1 Project Two Submission: Project Management CYB-420-H3929 Enterprise Security 21EW3

Running head: PROJECT MANAGEMENT 1 7-1 Project Two Submission: Project Management CYB-420-H3929 Enterprise Security 21EW3 Charles Lang

/ PROJECT MANAGEMENT 2 Project Charter ACME’s Security Vulnerability Countermeasures Project Background In preparation for ACME’s upcoming business opportunity, an assessment of the current data security controls was conducted. This assessment revealed a surprising amount of vulnerabilities that all carry the potential to damage the company beyond repair. This project charter defines the goals, rationale, and scope of the multi-layered security plan that ACME Company will be implementing to address the vulnerabilities within the three risk domains. 1 Mission Statement 1.1 Risk Domain of People: Authentication Policy The primary goal of implementing this security control is to protect ACME Company from one of the most common and damaging tactics used by hackers to gain unauthorized access to a secured network. Stolen or compromised credentials are responsible for 80% of hacking-related breaches (Neveux, 2020). Compromised authentication passwords are almost always a result of bad or non-existent company password policies or poor employee password behavior. Bad password policies lead to weak passwords that are easily compromised being used. In addition to using a weak password, leaving a password in plain sight is another form of poor password behavior. 1.2 Risk Domain of Process: NIST Cybersecurity Framework (CSF) The goal of implementing this security control is to guarantee ACME develops a cybersecurity infrastructure using the NIST Cybersecurity Framework. Failing to prepare T

CYB-420-Project-Two-Charles-Langdocx/ PROJECT MANAGEMENT 3 properly to respond to a security incident will result in an attack causing more damage and much longer company downtime while the issue is corrected. 1.3 Risk Domain of Technology: Securing ACME’s Hardware Assets Implementing these controls will ensure that the company’s hardware is not stolen, damaged, or compromised in any way. Failing to secure these assets would not only result in the loss of sensitive data, but it would also result in the loss of the expensive hardware that the data is collected and stored on. 2 Organizational Needs Achieved by this Project Implementing a multi-layered approach to security will meet several organizational needs of the ACME Company. First, it ensures that data will be collected and stored in the most secure way possible. For the company to operate efficiently and profitably, the data that is being stored cannot be compromised in any way. The second need the project will fulfill is projecting to potential clients that ACME takes data security very seriously. This strong appearance will increase the amount of business when shifting into this new market while putting the clients at ease. The plan has been crafted with the assumption that business will increase over the next few years. Every security control targets the company as a whole. Once in place, these controls will not be influenced by an increasing number of employees or data. This study source was downloaded by 100000898494836 from CourseHero.com on 06-18-2025 05:31:59 GMT -05:00 https://www.coursehero.com/file/82511148/CYB-420-Project-Two-Charles-Langdocx/ PROJECT MANAGEMENT 4 3 Project Scope 3.1 Authentication Policy Deliverables To effectively counter the vulnerability in the People domain, these are the key points the Authentication Policy needs to provide. Both bad password policies and poor password behavior can be mitigated by developing a company password policy that follows the NIST SP 800-63 password guidelines ("NIST password guidelines," 2020). The passwords need to be a minimum of eight characters consisting of one uppercase letter, one lowercase letter, and one special character. They cannot contain a word found in the dictionary, personal names, birthdates, or anything that can be reasonably guessed. At the same time, the password should not be overly complex. This caused employees to develop the bad habit of writing it down and leaving it near their computer. Implementing this password policy in conjunction with two-factor authentication (2FA) will ensure compromised credentials will not become a problem. 3.2 NIST Cybersecurity Framework (CSF) Deliverables To mitigate the vulnerability in the Process domain, the NIST CSF will provide a comprehensive plan that will both secure the data and provide a roadmap to follow in the event of a security incident. This framework will cover the five functions necessary for recovery after a data breach: Identifying the data’s sensitivity, Protecting that data accordingly, Detecting the first sign of an anomaly in the network, Responding swiftly to the threat, and Recovering as fast as possible from the breach. 3.3 Securing ACME Hardware Deliverables To ensure the security of company hardware, a few physical security controls will nee