Western Governors UniversitySchool name C 727 David.Lott

Document Content and Description Below

Running Head: Psinuvia, Inc Security Review 1 Psinuvia, Inc. Security Review by David Lott July 2021 Western Governors University Executive Summary Recent changes to Psinuvia Inc’s senior lead... ership has lead to a need to reevaluate the implementation details of the IT department to ensure alignment with the strategic goals and mission statement. In support of that effort, Psinuvia has recently engaged Autojor Security Consultants to conduct a comprehensive security review of Psinuvia’s Cybersecurity posture. The goal of this effort is to obtain a current and enterprise wide snapshot of the posture of the entire organization across all security disciplines. This report has utilized the report provided by Autojor and makes several recommendations. Security Report Review The independent cyber security report conducted by Autojor Security Consultants provides a high level overview of the current state of cyber security within Psinuvia. Autojor conducted a series of reviews including external assessment, on-site investigations and reviewed operational procedures. The report does not provide detailed level or specific vulnerabilities. However, it does provide more strategic or managerial level observations that can be summarized in the following bullet points: Psinuvia does not follow a cyber security framework Of the stated observations of the Autojor report, the lack of a cyber security framework is perhaps the most concerning. Frameworks provide a means of establishing a common set of terms and “best practices” for cyber security. Following a specific framework allows management to measure and report on the progress towards continuous improvement. The US federal government, via executive order EO 14028 (Biden, 2021) has established NIST as the government’s lead for cyber security. In Psinuvia Security Report 2 executing their responsibilities under the executive order, NIST has published version 1.1 of its Cybersecurity Framework (NIST, 2018). It is our recommendation that this framework be followed going forward as government auditors are now following this framework for evaluating commercial entities that are subject to government regulation. Failure to adopt a cyber security framework will result in Psinuvia to continue to miss opportunities for self improvement [Show More]

Last updated: 1 year ago

Preview 1 out of 29 pages