Scribd
Upload
38 views6 pages

IMPLEMENTATION ACTION PLAN MATRIX

The document outlines a Cybersecurity Implementation Action Plan for Marriott, detailing essential measures such as access control, data encryption, and employee training to enhance security. Key initiatives include multi-factor authentication, role-based access control, and data loss prevention, all aligned with NIST and CIS guidelines. The plan includes specific tasks, responsible parties, budget allocations, and timelines for completion by 2025.

Uploaded by

Daniel Obadaye
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
38 views6 pages

IMPLEMENTATION ACTION PLAN MATRIX

The document outlines a Cybersecurity Implementation Action Plan for Marriott, detailing essential measures such as access control, data encryption, and employee training to enhance security. Key initiatives include multi-factor authentication, role-based access control, and data loss prevention, all aligned with NIST and CIS guidelines. The plan includes specific tasks, responsible parties, budget allocations, and timelines for completion by 2025.

Uploaded by

Daniel Obadaye
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

APPENDICES

Implementation Action Plan Matrix for Marriott

IMPLEMENTATION ACTION PLAN

The Cybersecurity Implementation Guideline involves access control mechanisms

that must be implemented to ensure that only authorized personnel can access sensitive

systems and data. This includes using multi-factor authentication and role-based access

control, in line with NIST PR.AC and CIS Control 4. Data security measures should include

encryption for data in transit and at rest, as well as data loss prevention technologies, as

outlined in NIST PR.DS and CIS Control 3. Additionally, regular cybersecurity training for

employees is vital to raise awareness and improve security practices, adhering to NIST

PR.AT and CIS Control 14. Secure configuration of systems and software should be enforced

to reduce vulnerabilities, supported by the establishment of configuration baselines and

regular vulnerability assessments, as recommended by NIST PR.IP and CIS Control 5.(Board

Marriott)

 Secure Configuration of Enterprise Assets and Software

 Multi-Factor Authentication, Identities and credentials are issued, managed, verified,

revoked, and audited for authorized devices, users and processes.(PR.AC1.CIS 04)

 Role Based Control: Establish Cyber Security Assessment Team(PR.AC-3(7)

 Encryption of Data in transit PR.DS-P1:,PR.DS-P2

 Data Loss Prevention: Protections against data leaks are implemented PR.DS-5

 Establish and maintain a security awareness program to influence behavior among the

workforce to be security conscious and properly skilled to reduce cybersecurity risks

to the enterprise(PR.AT-01

 Enforcing Secure Configuration of Systems and software


APPENDICES
Implementation Action Plan Matrix for Marriott

 A baseline configuration of information technology/industrial control systems is

created and maintained incorporating security principles (e.g. concept of least

functionality)( PR.IP-1)

 Establishmentment of configuration baseline(DE.AE-1)

 A vulnerability management plan is developed and implemented(PR.IP-12)

REFERENCS

https://csf.tools/reference/nist-cybersecurity-framework/v1-1/pr/pr-ac/pr-ac-1/
APPENDICES
Implementation Action Plan Matrix for Marriott

Re Task Year to be Responsible Board Rule Budget/Source Key dates Status Next Steps
f Completed Owner
No.

01 Secure Configuration
of Enterprise Assets
and Software

Multi-Factor Chief 11% of Marriott


Authentication, Information IT budgets to
2025 Security PR.AC1.CIS security Not later than Ongoing Making more
Identities and 04 February 28,2025 awareness,
credentials are issued, Officer expenditures.
Training and
managed, verified, assessment
revoked, and audited
for authorized devices,
users and processes

02 Role Based Control Chief 11% of Marriott Making more


Information IT budgets to awareness,
Establish Cyber 2025 Security PR.AC-3(7) security Not later than Ongoing Training and
Security Assessment Officer expenditures. February 28,2025 assessment
Team

03 Encryption of Data in PR.DS-P1: 11% of Marriott Making more


transit IT budgets to awareness,
2025 IT Team PR.DS-P2 security Not later than Ongoing Training and
expenditures. February 28,2025 assessment
APPENDICES
Implementation Action Plan Matrix for Marriott

04 Data Loss Prevention: CISO,IT 11% of Marriott Yet to Making more


Protections against data Team, IT budgets to Commence awareness,
leaks are implemented 2025 Employers PR.DS-5 security Not later than Training and
expenditures. February 28,2025 assessment

05 Establish and
maintain a security
awareness program to Human Yet to
influence behavior Resource Commence
2025 Manager PR.AT-01 11% of Marriott Making more
among the workforce IT budgets to awareness,
to be security security Not later than Training and
conscious and expenditures. February 28,2025 assessment
properly skilled to
reduce cybersecurity
risks to the enterprise

06 Enforcing Secure
Configuration of
Systems and software

A baseline Chief
configuration of Information
Security PR.IP-1 11% of Marriott Yet to Making more
information IT budgets to Commence awareness,
technology/industrial 2025 Officer Not later than
security Training and
control systems is expenditures. February 28,2025 assessment
created and maintained
incorporating security
principles (e.g. concept
APPENDICES
Implementation Action Plan Matrix for Marriott

of least functionality)

07 Establishmentment of Chief 11% of Marriott Making more


configuration baseline Information IT budgets to awareness,
Security DE.AE-1 security Training and
2025 Officer expenditures. Not later than Yet to assessment
February 28,2025 Commence

08 A vulnerability Chief Yet to Making more


management plan is Information Commence awareness,
developed and Security PR.IP-12 11% of Marriott Training and
implemented Officer IT budgets to assessment
2025 security Not later than
expenditures. February 28,2025
APPENDICES
Implementation Action Plan Matrix for Marriott

You might also like