarding systems and data. Training and promoting a knowledgeable workforce will only help deepen the hardened and resilient controls and configurations that will be in place.
