Company Overview
SAGE Books is a retail bookseller that provides customers with a one-stop-shopping experience for books, magazines, and multimedia (music, DVDs, and Blu-ray). Established in 2011 by a group of college graduates, SAGE Books has grown from a local book chain in Utah into a national destination for book lovers in just 12 years.
SAGE Books’s latest effort focuses on enhancing its e-commerce website to transform SAGE Books into the #1 bookshop on the internet. The current strategy is a two-phase approach. The first phase implements measures to optimize the company’s distribution network to reduce shipping costs and delays for the customer. Phase two will see the opening of a trusted third-party seller marketplace within the current e-commerce website while adhering to PCI DSS and GDPR regulations. The enhancements of both phases will allow the company to better compete with similar retailers while offering customers better prices and the opportunity to find unique items, such as out-of-print copies or signed books.
At present, SAGE Books operates 400 retail locations in all 50 states and Puerto Rico, and has three distribution centers operating in California, Texas, and Florida. The company employs approximately 12,000 people across retail, in-house cafés, and distribution centers. Annual sales have steadily increased year over year since 2014, and annual sales in 2022 amounted to nearly $900 million.
Need assistance with the following requirements:
A. Provide a summary of the current security weaknesses outlined in the attached Independent Security Report.
B. Create mitigation plans to remediate the security gaps identified in the Independent Security Report, ensuring alignment with PCI DSS and GDPR standards.
C. Specify three essential security roles that must be hired to satisfy compliance, risk management, and governance needs, and define the responsibilities of each position using the NICE Framework referenced in the Independent Security Report.
D. Identify at least three physical security threats or vulnerabilities and at least three logical threats or vulnerabilities, and explain how each one affects the organization’s overall security posture based on the Company Overview and the Independent Security Report.
E. Build a cybersecurity awareness training program that adheres to NIST guidelines and includes:
- Annual mandatory training
- Role-specific or specialized training
- Ongoing awareness efforts
F. Summarize the required standards for protecting organizational assets, including policies for acceptable use, mobile devices, password management, and safeguarding PII, referencing regulatory or contractual requirements as evidence.
G. Create an incident response plan consistent with the Independent Security Report and structured around the four NIST-defined incident handling phases.
H. Develop a business continuity plan (BCP) that addresses natural disaster risks cited in the Independent Security Report, incorporating:
- Project scoping and planning
- Business impact analysis
- Continuity strategy development
- Plan approval and implementation
I. Cite all referenced, paraphrased, or summarized information using appropriate in-text citations and a reference list.
