Running Head: Psinuvia, Inc Security Review 1
Psinuvia, Inc. Security Review
by David Lott
July 2021
Western Governors University
Executive
... [Show More] Summary
Recent changes to Psinuvia Inc’s senior leadership has lead to a need to reevaluate the
implementation details of the IT department to ensure alignment with the strategic goals and mission
statement. In support of that effort, Psinuvia has recently engaged Autojor Security Consultants to
conduct a comprehensive security review of Psinuvia’s Cybersecurity posture. The goal of this effort is
to obtain a current and enterprise wide snapshot of the posture of the entire organization across all
security disciplines. This report has utilized the report provided by Autojor and makes several
recommendations.
Security Report Review
The independent cyber security report conducted by Autojor Security Consultants provides a high
level overview of the current state of cyber security within Psinuvia. Autojor conducted a series of
reviews including external assessment, on-site investigations and reviewed operational procedures.
The report does not provide detailed level or specific vulnerabilities. However, it does provide more
strategic or managerial level observations that can be summarized in the following bullet points:
Psinuvia does not follow a cyber security framework
Of the stated observations of the Autojor report, the lack of a cyber security framework is perhaps
the most concerning. Frameworks provide a means of establishing a common set of terms and “best
practices” for cyber security. Following a specific framework allows management to measure and
report on the progress towards continuous improvement. The US federal government, via executive
order EO 14028 (Biden, 2021) has established NIST as the government’s lead for cyber security. In
Psinuvia Security Report 2
executing their responsibilities under the executive order, NIST has published version 1.1 of its
Cybersecurity Framework (NIST, 2018). It is our recommendation that this framework be followed
going forward as government auditors are now following this framework for evaluating commercial
entities that are subject to government regulation. Failure to adopt a cyber security framework will
result in Psinuvia to continue to miss opportunities for self improvement [Show Less]