Criminal activities using company IT assets without detection

As part of its due diligence efforts, the M&A team has determined that the following events contributed substantially to the bankruptcy of Island Banking services.

  1. Company officers and managers were able to conduct criminal activities using company IT assets without detection.
  2. The company did not have a disaster recovery / business continuity plan in place. It could not restart operations due to the loss of servers and workstations (seized by law enforcement agents).
  3. Storage media for servers and workstations had not been backed up to an off premises location leaving the company with no way to recover from the law enforcement seizure of storage media as evidence.

The root cause for each event listed above was determined to be: ineffective and/or missing IT security controls.

You have been asked to perform a gap analysis to assist in the identification and selection of IT security controls which could be implemented to remediate the situation (“close the gaps”). The CCISO has requested that you use the NIST Cybersecurity Framework and the NIST Security and Privacy Controls Catalog (NIST SP 800-53) as your source for IT security controls.

Choose 3 to 5 families or categories of controls (“framework functions”) which should be implemented to remediate the above deficiencies (at least one family, e.g. AU Audit and Accountability, or category, e.g. Recovery Planning, for each event). Describe how the selected controls will prevent or deter such events in the future (“close the gaps”).

Format your response as a business memorandum. For each control family or category, you should provide the following information (see Domain 2 Section 1.1.2 in CCISO):

What it is
What it does
How the control performs its objective

Sample Solution