Cybersecurity for a Successful Acquisition Report

The act of conducting a policy gap analysis is crucial in determining any missing overlap or technical deficiencies when planning to join the IT architecture and network topologies of two or more companies. During the acquisition process, the policies of either party will be examined in order to confirm current software updates and patches, proper configuration of tools, and employee protocol during the transition. Once the initial merger is complete, it’ll be important to compare the outcome with each company’s current state in order to identify any gaps in the newly-formed security posture. This will also involve taking inventory of equipment that ought to be replaced or upgraded. like personal workstations, as well as routers and switches.

One of the obstacles found with acquiring a streaming company is using different network protocols that we were not previously using in our company, to pass data. Understanding how these new protocols, like RTSP, RTP, and RCPT, are reliable methods of transmission for sending streaming media to the new servers. Patching all devices with the newest updates or firmware that we’ve tested is the best way to secure any of these protocols’ potential vulnerabilities. There are multiple steps needed in order to successfully merge with another company. This process will include extracting user data from the new company’s streaming servers and copying that data over to our new servers all while updating Active Directory. In addition, the streaming company’s domain will be assigned to one of our subdomains in order to limit changes to daily email configuration and so company operations can remain largely unchanged. This merger will also require configuration of a new firewall and a honeypot.

Our company’s current BYOD policy will remain the standard for the merger as we bring their operations in. During this time, it’s important to make sure that network requirements and all patches are up to date.

Since the top priority of the merge is protection of data, it’s crucial to abide by the requirements set forth by PCI Standards DSS 12 to make sure that the data is encrypted and secured. This is especially true when dealing with PII and credit card information, as a primary goal of ours is to protect user data. As both companies currently use Windows environments, a Windows-based encryption tool called BitLocker will be used to encrypt all data in transit.

Any remaining issues will be taken care of by making sure supply chain risks have been identified. These issues often will include data protection, advertisements, social media, printing, as well as physical security. All of these potential issues have tangible solutions and remediation strategies that will keep them from becoming major problems.

Once the merger has taken place, ongoing support can be implemented in part by educating all users on vulnerability management and security policy. Policy ought to include regular group sessions to be held annually as well as mandatory training to be completed twice a year. This will ensure compliance and keep users aware of proper security protocol, which will often prevent security issues before they arise. This will allow for a successful merger. Policy Gap Analysis

During a company merger, there are always risks involving how each company will be affected and what they will bring to the table. It’s crucial to identify company access that may be compromised as well as the risks involved with any particular type of breach. This will only work if the media streaming company cooperates during this transitional period and while comprehensive security review are conducted. At various points during the merge, security audits and penetration tests will be conducted for both companies, which will serve as a clear indication of each company’s posture. The various policies are in place to monitor activity and ultimately provide a set of rules. These policies can range from providing normal work hours, password guidelines and restrictions, telecommuting/WFH, etc. The gap analysis is conducted in a way to verify that, during this merger, all overlapping policies are synced in order to avoid any loss of data. Both party’s policies will be examined during this process and information will be verified as current and accurate before being added to the final product. Once the initial merger is complete, it’ll be important to compare the outcome with each company’s current state in order to identify any gaps in the newly-formed security posture. There are a number of regulations and legal policies drafted by our legal department that must be met by both companies to complete the merger. Tax regulations and codes must adhere to state and federal standards. Though some policies do not directly affect IT protocols, many regulations and guidelines are provided to us by our legal staff. Because of the different professional skill sets between the two companies, it’s important that other professionals be consulted and work with our new media company in order to make sure everyone is abiding by state and federal. It’s good for each company to have a preliminary inspection of IT security in order to fix any shortcomings as we all move through this process. Each company is subject to its own regulations as well. Our company must be sure to provide proper transitional care, including backups, temporary holding servers. The media company’s policies may also include employee behavior, encrypted data in transit, and storing multiple backups in case of data loss.

The streaming company has a customer base of 150,000 users who each pay $14.99 per month for membership fees. The total income per month is therefore $2,248,500, which needs to be secured via credit card transaction. The PCI Security Standards Council (PCI SSC) has created a series of standards that allow for the protection of credit card payments. Businesses that store or transmit data governed by these security standards must be in compliance at all times. So it’s crucial for the company to, per the PCI standards requirements involving cardholder data, protect stored cardholder data as well as encrypt transmissions of cardholder data across public networks. It is also to maintain a secure network in order to safeguard these communications. In order to build and maintain a network that is able to house secure communications for card holders’ payments, a properly configured firewall must be installed in order to protect card holder data. Instead of allowing the firewall to use pre-configured passwords, we’ll use a more complex code with a minimum of 15 characters, which must use letters in both cases, numbers, and some special characters. This combination is compliant with the company’s password policy. We must make sure that the cardholder’s data is safe while in transit using an encryption schema and then once it is finally stored at its destination. While the data is in transit, it’s important to make sure the target machines have updated versions of antivirus software.

The previously mentioned overlap will need to have considerable attention during the migration process. Regularly testing and monitoring networks will help keep track of all assets in transit as well as regular testing of security systems and processes. It’s important to maintain individual security checks while also overseeing network integration, firewall and router management, SSID configuration, as well as device documentation and whitelisting. Then, all the merged company’s assets are together and approved once the shift has been completed.

References

  1. Letzgro. (2016, August 26). How to sort through the variety of streaming protocols [Blog post]. Retrieved from http://letzgro.net/blog/the-variety-of-streaming-protocols/
  2. Schuster, Andreas. (2018, January 5). “[Solved] Usage of Active Directory Credentials for Microsoft BitLocker.” Secure Disk for BitLocker. Retrieved from
  3. Shanks, W. (2015). Building a vulnerability management program – a project management approach. Retrieved from
  4. https://www.sans.org/reading-room/whitepapers/projectmanagement/building-vulnerability-management-program-project-management-approach-35932
Did you like this example?