1

Steps 5 & 6 Environmental Inputs to Threats and Vulnerabilities

Name

Instructor

Institutional Affiliation

Date
 2

Step 5: Research Relevant Environmental Factors

The external context in which the company operates has a significant impact on its
cybersecurity risk and threat landscape. This is because as the company becomes increasingly
interconnected, it becomes more susceptible to cybersecurity threats that originate both within
and beyond the organizational boundaries. With the integration and complexity of firms’
business engagements, they are exposed more to cyber threats that are not bounded by
organizational domain or industry sector (Mallick & Nath, 2024). For example, the growing
nature of cyber threats such as the rise of technical and sophisticated cyber threats including
APTs and state-sponsored cyber espionage calls for the need for the organization to be more
vigilant in protecting its assets against external threats.

Moreover, the growing incidences of ransomware attacks across different industries

highlight the growing attacks on organizational assets and how cybercriminals are continuously
exploiting vulnerabilities in widely used software and systems of organizations. In the field of
government contracting, part of which involves providing contracted organizations with goods
and services that contain classified information or update critical infrastructures, threats can
come from outside the contracting organization as a result of geopolitical risks, economic spying,
or attacks on supply chains (Amoo et al., 2024). It is necessary to comprehend these external
factors to reveal potential weak links and prevent the organization and its objectives from being
used by the attackers.

Research into best practices and regulatory factors also highlights and supports the idea
that organizations cannot afford to wait for an attack to happen. Instead, organizations should
develop proactive approaches to cybersecurity. The legal and compliance standards that are
inherent in an organization dictate the kind of security that the organization should have in place
to help prevent incidents of cybersecurity breaches. For instance, the General Data Protection
Regulation (GDPR) and the Federal Information Security Management Act (FISMA) enforce
strict security standards that companies must adhere to, influencing their cybersecurity strategies
and practices (Amoo et al., 2024). Policy factors also hold a significant position in influencing
the threats; some of which are governmental policies regarding critical infrastructure and policies
for encouraging the Public-Private Partnership in the realm of cybersecurity.

Step 6: Describe External/Environmental Inputs to Threats and Vulnerabilities

From my research, I identified several external industry sources and best practices that apply to
this organization. These industry best practices provide a framework for handling and managing
cybersecurity threats. The following are some of the external industry sources and best practices
that I researched.
 3

1. National Institute of Standards and Technology (NIST) Cybersecurity Framework

The NIST Cybersecurity Framework offers important cybersecurity best practices that help
organizations to better understand and improve their approaches to managing cybersecurity risks
and threat landscape. The framework is one the most widely adopted and used across different
industries. It also enables organizations to ensure that their approaches to managing
cybersecurity risks align with the underlying and recognized standards for identifying, detecting,
responding to, and recovering from cyberattacks.

2. Center for Internet Security (CIS) Controls

The CIS Controls consist of 18 important measures that organizations can use to strengthen their
cybersecurity postures. These controls prioritize activities over roles and device ownership.
Today, many organizations across different industries use CIS Controls to inform their
cybersecurity threat management approaches.

3. Cybersecurity and Infrastructure Security Agency (CISA) Alerts and Advisories

CISA is an important body that regularly issues alerts and advisories regarding current threats,
vulnerabilities, and patches. More pressing, alerts and advisories on current threats,
vulnerabilities, and patches are often released by CISA. They assist in tracking new threats or
other risks that may affect the organization hence allowing modification of the risk assessment
and risk management solutions.

4. Verizon Data Breach Investigations Report (DBIR)

The DBIR provides precise information about the frequencies of data breaches, kinds of attacks,
and weak spots. Having its insights enables one to provide a better risk assessment of the
prevailing threats associated with the industry since it creates awareness of the most common
risks in the specific industry (Amoo et al., 2024).

5. ISACA's COBIT Framework

The COBIT framework allows organizations to meet business challenges in regulatory

compliance, risk management, and aligning the IT strategy with organizational goals (Mallick &
Nath, 2024). Due to its focus on linking IT strategic directions to the objectives of the business,
risk evaluation takes into account both technical and organizational aspects, which is crucial for
proper risk management in the sphere of cybersecurity.

6. Gartner's Cybersecurity Magic Quadrant

With the help of Gartner’s assessment and ranking of cybersecurity vendors and solutions, it is
possible to define the major tendencies and prioritize the best practices within the field. Using
this information guarantees that the risk assessment integrates modern instruments and solutions
that increase the efficiency of security mechanisms.
 4

References

Temitayo Oluwaseun Abrahams, Sarah Kuzankah Ewuga, Kaggwa, S., Prisca Ugomma

Uwaoma, Azeez Olanipekun Hassan, & Samuel Onimisi Dawodu. (2023). Review of

strategic alignment: Accounting and cybersecurity for data confidentiality and financial

security. World Journal of Advanced Research and Reviews, 20(3), 1743–1756.

https://doi.org/10.30574/wjarr.2023.20.3.2691

Mallick, M. A. I., & Nath, R. (2024). Navigating the Cyber Security Landscape: A

Comprehensive Review of Cyber-Attacks, Emerging Trends, and Recent

Developments. World Scientific News, 190(1), 1-69.

Amoo, O. O., Atadoga, A., Osasona, F., Abrahams, T. O., Ayinla, B. S., & Farayola, O. A.

(2024). GDPR's impact on cybersecurity: A review focusing on USA and European

practices. International Journal of Science and Research Archive, 11(1), 1338-1347.

5