Cybersecurity Program Report
Table of Content
Executive Summary 3
1. Introduction 3
2. Framework Enhancement Proposal 4
2.1 Current Cybersecurity Framework: Describe the framework your organization is currently using. 4
2.2 Vulnerabilities: identify your bank’s cybersecurity vulnerabilities and how they are addressed by the current framework from 2.1 6
2.3 Framework Enhancement: Based on 2.2, esp., considering those vulnerabilities not effectively addressed by the current framework, what enhancements will you make to the bank’s framework? 7
3. Cybersecurity Framework Report – Based on your work in 2.1 – 2.3, what is your new framework? 10
4. Simulation Program Design – Use the Simulation Design Template attached/provided. 10
5. Cybersecurity Policy Report – What policies are needed and how will they be incorporated into the framework? 11
6. Cybersecurity Technology Report – What technologies are needed and how will they be incorporated into the framework? 13
7. Strategic Alignment of the Enterprise Cybersecurity Program 14
7.1 Overview of Enterprise Cybersecurity Program: Provide an overview of your Enterprise 14
References 16

Executive Summary
The banking sector experiences a significant portion of the total cybersecurity attacks. Statistics indicate that banking is the most targeted industry by cyber attackers in the world. The financial data and the personally identifiable information in the banking organizations is the main reason for the targeting. The offenders monetize the information obtained illegally. Some users in the dark web by the information for targeted cyber assaults. The hackers also transfer the funds obtained illegally to other hacked accounts. The tough compliance measures by regulatory bodies aim to enhance the resilience of the entities and protect the customer information. Despite the tough regulatory environment and a higher level of caution, the industry still experiences cybersecurity challenges and the frequency of the attack is increasing by the day.
1. Introduction
Zynaty Financial Company depends on the reliable functioning of its crucial infrastructure. Notably, the infrastructure is prone to cybersecurity threats that exploit the complexities and connectivities of the infrastructure system. In the event of any cybersecurity attacks, these will impede the provision of banking, compromise the security of information, potentially damage the financial status of the company, the reputation of the company and the firm’s bottom line is also affected by the cybersecurity risk. Furthermore, the organization’s capacity to engage in innovation, gain and retain its customers is also hindered. This illustrates the significance of prioritizing cybersecurity and amplifying the relevant elements concerned with the overall management of cybersecurity threats.
Therefore, this cybersecurity program report outlines the company’s Cybersecurity Framework Enhancement Proposal meant to address and manage the cybersecurity framework risk in a cost-effective way based on organizational needs. With an adherence to the Cybersecurity framework Act, the framework identifies an approach characterized by flexibility, repeatability, based on both performance and cost-efficiency to ensure the protection of its critical infrastructure from the identified cber-risks. Therefore, it includes the information security measures and controls to be adopted by the owners and users of Zynarty’s crucial infrastructure.
The Framework Enhancement proposal will first discuss the current cybersecurity framework in the organization, identify the cybersecurity vulnerabilities of the bank and their management by the current framework, and then identify the vulnerabilities from the current framework, which have not been effectively addressed, and the enhancements to be made to the Proposed Bank’s Framework. The next selection is to discuss the Cybersecurity Policy Report, followed by a Cybersecurity Technology Report then Strategic Alignment of the Enterprise Cybersecurity program. Considering the fact that the Framework embodies the long-standing pillar of Zynaty’s Cybersecurity Strategy, this Proposal included the key elements to achieve a robust understanding of the relevant cybersecurity attacks and accelerate the adoption of best practices across the infrastructure’s continuum.
2. Framework Enhancement Proposal
2.1 Current Cybersecurity Framework: Describe the framework your organization is currently using.
The current Cybersecurity framework that the company uses is a Cybersecurity Maturity Framework that has been designed to aid in the management of the organization’s level of risk with respective controls. The framework includes the statements to determine whether an organization’ culture (behaviors, practices and processes) support its preparedness in terms of cybersecurity. Five domains are to be used to illustrate the level of preparedness of the organization with each having its contributing items and assessment factors. For each component or item, a declarative statement is required for the description of activities supporting the assessment factor in each maturity level. The organization’s management id to determine the declarative statement that is the best fit of the organization’s current practices. These domains include:
 The Cyber Risk management and Oversight
 Threat Intelligence and Collaboration
 Cybersecurity Controls
 External dependency Management
 Cyber Incident Management and Resilience
Notably, the maturity levels range from baseline, evolving, intermediate, advanced and finally innovative. It is essential to note that the organization gets to move to the succeeding maturity level after achieving and sustaining all the declarative statements found in the previous maturity levels.
Below is a figure illustrating the different domains and their respective assessment factors considered by the company:

2.2 Vulnerabilities: identify your bank’s cybersecurity vulnerabilities and how they are addressed by the current framework from 2.1
There are five major vulnerabilities in the current cyber security framework. The main point of weakness in the system is the threat posed by insiders unintentionally. The staff members within the entity may inadvertently leave the entity open to attack. Most of the staff members involved in the vulnerabilities are victims of phishing emails. Other internal uses fall prey to email compromise attacks (Sohal, Sandhu, Sood & Chang, 2018). The hackers target the emails of senior members of the organization because they share sensitive company information. Apart from that there are other challenges caused by insiders such as poor configurations of the system.
The supply chain risk is also an avenue of vulnerability for most banks. Financial institutions have complicated security systems but they rely on some third party vendors like the cloud service providers. Therefore, the suppliers should share in the duty of safety compliance. A breach caused by a third party weakens the defenses of an organization. The sophisticated nature of cyber security requires entities to hire highly qualified individuals to manage. However, due to the increasing demand for cyber-security experts, financial institutions are finding it more difficult each day to recruit the best candidates to fill vacancies. Failure to hire qualified personnel increases the likelihood of attacks in the organizations.
The banking sector is complicated and large. Therefore, there is a large population of staff members that has access to various functions in the system. The customers also access the system as users of the internet banking option. The ever-increasing touch points between the customers and the banking system increase the level of risk because they provide the cybercriminals with an opportunity to attack. The use of personal devices presents an opportunity for the hackers to access the financial networks of an entity.
The finance and banking websites increase the level of threat to all networks. Tests conducted by experts indicate that banking and finance websites are highly vulnerable to attacks. The attackers gain access by running malicious codes on the websites or the applications. Malicious scripts planted by the hackers’ access cookies and sensitive information. Due to the increase in vulnerabilities, various apply their own measures to secure the website.
2.3 Framework Enhancement: Based on 2.2, esp., considering those vulnerabilities not effectively addressed by the current framework, what enhancements will you make to the bank’s framework?
Organizations working in banking and finance continue to advance to furnish clients with modern innovations. The technology empowers them to consider convey, oversee, and incorporate their services in accordance with the needs of the customers (Sohal, Sandhu, Sood & Chang, 2018). It has also given banks serious differentiating factors to support the existing client base and get new customers. It has changed the essentials of the money related services from a labor-intensive model to automatic processes. As the preference of consumers advances, conventional players are confronting rivals using mobile and direct banking techniques. The advancements advertise lead to the development of more digital solutions.
Due to the advancement in innovation, financial services are becoming more capricious by the day. The adjustment in the business scene coupled with the framework modernization has opened up avenues for hackers making cybersecurity a serious need, as opposed to a mere formality. Financial profit is one of the main inspirations driving most cybercriminals. The knowledge of the availability of data in banks makes their heists a worthwhile objective. Symantec’s Web Security Danger Report, Vol. 21 uncovered that 40 percent of banking organizations were hacked in 2015.
The federal and central banks of most countries have a threshold for frameworks used to fortify the cybersecurity of the banking institutions. Banks indicate a Cyber Emergency Management Plan (CCMP) addresses the identification, reaction, recuperation, and regaining back control in case of an attack. Additionally, most banks have enhanced their system to incorporate multiple authentication procedures to secure most of the transactions. The aim of such an approach is to upgrade the resilience of the financial framework by improving their defenses on internet dangers. According to the warning by experts, the cybersecurity approach ought to be distinct from the more extensive IT policy with the aim of making it to highlight the risks of cyber attacks and the measures to address them. This would involve building a cybersecurity design to guarantee awareness among internal users, top administrators, and members of the board. The bank needs to proactively send, change, redesign, and calibrate their current approaches, methodology, and advances to match the new turn of events and development concerns.
Various markets and levels have distinct needs. However, for cybersecurity, the fundamental goals remain the same to keep out hackers, and to protect the organization’s critical resources. With innovation and digitization as primary needs in the sector, cybersecurity needs to be top-notch to guarantee the protection of the institutions (Puthal, Malik, Mohanty, Kougianos, & Yang, 2018). By maintaining awareness, banks should embrace data-driven methodologies that enable the security specialists and counselors to easily assess and advise on appropriate arrangements. The data-driven methodology instead of a framework driven solutions relies on devices and information collected from the system. It involves evaluating data infrastructure, data insights, and data governance. Financial institutions today need insightful, accurate threat discovery and proactive warning of developing dangers. The assurance on customer information can improve by understanding where the information resides in the organization when in circulation within, with clients, and with the third-party vendors.
This framework will empower security specialists and consultants to improve the assessment and conveyance of reasonable solutions (Almuhammadi & Alsaleh, 2017). For example, they will improve on Occurrence Reaction, utilizing Security operations to screen and oversee digital dangers continuously, and executing arrangements like threat protection to battle advancing dangers. Arrangements such as, Information loss prevent, Server Defense, threat intelligence, access management, and managing the endpoints empowers banks to deal with the computerized change while building a strong cybersecurity design. The data-driven model informs the bank to adopt and strive to keep the core business secure. Additionally, the ever-increasing danger of cyber threats is making it hard to fight digital attack and wipe out the attackers (Almuhammadi & Alsaleh, 2017). However, it is workable for banks as well as associations in safeguarding themselves without disturbing innovation and development. Early discovery of dangers inspired by the correct framework, system, and insight set up is possible.

3. Cybersecurity Framework Report – Based on your work in 2.1 – 2.3, what is your new framework?
It is imperative to take note of the serious need to protect customer information and transactions to guarantee trust in the bank. The framework intends to empower elements to distinguish and address cybersecurity dangers. The framework relies on prerequisites and global standards. The objectives define a synchronized methodology for attending to digital security, to accomplish uniform development, controls, and to guarantee accurate detection of emerging threats. It improves on all elements of the current framework of digital security. Aspects pertaining the framework incorporate all banking,financing credit and the monetary business. The structure also has some level of use to partners and members of staff, third party service providers and the customers.

4. Simulation Program Design – Use the Simulation Design Template attached/provided.
Each division within the organization needs to form a digital security plan lined up with a unique set of goals, the more extensive, the better for digital security. Further, it should form a security strategy that records and conveys responsibility to all relevant entities. The arrangement ought to be considered in the advancement of other corporate strategies, (for example, HR approaches and IT arrangements), in view of best practices, and bolstered by definite security norms. The approach likewise needs to guarantee that data is grouped fitting to its significance, and secured in accordance with the substance’s hazard hunger. Proprietors should be named for all data resources, and all partners should be made mindful of digital security. The strategy additionally needs to contain necessities that guarantee consistence with administrative and legally binding commitments, and accommodate unveiling of digital security measures and suspected shortcomings.

5. Cybersecurity Policy Report – What policies are needed and how will they be incorporated into the framework?
The framework recommends key digital security standards and goals to be inserted and accomplished by each segment of the organization. The framework comes down to four principle cyber security fronts: Governance and Leadership, Compliance and risk management, Technology and Innovation, and Third party management. Additionally, the framework contemplates regulations meeting a certain degree of digital security in the development phase to inspire self-Assessments.
Governance and Leadership
The framework mulls over the execution of a board based digital security administration structure to lead the way in dealing with security threats through a regulated format. Additionally, it establishes a cybersecurity advisory group with members from pertinent divisions within the association (Puthal, Malik, Mohanty, Kougianos, & Yang, 2018). The regulations likewise need to set up a digital security structure with the independence to innovate technologically. The leader of the advisory group should be the officer in charge of the information security within the organization. A definitive obligation regarding digital security depends on that governing body. The duty ranges from guaranteeing a proper financial plan is accessible for digital safety efforts, through to underwriting the substance’s on security administration, methodology and arrangement. The role of the cyber security advisory group is mindful and progressively at all operational levels.
The framework forces a commitment by all stakeholders to guarantee that every member of the organization knows about, and comprehends, their security duties (Sani et al., 2019). It requires the advancement of a hierarchical culture on digital security awareness, empowering work force, outsiders and clients to ensure the controlled element’s data resources. Also, it requires the implementation to ensure that all departments are furnished with information and resources to meet security obligations. Digital security should be orchestrated and directed by the board. The framework should empower every member to identify and address digital security risks for the good of the entire organization.
Compliance and risk management
The framework portrays risk management as the progressing procedure of recognizing, breaking down, reacting to, observing and exploring dangers. To oversee security hazards, the framework requires methodical elements to facilitate risk proofing, threat investigation, threat reaction and checking and auditing (Sani et al., 2019). To guarantee digital security dangers are appropriately figured out how to secure the classification, honesty and accessibility of a directed element’s data resources, and to guarantee arrangement of the digital security hazard the executives procedure with the element’s undertaking hazard the board procedure, each methodology characterizes, favors and actualizes a security risk management process. This includes distinguishing proof (and treatment) of the substance’s digital security dangers and dangers, remembering the applicable data resources of the element, just as its current digital security controls and vulnerabilities, and the probability of event of the dangers recognized and the imaginable coming about effect. The framework conceptualizes about the activity being performed on a dynamic premise, in order to guarantee it takes into account innovation. Additionally, regulations are required to form a procedure to distinguish, convey and agree on the security ramifications of pertinent guidelines, in comparison to the global standards. In anticipation that data resources from the regulations expose to the level of preparedness with independent audits according to the international standards.
Technology and Innovation
The framework makes it important for regulations to guarantee security standard for data resources that are defined, implemented and approved. Additionally, the regulations fuse security necessities into their HR forms (Sani et al., 2019). At the very least, these ought to include: digital security mindfulness preparing for work force at enlistment and during their work, staff agreements outlining digital security duties and commitments of non-disclosure, post-business digital security suggestions, (for example, renouncement of access rights, and commitments to return get to identification, tokens, cell phones, all electronic and physical data). Additionally, the framework accommodates prerequisites identifying the information assets handled by specific members of staff. The arrangement guarantees that the members of staff safely deal with business and sensitive data when they use company devices.

6. Cybersecurity Technology Report – What technologies are needed and how will they be incorporated into the framework?
Digital security is characterized in the framework as the assortment of instruments, strategies, security ideas, security shields, rules, hazard the executives draws near, activities, preparing, best practices, affirmation, and innovations that can be utilized to ensure the part association’s data resources against inward and outer dangers (Puthal, Malik, Mohanty, Kougianos, & Yang, 2018). Information on which the framework relates incorporates electronic data, printed copies, applications, programs, databases, PCs and machines, for example, ATMs, information storage gadgets, and other specialized systems.

7. Strategic Alignment of the Enterprise Cybersecurity Program

7.1 Overview of Enterprise Cybersecurity Program: Provide an overview of your Enterprise
Cybersecurity Program; explain how your program is a coherent all-encompassing and effective program consisting of a new framework and how the framework is supported by simulation, policies, and technologies (Puthal, Malik, Mohanty, Kougianos, & Yang, 2018). Further, there is a commitment to guarantee physical security, by ensuring that all offices that have data resources are seriously protected. These ought to include physical section controls, checking and reconnaissance (e.g., CCTV), insurance of server and information rooms, ecological assurance, and the perception of physical security of data resources during their lifecycles. For example, during transportation and demolition, and by maintaining a strategic distance from unapproved access and information leaks. The safe removal of data resources is also important, in order to guarantee that business, client and other data, is shielded from unintended or unapproved revelation.
Even more, there is a commitment to guarantee that entrance to data resources is confined in accordance with need to know/have standards. This prerequisite carries with it a need to guarantee that conduct and access be overseen and controlled. The regulators need to realize what data resources they have, and where they are situated, to guarantee digital security. The framework requires controlled regulation to keep up a precise and modern stock, including area and other applicable subtleties, of all assets. Regulations also characterize their digital security engineering, laying out the prerequisites in their venture engineering and tending to the plan standards
7.2 Strategic Alignment: Describe how your new program is aligned with the vision, mission, and strategy of your large, global bank.
The three fundamental premises whereupon the framework has been created are privacy, honesty and accessibility. All the more explicitly, secrecy alludes to data resources being open just to the individuals who are approved, and shielded from unintended or unapproved exposure; uprightness alludes to data resources being precise, finished and handled effectively, and shielded from unapproved alteration; and accessibility alludes to data resources being irrepressible and available, and shielded from unapproved interruption.

References
Almuhammadi, S., & Alsaleh, M. (2017). Information security maturity model for NIST cyber security framework. Computer Science & Information Technology (CS & IT), 7(3), 51-62.
Dawson, M. (2018). Applying a holistic cybersecurity framework for global IT organizations. Business Information Review, 35(2), 60-67.
Puthal, D., Malik, N., Mohanty, S. P., Kougianos, E., & Yang, C. (2018). The blockchain as a decentralized security framework [future directions]. IEEE Consumer Electronics Magazine, 7(2), 18-21.
Sani, A. S., Yuan, D., Jin, J., Gao, L., Yu, S., & Dong, Z. Y. (2019). Cyber security framework for Internet of Things-based Energy Internet. Future Generation Computer Systems, 93, 849-859.
Sohal, A. S., Sandhu, R., Sood, S. K., & Chang, V. (2018). A cybersecurity framework to identify malicious edge device in fog computing and cloud-of-things environments. Computers & Security, 74, 340-354.

Published by
Essays
View all posts