StudyDaddy Computer Science A educational data warehouse and an educational business intelligenceProposal component:1-abstract2-background3- Introduction4- problem statement• Problems the research/study is trying to solve, major

A educational data warehouse and an educational business intelligenceProposal component:1-abstract2-background3- Introduction4- problem statement• Problems the research/study is trying to solve, major

21

Cyber Security in M&A

Institution affiliation

Name of student

Professor

Due Date

Executive Summary

Mergers and Acquisition, often result in a consolidated company. In such a process, it is wise to acknowledge the different domains in the companies in terms of finances, technology, sales, legal aspects and compliance. In the acquisition stage risks entailing vulnerabilities to loss of data through hacking, use of outdated operating systems and inadequate staff with little technical knowhow should be admitted. As a result, due diligence will be conducted by the acquirers, and a cybersecurity system for success acquisition should be drafted. In the global market of technology, mergers and Acquisition have increased by 44% September (Rieger& Tjoa,2018). Most of the firms that have successfully merged recognize that cybersecurity is an important factor in the due diligence process. Cybersecurity cannot be skipped in Merger and Acquisition as most companies use information and technology to control their decision-making process, which is influenced by electronic computing. Most of the clients from the two firms pay for services that are provided to them with the help of credit cards. With this essence, in mitigating any security concerns they must take into consideration cyber threats, threats to network systems and information systems. The M&A process should, therefore, give priority to protecting the information of the Company. Policy and compliance incentives should be formulated and made known to all especially on the issue of data breach. The legal aspects should also be put in place to ensure that the Company is well updated on the laws on the data breach. Other aspects while dealing with M&A involve effectively managing the stakeholders. The initial stages of the Acquisition should involve coming up with a response plan that would be effective in communication to all stakeholders in case of a data breach.

Policy Gap Analysis

Introduction

In the technology sector, mergers and Acquisition (M&A) is a tool l for companies to adopt new strategies and technologies to maintain competitive advantage, profitability, growth rate and a greater market share. The consolidation of companies through M&A presents differences in the aspects of sales, customers, finances, employees and other legal aspects. Companies going through M &A are therefore more prone to attacks (Zollo & Meier,2008). The appropriate course of actions to take to minimize the attacks revolve around cloud computing, security innovations, mobile technology and social networking which are crucial drivers of M&A. Adopting the above course of action helps in handling constraints such as due diligence, validation of assets, threats to data, unsupported versions of Microsoft Windows and Adobe acrobat, inadequate staff who lack the technical knowhow and the liabilities that come with the consolidation.

In most companies, all data, decision making and production processes are done through computing settings that are in electronic form. With this regard, most firms have adopted Information Technology systems. That said, cybersecurity is an important aspect in Merger and Acquisition as strategies to mitigate risk, protect systems, prevent threats, improve operating systems and technological capabilities while still conducting due diligence are well laid. Most IT decision-makers claim that they have experienced jeopardizing incidents in M&A and extreme cyber risks which only aggravate the matter (Zollo & Meier, 2008). When a company merges with another, the resulting organization attains a different risk profile.

In a merger or acquisition process, there is a considerable volume of confidential information between the seller and the buyer. There should be a comprehensive confidential agreement that binds anyone who comes close to the confidential information. M&A processes should be kept confidential to prevent confidentiality risks( Nelson, 2018). Those conducting the M&A process should sign a confidentiality agreement that states that the confidential information will be used for the transaction so that the seller and the buyer from any form of misuse of the confidential information. Confidentiality involves signing a covenant not to hire employees from the seller company as they may give crucial information to their previous employers.

Before systems are integrated, the security systems and policies will need to be evaluated. A successful security policy will involve idenrtifying the risks of the integrated company, ensuring that the policy and legal requirements conform to each other. Security systems operate through three main principles. The first principle is confidentiality to prevent unauthorized disclosure; second principle is to maintain the integrity of the information and lastly ensuring that data is available when needed. The security policies will therefore be reviewed so as to ensure that the policies are consistent and effective. As a result all data will be protected and threats minimized (Weiss, 2019). A policy gap analysis should be conducted to establish which security policies at the local, state and national laws and regulations relate to the merger and acquisition. Some of the laws that should be followed include the exchange act where detailed disclosure requirements will be protected. Laws and regulations on data breach should also be adhered to during the process.

To identify the differences the legal aspect should check into how each firm was overcoming collective action problems. All the regulations and policies that each firm was using should be tabled. The difference in the policies and laws should be identified after the listing of the laws. Special approval requirements in the law by mergers are then presented which indicate the laws they put into consideration when preventing data breach. The relevant laws and regulations should be obtained from the internet. Media laws that are up to date should be selected and incorporated in the M&A process. They include all regulations from the Federal Communications Federation which regulate media communications. The states speech act should also be followed to prevent hate speech that may lead to violence as most media entertainment have a broad range of audience. To ensure compliance to the policies and regulations, the executive committee should first ensure that the policies and the procedures are feasible. While selecting the policies, the consolidate firm should ensure that the policies are friendly to the audience. For easy compliance, the policies and regulations should be readily available to the employees so that they are aware of them. There should be a deadline for the employees to submit the manner in which a certain policy is being adhered to. Lastly, the firm should measure how well the employees understand the laws and policies which they have in the company so as to determine how well they comply to the policies.

In this case, Acquisition of the streaming company will raise concerns on the network, user and cyber threats. The concern is because the streaming company already has a base of users with a particular compensation per month in their monthly fees. Most of these payments are made through credit cards whose numbers are in the payroll system. PCI DSS standards should be adopted by the company for the security of the credit card. The PCI Security Standards Council gives a definition of specific data that is relevant to all merchants who largely transact through credit cards. It is important to update the already existing operating system. The benefits of an updated operating system include allowing access to support. Updating the operating system ensures that your hardware works hence ensuring that all the print jobs come out right every time. Since technology is evolving, there is the compatibility with the new computer programs that are quicker and effective. Software updates help repair security holes that have been discovered. PCI DSS 12 involves securing the internal hosting network, implementation of the measures in user control, managing data security and managing any vulnerability in the security system (Morse & Raval, 2008).

The PCI DSS 12 requirements include installing and maintaining a configuration on the firewall to protect the card holder. It also requires the company to avoid using vendor supplied default systems that have passwords and other security parameters. Another requirement is to encrypt transmission of card holder across open data and public networks. After establishing a firewall configuration, the responsible parties should ensure that the configuration denies entry of traffic from untrusted network and hosts. The firewall should be configured in a way that restricts connections between accessible servers and systems that store data belonging to the cardholder. It should also prohibit direct access to external networks and system components that have card data information. There should be implementation of IP address masquearading which prevents addresses that are internal from being translated and revealed in the internet. To facilitate this implementation, the firm should use the technologies that have adopted RFC 1918 address space such as PAT which is defined as the Pot Address Translation or the NAT which is the Network Address Translation (Wang, Sambasivam, Solihin & Tuck, 2017). Use of an EFT server helps the existing firewall by providing an easy to use IP firewall that lets you grant or deny access to specific IP addresses thereby preventing data breach. Encrypting the credit card ensures that chances are reduced through which valuable information which include the card itself, the terminal which scans the card and the transmission of information from the system to the card is protected.

Through the two requirements of the PCI DSS 12 the activities in the company become easy to handle. For example, with the existence of a firewall, the internet logins effectively in the network systems. The firewall becomes a good place to get information about the system and to use network. The firewall also records what occurs between protected network and an external breech hence a data breach would not go unrecognized. The networks are protected since unauthorized users cannot access networks connected to the internet. Data encryption protects the network systems through protecting digital data that is stored in the computer systems. The algorithms in data encryption provide confidentiality and promote essential network systems that drive key security initiatives such as authentification and integrity in the network systems. Encrypting data is essential though it may need hiring of external experts since the firm has employees who have little technical knowhow in encrypting. The act is affordable since incase of a ransom ware attack, hackers may encrypt data and use the information from the system to commit crimes. In such a case, the firm is forced to pay a large amount for the encryption key to get the data back. Enterprise firewall may be about $25000, it may seem expensive but it insures a lot of data and restoring a data breach would be more expensive.

Review Protocol for Streaming Services

There are six known protocols for streaming services. They include HTTP based, Real Time messaging protocol, Real Time Streaming Protocol, Real Time Transport Protocol, Apple HLS, Low Latency HLS and MPEG DASH streaming protocol. HTTP is a request response protocol that is designed for the client server model for website applications. Some of the vulnerabilities while adopting this protocol include implementation pitfalls that may spearhead surface attacks on the website. Real Time Messaging protocol is owned by Adobe. It is put to work through streaming audio and video hence maintaining low latency connections (Kesavan & Kumar, 2019). The vulnerabilities of the RTMP is that it exposes the user to the risks of piracy. Also, its buffering may cause data loss which is critical to streaming. Real Time Streaming protocol is a network control protocol that governs streaming in media servers of the communication and entertainment industry. It controls the sessions in the media at the end points. Since it does not transmit data the media companies use Real Time Transport Protocols in their Transmission. If not well encrypted the two protocols are vulnerable to data breach and bugs. Apple HLS is the streaming device in the IOS devices; it plays the same role as the HTTP streaming protocol and faces the vulnerability of attacks by hackers if not well encrypted. Low latency HLS provides a parallel channel through which media is distributed through the live edge of the media play list. The media gets divided into small files which are known as HLS partial segments. Low latency HLS is vulnerable to holes in the system through which hackers might gain access through. It should be updated frequently to prevent such occurrences.

It is imperative to ensure that the consolidation process looks into specific factors that are incorporated in the due diligence process such as security reviews, protection of the firm's information and assessing gaps in compliance of policies. The above process will ensure that sensitive data is kept safe. Acquirers should assess whether the media streaming company has an acceptable level of cyber risk, just like they would consider the financial situation of the Company. The security team of the Media and Entertainment Company will play a great role in mitigating the risk of the Company while protecting the interests of the shareholders.

In securing a company from cyber attacks streaming companies should have avideo server that registers and authorizes users. With this regard, only special member users can access video files. Secondly the client side should have password encryption which prevents the occurrence of middle cyber attacks. Video file encryption is also important since the encryption by the AES algorithm will ensure that the administrator is requested before any video download. To protect the systems, not every employee should access the data. For example, marketers should not be allowed close to the payroll data. A privacy policy should be developed, which contains information that the Company collects that is confidential. Physical addresses, emails and browsing histories should be kept private. This assures customers that the client's information is adhered to according to legal obligations. Data collected from the internet should be protected by ensuring that necessary precautions are taken. These include classifying data and controlling access to the information. Data protection is mandatory, whether a firm decides to host its own servers or use those from a third party. Any data collected through the website and stored by a third party should be completely secure. Doing so will protect the firm's systems from hackers and employees that are in the hosting Company.

The security systems should be layered. The firm should not rely on one security mechanism, such as a password to protect sensitive information. In case the password leaked to the insiders and external threats, then the firm's systems would not be safe. There should be back up codes sent to a specific gadget; barcodes should be used to gain entry in the sensitive systems. Additionally, strong antivirus should be used to kill any malware that may tend to be used by hackers.

The two main primary safeguards to data security are passwords and encryption. For the most sensitive data, the passwords should be the strongest they could reasonably be. They should be long and random with characters of about ten. They should be changed regularly and guarded by those who know them. Employees should also be trained on the importance of passwords. Since passwords are not sufficient, a firm may consider the two-step authentification. In the step mentioned above, the password is combined with a verification method such as a personal identification number or a pin. Identification factors include; something the requestor knows as a secret such as a pin, something in the hands of the requestor such as personal identification number, something that the requestor can provide uniquely such as biometric data, face geometry or fingerprint. On the other hand, encryption involves encoding information to an advanced level that cannot be read by anyone who does not have the proper unlock to the data.

Across the streaming enterprise today, most companies leverage video streaming technology. Sales people use videos to reach their customers, executives use videos to communicate and earn results. They are using piloted videos to develop video strategies that are comprehensive and leveraging mature enterprise video platforms. 58% of internet traffic is mainly made up of video. Modern HTTP based streaming protocol presents a series of opportunities for scalable and cost effective video delivery. This helps today’s organizations in keeping up with the pace on the rapid rise of using videos in the work place. In most video leveraging the protocol used is HTTP based streaming. Though it has little vulnerability, the protocol may be vulnerable to an authentification scam or a stolen password. The users may be scammed to clicking a link in an email to view a site that is not legitimate which makes the password easily stolen. Stolen information may also be transferred by the attacker to server which makes it compromised. These vulnerabilities have been mitigated and the risk reduced to zero. To prevent the authentification scam, the two step verifification and password should be used.

Residual risk to the target company's assets and IP remain due to the use of old Microsoft windows by the acquirer and having inadequate personnel who lack the technical knowhow in handling issues on technology in the firm. These risks would extend to the current take over company after the merger since the firm does not intend to take employees from the previous firm for the purpose of credibility. However, these risks are not bad enough to cancel the merger and acquisition. While implementing the appropriate mitigation the costs that might be incurred by the target company involves a compensation to employees total of about 25000$ which is paramount. Apart from the compensation, the firm has no additional measures to take.

Assessing the Merged Network Infrastructure

A transition strategy in M&A requires a tactics, technique procedure (TTP). One tactic in M&A involves measuring cultural compatibility ( Goksoy, 2019). During the due diligence stage the organizational culture should not be ignored. The human capital cost is also a technique that should be involved in the due diligence. It should follow the procedure to address the costs of recruitment, benefits, compensation, pay roll, human resource support and organizational designs. The organization that acquires the firm should go in with their eyes wide open. Once they are all combined under one banner, stakeholders can work together to determine the hiring process. Leaders need to adopt the technique of stewardship as they will have to deal with making employees understand why others had to lose jobs and the compensation plans in place. However, they should ensure that they are ready to deal with employee turnover. The techniques will help in understanding the organizational structure which will have the role of employees defined in the banner making it easy for the management to run the M&A.

The acquirer is responsible for their firewall and the firewall of the company that merges with them so as to prevent loss of data. Secondly the demilitarized zone(DMZ)s which is also known as the perimeter network should be identified since it exposes the organizations external services to an untrusted network that is larger such as the internet. Such a technique will help in preventing hackers from gaining access to the M&A. IT networks are part of the infrastructure that is most crucial in a company. The networks in the firm should be well updated as they help in allowing business to operate, people to cooperate and communicate hence encouraging the making of profits. The status of the network systems should be checked frequently to prevent any form of cyber crimes.

Bring Your Own Device Policy (BYOD) is a policy that allows employees to use tablets, laptops and smart phones for work. There are some downsides that are considered but the policy helps in making profits in business. Adopting the policy saves the company from purchasing and replacing technology from the other firm. Additionally there is potential improvement of the employee morale hence promoting more up to date technologies.

To meet the goals of the BYOD policy the company needs to use password protected controls that are unique for each device that the employee uses ( Dhingra, 2016). Employees should practice connecting their devices to trusted networks. They should also keep their operating systems up to date and their firmware so as to prevent intrusion by attackers.

A security plan prevents cybercriminals from exploiting bugs in the software, underlying operating systems or gaining access through unauthorized access which enables them to run commands or install malicious software. Additionally, it prevents sensitive information from the server from being read or modified without authorization. It also prevents criminals from gaining access to information elsewhere in the organization which occurs after a successful attack on the web server. The above actions prevent the use of the server in the distribution of attack tools or software's that are illegally occupied.

Data encryption protects information through converting into an unreadable code that cannot be interfered with by unauthorized people. Bit locker is an encryption feature that is included in Microsoft windows hence preventing access by hackers. Platform identity keys protect the device against any firmware and software modification. It does this through hashing of critical sections of firm ware and software before they are executed.

Managing integrity of the system is important for several reasons. It ensures that there is recoverability, searchability , traceability and connectivity. It also increases the stability and performance of the system while still improving reusability and ability to maintain data. Trusted Computing Base (TCB) is the set of the computer system firmware, hardware and software that is essential to the security of the system. It prevents bugs and vulnerabilities from occurring that might put the entire system into jeopardy. The environment should be safe and should not support any vulnerabilities. A Trusted Platform Module (TPM) is a chip that is specialized on an endpoint device that stores RSA keys of encryption for the purpose of hardware authentification. The components of TPM are the endorsement key which is better known as EK and the RSA key. The above mechanisms are crucial in authentification and authorization as they have a cryptographic module that is essential in promoting computer security. The mechanism protects the data through encryption and decryption. Additionally, it protects the authentification details of clients. Lastly, it provides software on a system for basic functionalities which are associated with the security of computers.

Review Supply Chain Risk

Supply Chain risks involved in M&A include quick fix cost cutting, ignoring the long term, failure to have good logistics of the supplies that are made records of the finances ( Boyens et al, 2015). Other risks include consolidating firms quickly, paying little attention to the planning process. These could be solved through gradual consolidation of firms and not rapidly. Having logistics in place of the supply chain and giving more attention to the planning process. Through the use of NIST Special Publication 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations the areas that need to be improved include provision of guidance to federal agencies on identification, assessment and mitigation of the ICT supply chain at all levels in the organization. Lastly, it integrates ICT supply chain management (SCRM).

A Vulnerability Management Program according to NIST Special Publication 800-40 Guide to Enterprise Patch Management Technologies would involve ( Boyens et al, 2015):

  • Establishing a governance system that integrates ICT requirements that are incorporated in policies.

  • Use the risk assessment plan (FIPS 199) to determine the levels of impacts

  • Implementation of reliability and quality program,ms that oversees quality assurance and control.

  • Ensure adequate resources are allocated.

  • Establish a management plan for suppliers.

  • Implement a robust management program that should identify incidents including those that originate from the supply chain of the ICT sector.

The implementation of this plan should be gradual. It is important since it prevents the M&A from having unnecessary losses through a poor supply chain management plan. A good plan costs about $2000.

Educate Users

The employees for the new and the old company should be told of the Merger and Acquisition. The policies that govern the new consolidated firm should be availed to the employees. All the stakeholders should be aware of the processes of acquisition. The employees from the merger and Acquisition should be trained on the importance of cyber security and made to gain skills and the technical knowhow of preventing a security breach. Training and awareness ensure that each employee is aware of the potential threats that they could face. As a result, most employees will avoid phishing emails, sharing passwords or use insecure networks when coding any official work. Without education and training, users can be deceived even by the slightest attack. Each employee should know of the risks associated with economic intelligence and cybersecurity. Network administrators should constantly have periodical training so that employees can be kept up to date concerning the current threats and how they should mitigate them.

References

Boyens, J., Paulsen, C., Moorthy, R., Bartol, N., & Shankles, S. A. (2015). Supply chain risk management practices for federal information systems and organizations. NIST Special Publication800(161), 1.

Calder, A., & Williams, G. (2019). Pci Dss: A Pocket Guide. It Governance Ltd.

Dhingra, M. (2016). Legal issues in secure implementation of bring your own device (BYOD). Procedia Computer Science, 78(C), 179-184.

Goksoy, A. (2019). Cultural Integration in Mergers and Acquisitions. In Handbook of Research on Corporate Restructuring and Globalization (pp. 101-124). IGI Global.

Kesavan, S., & Kumar, E. S. (2019). Rate adaptation performance and quality analysis of adaptive HTTP streaming methods. International Journal of Information Technology, 1-13.

Morse, E. A., & Raval, V. (2008). PCI DSS: Payment card industry data security standards in context. Computer Law & Security Review, 24(6), 540-554.

Nelson, T. (2018). Mergers and Acquisitions from A to Z. Amacom.

Wang, T., Sambasivam, S., Solihin, Y., & Tuck, J. (2017, October). Hardware supported persistent object address translation. In 2017 50th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO) (pp. 800-812). IEEE.

Weiss, S. L. (2019). A Governance Solution to Prevent the Destruction of Shareholder Value in M&A Transactions. Available at SSRN 3317584.

Zollo, M., & Meier, D. (2008). What is M&A performance?. Academy of management perspectives, 22(3), 55-77.


Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!