Managing IT Security and Risk Coursework

Summary

The purpose of this report is to critically analyze an organization’s security posture, identify key

weaknesses, and provide actionable recommendations to enhance its overall security strategy Growing

cyber threats and an organization’s immediate objectives as its ability to comply with PCI DSS requires a

comprehensive evaluation of its security practices .

Task 1 identifies two important recommendations that would significantly improve the security posture of

the organization. These recommendations are evaluated based on their impact on critical assets,

compliance, continuity and cost. Project 2 builds on this with a concrete, gradual process that includes

five priority recommendations. Each level is designed to address critical weaknesses by implementing

manageable timelines and checking team responsibilities.

Task 3 examines the ten biggest threats in depth on emerging security threats relevant to 2024, with

specific details showing the potential impact on an organization’s performance. Tailored countermeasures

to mitigate these risks are proposed, and risk assessments based on probability and likely severity are

provided for each threat. Task 4 focuses on making the organization PCI compliant DSS standards have

met. Considering infrastructure changes such as organizational changes, team restructuring, and

infrastructure improvements, five key changes are recommended. These modifications were chosen for

their ability to facilitate compliance while strengthening overall security.

By systematically addressing these actions, this report provides operational insights to strengthen an

organization’s security posture to ensure long-term resilience emphasizing the importance of internal

security management is strong in protecting an organization’s assets, staying compliant, and mitigating

ongoing cyber risks.

Table of Contents

Summary……………………………………………………………………………………………………1

Task 1………………………………………………………………………………….……………………2

Task 2………………………………………………………………………………………….……………3

Task 3………………………………………………………………………………………………….……4

Task 4……………………………………………………………………………………………………….5

Conclusion………………………………………………………………………………………………….6

References………………………………………………………………………………………………….7
Task 1: Key Recommendations

Introduction to the Company’s Security Posture

The company faces major challenges in its security posture due to inadequate control over critical assets,

including data, endpoints, applications, network infrastructure, and human resources with inadequate

change management processes in key gaps, a lack of compliance preparedness, and a lack of pre-modern

approaches to address threats. They also increase the risk of regulatory sanctions, thereby undermining

the organization’s ongoing operations, Strengthening a reputation-threatening security system also

requires targeted recommendations that prioritize high-impact areas, aligning safety practices with

business objectives (CI Security Standards Council. (2024).

Recommendation 1: Implementation of a Centralized Identity and Access Management (IAM)

System

Centralized IAM policies ensure strict control over user authentication and access rights, significantly

reducing the risk of unauthorized access (NIST. (2023). By combining multi-factor authentication (MFA)

and least privilege principles, this system protects sensitive data and sensitive assets (CI Security

Standards Council. (2024).

Important:

 Compliance: Complies with PCI DSS and other regulatory frameworks to ensure secure access

to cardholder data areas.

 Cost: Initial implementation involves investment in infrastructure, but longer violation mitigation

and manual review processes offset this cost.

 Accessibility: Increases business flexibility by ensuring that only authorized personnel have

access to critical systems.

  Critical Asset Protection: Protects critical data, applications and network infrastructure by

reducing insider threats and external attacks (Symantec. (2024).

Recommendation 2: Advanced Endpoint Detection and Response (EDR) Solutions

The use of EDR enhances an organization’s ability to detect, respond to, and mitigate end-based threats,

such as malware and ransomware. EDR provides real-time visibility, automated threat detection and

automated response to mitigate the impact of cyber events (NIST. (2023).

Important:

 Compliance: Supports the security measures required by PCI DSS and other standards,

specifically to protect endpoints that interact with payment systems.

 Cost: Although EDR has ongoing subscription fees, it reduces the financial impact of breaches

and system downtime.

 Continuity: Ensures rapid incident response to maintain business activities with minimal

disruption.

 Protecting Critical Assets: The primary objective of a cyberattack is to protect the finishing

equipment, and thus the broader communications infrastructure (Kaspersky Lab. (2024).

Why are these Suggestions Important

Both recommendations address critical vulnerabilities and provide scalable solutions to improve the

company’s security posture. IAM mitigates insider risk and prevents unauthorized access by matching

compliance requirements with business needs. EDR supports this by handling end-to-end threats,

providing proactive protection against primary attacks. Together, these features form a unified security

framework covering the human layer, network range, and critical systems (NIST. (2023).

These recommendations are prioritized because of their broad impact on compliance, cost control,

business continuity, and protection of mission critical assets Through policy and strategy addressing
vulnerabilities ensures a balanced approach to security and positions the organization for long-term

resilience to deal with evolving threats (Symantec. (2024).

Task 2: Five-Step Plan

Overview of the Security Improvement Plan

The security improvement program aims to address the company’s most critical weaknesses by

implementing practical and effective measures in a phased manner. Planning emphasizes practical

implementation, ensuring that the changes are consistent with the organization’s capacity to implement

and its operational objectives. Guiding principles include prioritizing critical asset protection, ensuring

compliance, and continuously improving efficiency while managing costs and resource dependency By

adopting a step-by-step process , a company can effectively strengthen its security posture without

compromising business continuity (OWASP. (2024).

Recommendations and Justifications

Recommendation 1: Conduct a comprehensive Safety Audit

 Description: Conduct organization-wide security assessments to identify vulnerabilities, assess

current practices, and establish baselines for improvement.

 Reason for selection: This key step is essential to understanding the current security situation

and shaping future policies to address identified gaps.

 Responsibility team: IT security team with support from an external cybersecurity consulting

firm.

 Sequence of implementation: first in order to determine the scope and priority of subsequent

recommendations (Symantec. (2024).

Activities Include:
 1. Explain the scope and purpose of the audit.

2. Hire third-party experts to conduct an unbiased review.

3. Examine the findings for a detailed risk report.

Recommendation 2: Implement a Centralized IAM System

 Description: Implement an identity and access management system that includes features such as

multifactor authentication and role-based access control.

 Reason for selection: To address the risks of unauthorized access and increase the ability to

control critical data systems.

 Management group: IT security and IT policy group.

 Sequence of implementation: Second, because IAM provides an initial framework for a secure

environment, reducing the risk of subsequent implementation (Verizon. (2024).

Activities include:

1. Buy an IAM software solution.

2. Configure role-based permissions and add them to existing policies.

3. Train employees on secure access protocols.

Recommendation 3: Implement a Comprehensive EDR Solution

 Description: Use endpoint detection and response systems to monitor, detect, and respond to

threats that target endpoint devices.

 Reasons for choice: Endpoints are the primary source of attack; EDR provides dynamic

protection and reduces response time.

 Responsibility team: IT security team with vendor support.

 Sequence implementation: Third, because EDR enhances the security of devices already

protected by IAM (Kaspersky Lab. (2024).

Activities include:

1. Evaluate and select an EDR solution.

2. Install the software on endpoints throughout the organization.

3. Maintaining and optimizing research codes based on real-world applications.

Recommendation 4: Establish a Safety Training Program

 Description: A training program was established to educate employees on cybersecurity best

practices and common threats.

 Reasons for the choice: Human error, such as phishing attacks, are common entry points for

threats; Employee education greatly reduces these risks.

 Managed teams: Human Resources (HR) and IT Security teams.

 Activity Series IV, To enable staff to use previously introduced tools and techniques effectively

(Cisco. (2024).

Activities include:

1. To develop training materials according to risk in the organization.

2. Hold meetings and online forums.

3. Assess employee understanding through periodic testing.

Recommendation 5: Enhance Network Security with Firewall Upgrades

 Description: Upgrade existing firewalls to next-generation firewalls (NGFWs) to enhance

maintenance and threat mitigation.

 Reason for choice: NGFW improves perimeter defenses, reducing risks from external threats.

 Managed team: IT security and communications team.

 Layered implementation: Fifth, because it builds on prefabricated elements, it introduces a

multi-layered security strategy (Kaspersky Lab. (2024).

Activities include:

1. Purchase and install NGFW hardware and software.

2. Updated security measures have been defined and implemented.

3. Monitor firewall performance and adjust settings as needed

Timeline and Dependencies

A series of recommendations have been developed to address industry gaps before introducing improved

solutions (Symantec. (2024).

 Security audit: Guides the direction of the system and establishes a clear understanding of

vulnerabilities.

 IAM Function: Mitigates risks to critical systems identified in the audit, secures access.

 EDR deployment: Protects endpoints commonly targeted by attacks after basic access control is

established.

 Safety Training: Empowers employees to incorporate technical safety by reducing risk at the

human level.

 Firewall upgrade: Strengthens perimeter defenses, and creates a layered security approach.

The basis includes statistical findings to guide specific IAM design and EDR implementation. Training

programs rely on IAM and EDR skills to ensure employees understand new systems. A firewall upgrade

completes a system that secures the boundaries of the organization after securing internal systems. This

progressive approach ensures efficiency, minimizes disruption, and distributes resources efficiently,

resulting in a uniform and robust level of security (Verizon. (2024).

Task 3: Rising Security Threats

Introduction to Threat Landscape

The cybersecurity threat landscape is evolving rapidly, and by 2024, sophisticated and sustained attacks

will be launched to target businesses around the world. Increasing remote work, reliance on cloud

services, and connected devices are expanding the range of attacks, posing unique challenges for

organizations For this company, key areas such as sensitive customer data , financial transactions and

end-user devices are particularly vulnerable. This section identifies ten emerging threats, considers the

potential impact, on the organization, and provides targeted prevention strategies (ISO. (2023).

Threat Identification and Risk Analysis

Threat 1: Phishing attacks

 Definition and scenario: Phishing involves fraudulent emails or messages that trick employees

into revealing sensitive information. This company allowed attackers to pose as vendors to obtain

financial information.

 Recommended countermeasures: Use email filtering tools, train employees on phishing

detection, and use multi-factor authentication (MFA).

 Risk: Increased. This threat operates at the human level, making it a prime entry point for

attackers (IBM. (2024).

Threat 2: Ransomware attacks

 Description and scenario: Ransomware encrypts company data and demands payment for its

release. An attacker can target an organization’s financial system or customer database to disrupt

operations.

 Suggested countermeasures: Back up data regularly, use endpoint detection response (EDR)

tools, and ensure prompt patch management.

 Risk: Increased. It directly affects continuing operations and critical assets (Kaspersky Lab.

(2024).
Threat 3: Supply Chain Attacks

 Description and scenario: Attackers exploit vulnerabilities in third-party vendors to infiltrate a

company. An example might be compromising software delivered by a malware vendor.

 Recommended Action: Perform vendor security audits, check compliance with security

standards, and check for software updates.

 Risk level: Medium-high. Threats are indirect but can have powerful effects (Gartner. (2023).

Threat 4: Insider Threat

 Description and scenario: Malicious or careless insiders pose a risk to data integrity. A

disgruntled employee could drop sensitive customer information.

 Recommendations for countermeasures: Implement usage-based measures, monitor user

behavior, and enforce strict offboarding protocols.

 Risk: Downward. It’s hard to manage on a visceral level but it’s important to address (IBM.

(2024).

Risk 5: Incorrect Cloud Configuration

 Description and scenario: Improperly configured cloud storage can expose sensitive data to the

public. For example, customer records stored in unstructured databases can be leaked.

 Recommended countermeasures: Regular cloud security audits, use of automated planning

tools, and following cloud provider best practices.

 Risk rating: Moderate. Although preventable, such issues pose significant risks in terms of data

disclosure (Symantec. (2024).

Threat 6: Zero-Day Exploits

 Description and scenario: Attackers exploit software vulnerabilities before they are

programmed. For example, unpatched CRM applications can be targeted to extract sensitive data.
  Countermeasures Recommendation: Adopt the use of virtual patching tools, vendor security

alert management, and an intrusion prevention system (IPS).

 Risk: Increased. The invisibility of such threats makes them particularly alarming (Verizon.

(2024).

Threat 7: Distributed denial of service (DDoS) attacks

 Description and condition: Traffic overload on servers to degrade performance. For this

company, a DDoS attack on the online payment gateway could stop the transaction.

 Countermeasures Recommendation: Implement DDoS mitigation tools, scalable cloud

infrastructure, and network redundancy.

 Risk level: Medium-high. This includes availability, which is important for customer-facing

programs (Symantec. (2024).

Threat 8: Persistent Advanced Threats (APTs) .

 Description and Context: APTs have long been the target of attacks on critical infrastructure.

Cybercriminals can infiltrate the financial system to extract sensitive information.

 Recommended countermeasures: Strengthen network segmentation, threat detection, and

increase monitoring through the Security Operations Center (SOC).

 Risk: Increased. APTs are sophisticated and directly threaten critical assets (Verizon. (2024).

Threat 9: Vulnerable IoT devices

 Description and status: Vulnerabilities in connected devices can be exploited. And the attacker

can get networking by compromising IoT devices in office systems.

 Countermeasures Recommendation: Implement IoT-specific security solutions, segment IoT

networks, and enforce firmware updates.

 Risk rating: Moderate. As IoT adoption grows, so does the risk (Symantec. (2024).
Threat 10: Social Technology

 Disclosure and status: Changing employees to disclose sensitive information, such as program

credentials. Attackers can masquerade as IT support to gain business access.

 Recommended Countermeasures: Perform regular social engineering visualizations, establish

clear communication protocols, and establish verification processes.

 Risk level: Medium-high. Human status remains always a weakness (Verizon. (2024).

Summary of Findings

Identified threats vary in importance and impact on the organization. Phishing, ransomware, and zero-day

exploits rank higher because of their high probability and potential for damage. Insider threats, DDoS

attacks, and APTs pose a medium-to-high risk, requiring proactive monitoring and protection. Uneven

cloud infrastructure, IoT vulnerabilities, and social engineering highlight areas where training and process

improvements are critical. By taking targeted measures to address these threats, a company can

significantly enhance its security posture and protect its operations from the evolving threat environment

Task 4: PCI DSS Compliance Changes

Introduction to PCI DSS Standards

Card Industry Data Security Standard (PCI DSS) Establishes strong security measures to protect

cardholder data when processing, storing, and transmitting payments PCI DSS compliance is important

for organizations handling payment transactions, because it ensures data security, reduces the risk of

breaches, and builds customer confidence Alignment with PCI DSS is important to maintain. The latest

version of PCI DSS emphasizes proactive risk management, enhanced assurance, and stricter encryption

protocols, making industry change inevitable for compliance (CI Security Standards Council. (2024).

Changes Recommended for Compliance

Change 1: Use Encryption for Cardholder Data

 Explanation: PCI DSS mandates stronger algorithms such as AES-256 for encryption of

cardholder data at rest and in transit.

 Impact: This reduces the risk of a data breach by preventing sensitive information from being

read by unauthorized users.

 Key changes: Upgrade existing storage systems to support encrypted data, train employees on

encryption key management, and establish a Transport Layer Security (TLS) protocol for data

transfer

 Justification: Since customer payment data is the most targeted asset, this change provides

immediate breach protection (NIST. (2023).

Change 2: Increase accessibility

 Explanation: PCI DSS requires that you limit access to cardholder data on a “need to know”

basis and use strong authentication mechanisms.

 Impact: Limits unauthorized access, reduces insider threats and external intermediaries.

 Infrastructure changes: Introduce role-based authentication (RBAC), implement multi-factor

authentication (MFA) for all access points, and regular review of user access.

 Justification: Access controls just make sure that’s the case can handle sensitive data, aligning

with both compliance and best practices (Symantec. (2024).

Change 3: Regular Vulnerability Assessment and Penetration testing

 Explanation: Routine testing to identify vulnerabilities in systems, applications, and networks is

a core requirement of PCI DSS.

 Impact: Proactively identifies and addresses security gaps before they are exploited by attackers.

 Industry changes: Establish or outsource a safety team to a recycler, use automatic detection

tools, and set up a schedule for periodic inspections.

  Justification: Testing not only ensures compliance, but also strengthens the organization’s

overall security posture (OWASP. (2024).

Change 4: Implementation of Safe Development Practices

 Commentary: PCI DSS emphasizes reviewing applications for vulnerability prior to deployment

incorporating secure coding practices.

 Impact: Reduces the risk of application-level attacks such as SQL injection and cross-site

scripting.

 Industry change: Conduct secure coding training for developers, add static and dynamic analysis

tools to the development pipeline, and establish a security review process.

 Justification: Applications interact directly with payment systems, making this an important area

for compliance and operational security (Cisco. (2024).

Change 5: Continue to Develop an Incident Response Plan

 Explanation: PCI DSS requires a comprehensive response plan to address security incidents,

including data breaches.

 Impact: Ensures prompt action to prevent breaches, reduces wastage and reduces downtime.

 Baseline changes: Create incident response teams, write response plans, and conduct regular

exercises to test program effectiveness.

 Justification: Contingency preparedness is essential to mitigate impact and demonstrate

compliance with regulatory requirements (Kaspersky Lab. (2024).

Implementation Challenges and Solutions

Challenge 1: Resource constraints

 Implementing encryption, access control, and security improvement practices requires investment

in skilled technology and personnel.

  Solution: Prioritize industry changes strategically and use third-party services for cost

efficiencies, such as cloud-based encryption and vulnerability management tools (OWASP.

(2024).

Challenge 2: Resistance to change

 Employees may resist new security policies, especially those that impact operations, such as

MFAs or access restrictions.

 Solution: Hold awareness sessions focusing on the importance of PCI DSS compliance and

involve employees in the change management process to promote adoption (Symantec. (2024).

Challenge 3: Integration with legacy systems

 Older systems may not support modern encryption or authentication techniques, delaying

compliance efforts.

 Solution: Plan system upgrades as part of the compliance process strategy and explore alternative

middleware and change solutions to fill gaps in the upgrade process (NIST. (2023).

Challenge 4: Ensure compliance

 Maintaining long-term compliance requires constant research, innovation, and vigilance, which

can lead to confusion.

 Solution: Establish a compliance team and automate common tasks such as scanning and

reporting to reduce manual work (IBM. (2024).

Challenge 5: Balancing safety and usability

 Strong security measures, such as complex access controls, can effectively affect performance if

not thoughtfully implemented.

  Solution: Implement easy-to-use solutions such as single sign-on (SSO) with MFA and simplify

administrator tools for secure employee login (Kaspersky Lab. (2024).

Summary

PCI DSS compliance is a multifaceted process that involves securing cardholder data, restricting access,

implementing proactive testing, and preparing for incidents.However that this change requires

considerable effort and investment not only to align an organization with industry standards By

addressing potential challenges and providing thoughtful solutions that the organization can look at have

seen a smooth transition to compliance and long-term business success (Symantec. (2024).

Conclusion

In summary, this report outlines important steps to strengthen a company’s security posture while with

the Payment Card Industry Data Security Standard (PCI DSS) Action 1 highlighted two variable

recommendations: Take steps to routine access robustness and vulnerability assessment, compliance,

cost , . and emphasized their vital role in ensuring vital asset protection. Project 2 included a five-step

process that provides a systematic and prioritized approach to enhancing security, ensuring smooth and

trouble-free implementation.

Exercise 3 analyzed ten emerging security threats by 2024, each with standardized strategies to combat

the risk, enhancing an organization’s resilience to evolving cyber threats Based on potential impact yield

and likelihood and assessed these threats, and provided a comprehensive risk assessment. Exercise 4

described five key changes required for PCI DSS compliance, such as encryption of cardholder data,

improved access control, and implementation of secure enhancement practices This recommendation does

not pretend to consume not only meeting immediate compliance needs but also building a strong

foundation for long-term operational security.

The recommendations emphasize the importance of jointly adopting a proactive, layered safety strategy.

The organization must first establish a safe initial culture, invest in training, and constantly monitor its

environment to adapt to new threats. By following this roadmap, an organization can achieve PCI DSS

compliance, reduce vulnerabilities, protect critical assets, and maintain customer trust.

References

 CI Security Standards Council. (2024). Payment Card Industry Data Security Standard (PCI DSS)

Version 4.0. Retrieved from https://www.pcisecuritystandards.org/document_library/

 NIST. (2023). Cybersecurity Framework. National Institute of Standards and Technology.

 Symantec. (2024). Emerging Cyber Threats for 2024. Symantec Cybersecurity Report.

 Verizon. (2024). Data Breach Investigations Report (DBIR). Verizon Enterprise Solutions.

 OWASP. (2024). OWASP Top Ten Security Risks. Open Web Application Security Project.

 Cisco. (2024). Best Practices for Network Security. Cisco Security Whitepapers.

 Kaspersky Lab. (2024). Global Cybersecurity Report. Kaspersky Labs.

 IBM. (2024). Cost of a Data Breach Report. IBM Security.

 ISO. (2023). ISO/IEC 27001:2022 - Information Security Management. International

Organization for Standardization.

 Gartner. (2023). Cybersecurity Trends and Predictions for 2024. Gartner Research.

 Microsoft. (2024). Secure Development Lifecycle (SDL) Guidelines. Microsoft Docs.

 ENISA. (2024). Threat Landscape Report. European Union Agency for Cybersecurity.