There are many different frameworks and strategies that can be used to build a cybersecurity strategy. A framework is a set of standards, control, and best practices to manage risk in the cyber realm and choosing the right one is a crucial decision (Poggi, 2020). The recommended framework for Padgett Beale Financial Services (PBI-FSO) moving forward is the Cybersecurity Capability Maturity Model (C2M2).
The C2M2 aims to strengthen cybersecurity capabilities, prioritize actions properly, and continually improve these capabilities (DOE, 2014). C2M2 accomplishes this defining the current state of the program, envisioning the future state, and identifying the processes, controls, and technology needed to reach the desired future state (DOE, 2014). For PBI-FS to reach the desired state the previous gap analysis will need to be evaluated and put up agains the C2M2 which will identify the controls needed to be implemented moving forward.
There are several laws and regulations that must be followed by PBI-FS operating in the financial space. The Bank Secrecy Act (BSA), Electronic Funds Transfer regulations, and Anti-Money Laundering (AML)compliance program are all mandatory to comply with. Of emphasis for PBI-FS is the AML program due to recent transgressions and the Island Banking firm. Under this program the firm must design, and implement, a program that detects and reports and suspicious activity (FINRA, n.d.). Conducting periodic audits as required by C2M2 will help ensure this compliance.
The best practices for PBI-FS to implement are in the categories of cybersecurity program management, risk management, and workforce management. Instituting a cybersecurity program that aligns with the company’s objectives regulatory requirements will lay a strong foundation for PBI-FS. Identifying cyber risks, creating a risk register, and documenting the known risks to the organization are the best practices to follow for the risk management program (DOE, 2014). Lastly, a network is only as secure as its user base. To increase the security of the user base training and acceptable use policies will need to be developed and completed by all employees.
Frameworks offer a road map for organizations to strengthen their cybersecurity posture. By using the C2M2 PBI-FS can identify the areas of improvement to meet the desired future state, comply with federal regulations, and implement best practices across the company. The mistakes of Island Banking can be learned from and not repeated by creating a culture of compliance throughout PBI.
DOE. (2014, February). Cybersecurity Capability Maturity Model (C2M2). Retrieved from https://www.energy.gov/sites/prod/files/2014/03/f13/C2M2-v1-1_cor.pdf
FINRA. (n.d.). Ant-Money Laudnering (AML). Retrieved from https://www.finra.org/rules-guidance/key-topics/aml
Poggi, N. (2020, February 29). Cybersecurity frameworks 101. Retrieved from https://preyproject.com/blog/en/cybersecurity-frameworks-101/