Milestone 1 - Developing a Cybersecurity Implementation Guideline

Jonathan Etseowa Okeigar

MHY6750: Cybersecurity Leadership

Professor Nicholas Bucciarelli

May 24, 2023.

 Executive Summary:

The Center for Internet Security (CIS) and the National Institute of Standards and Technology

(NIST) are two organizations publishing some of the most all-inclusive cybersecurity standards

that can be adopted by modern entities like Kingmakers to sharply improve their cybersecurity

awareness (Darren, 2021). NIST offers a broad set of non-compulsory guidelines for entities that

desire to improve their cybersecurity practices. Similarly, the CIS guideline contains 20 controls

that entities can implement to enhance their cybersecurity readiness. These cybersecurity

standards or controls would help improve cybersecurity practices at Kingmakers, especially data

security.

 Background: The key reason for this paper is to ascertain the current cybersecurity

stance at Kingmakers and to establish where the need to be, looking at cybersecurity best

practices. This would provide the necessary insight on how to enhance the company’s

cybersecurity architectures as well as improve the existing cybersecurity standards and

guidelines.

 Purpose of the Guideline: Cybersecurity guidelines are sets of best practices that an

entity can utilize to enhance its cybersecurity posture (Cybersecurity Standards and

Frameworks | IT Governance USA, 2016). The main purpose for establishing

cybersecurity guidelines at Kingmakers is to identify and implement necessary measures

to protect the organization’s data from cyber threats. They would also provide the

necessary steps to be followed in responding to and recover from cybersecurity

incidents. 
 History of the Organization

Kingmakers, whose trade name is Betking was founded in Nigeria in February 2018 by Byron

Petzer and Adekunle Adeniji. Kingmakers is a pan-African sports betting company. Betking is

also the trade name of Blue Lake Ventures Limited. MultiChoice Nigeria, a pay-TV operator

controls a 49 per cent stake in Kingmakers with the balance bread among other numerous

shareholders. The company currently operates in Nigeria, Kenya, Ethiopia, Ghana and South

Africa with administrative offices in Dubai, Uk and Malta (Nigeria’s Top Five Leading Betting

Companies – THISDAYLIVE, n.d.)

 Mission and Vision: The mission statement of Kingmaker is “to create an efficient

system that enables the quests of our Kings and Kingmakers by providing the right

technology, radical innovation, and uncompromised service to all our customers” and its

Vision Statement is “To develop and radically expand the growth of Blueblood in

Nigeria and Africa”

Framework Implementation Overview

The cybersecurity framework is a set of documented principles, standards and guidelines

designed to mitigate cybersecurity risk at Kingmakers (Simplilearn, 2021). These frameworks

will help reduce Kingmakers’ exposure to cybersecurity weaknesses and vulnerabilities that

cybercriminals could take advantage of. It lays the structure, and foundation and provides

support to Kingmakers’s security methodologies.

 Framework Guidance Purpose: The purpose of this guideline is to remove any

guesswork in safeguarding Kingmaker's digital assets. Frameworks provide cybersecurity

executives and managers a systematic and standardized roadmap to mitigate cyber-attack

 in entities. It also assists cybersecurity teams to provide strategic, well-thought guidelines

to safeguard Kingmaker’s data, infrastructure, and information system.

 Framework Implementation Benefits: The benefits of implementing cybersecurity

frameworks at Kingmaker are enormous and are listed below:

 It will evaluate Kingmaker's current cybersecurity programs and help focus the

organization on digital security pose.

 It will help Kingmakers identify loopholes in its current projects, workforce, and

guidelines.

 It helps marshal open doors for development using a consistent and persistent process.

 It would help highlight any present practice that could outperform the prescribed

framework guidelines at Kingmakers (Shashank, 2018).

 Strategy used to develop the Guideline: A cybersecurity strategy is a blueprint that

involves implementing best practices to safeguard an entity from cyber threats or attached

(Shea, 2021). It also provides a baseline for an entity’s security program that allows an

entity to consistently adapt to emerging cyber threats and attacks. These guidelines are

developed using the Zero Trust model and Defence In-depth Strategy- multiple layers of

security for holistic protection. The goal of this strategy is to lay the foundation of

security defences and increase Kingmaker’s ability to minimize damages caused by

cyber-attack.
 Proposed Budget

The cost of implementing cybersecurity frameworks is always a major concern in most entities,

including Kingmakers. There is this notion that cybersecurity is for big organizations with huge

financial means (Odogwu, 2022). This notion is wrong because all entities are vulnerable to

cyber-attack and as such, most implement some cyber security framework to protect their assets.

That said, our proposed budget is N20,000,000 which would be used to implement all of the

strategy and cybersecurity programs detailed in this plan.

Steps to Implementation of the CIS Critical Controls / Framework

 Prioritize and Scope: At this stage, Kingmakers needs to identify its cybersecurity

objective together with high-level priorities. This will allow the entity to come up with

strategic cybersecurity implementation decisions and ascertain the scope of the systems

needed to support the entity (Belding, 2019)

 Orient: This step is a continuation of the implementation of cybersecurity program at

Kingmakers. Here the entity needs to identify related assets, requirements of regulatory

bodies and the overall risk of the program. Kingmaker’s cybersecurity leaders need to

pinpoint the vulnerabilities and threats to its assets. For instance, if the scope of the

program is primarily IT-related, threat assessments should be given more attention.

 Create a Current Profile: At this stage, Kingmaker’s current profile will be developed

by highlighting which control outcomes of the framework are being actualized. Those

that are partially achieved should be well noted so that supporting baseline data

concerning subsequent steps can then be provided. To ascertain which control outcomes

are being realized, the current Kingmaker’s profile should be integrated.

 Conduct a Risk Assessment: At this stage, Kingmakers will conduct a risk assessment

by evaluating the entity’s operational environment to ascertain the likelihood of a

cybersecurity attack and related impact. The entity’s overall risk management procedure

or previous risk assessment activities could provide a guide. The risk assessment should

be all-encompassing and not on problem areas only.

 Create a Target Profile: Here a target profile needs to be created for Kingmakers that

will focus on the assessment and set out the desired cybersecurity outcomes. It is

advisable that a rational approach is taken when creating the profile. The risk appetite

should be put into consideration and let the entity determines which risk vector is

acceptable.

 Determine, Analyze, and Prioritize Gaps: At this step, Kingmakers needs to ascertain,

analyze and prioritize existing gaps. This should be linked to the target profile. These

gaps should then be addressed by a prioritized action plan together with consideration for

the cost-benefit, mission-driven and risk to achieve the expected target profile outcome.

A determination of the resources needed to address these gaps needs to be considered as

well.

 Implement action plan: The implementation stage requires Kingmaker to determine

which action to take and execute the said actions to fix the gaps. If there is any need for

adjustment in the cybersecurity practices, it should be done without delay to achieve the

target profile.

Conclusions and Recommendations.

To assist Kingmakers to have a robust Cybersecurity framework, we have discussed in detail, a

seven-step procedure or process for the entity to follow in order to implement a strong

cybersecurity framework. These steps entail comparing the present state of the cybersecurity

program at Kingmakers with a target cybersecurity program and bridging the gaps to realize the

target state of the program. These steps provide a flexible roadmap for the implementation of a

robust cybersecurity roadmap at Kingmakers and should be repeated to guarantee continuous

program improvement. 
 References

Belding, G. (2019, December 29). NIST CSF: The seven-step cybersecurity framework process.

Infosec Resources. https://resources.infosecinstitute.com/topic/nist-csf-the-seven-step-

cybersecurity-framework-process/#:~:text=Step%201%3A%20Prioritize%20and

%20scope&text=Key%20to%20this%20step%20is

Cybersecurity Standards and Frameworks | IT Governance USA. (2016). Itgovernanceusa.com.

https://www.itgovernanceusa.com/cybersecurity-standards

Darren , G. (2021, December 22). Differences and Similarities Between NIST and CIS. Carbide.

https://carbidesecure.com/resources/differences-and-similarities-between-nist-and-cis/

Nigeria’s Top Five Leading Betting Companies – THISDAYLIVE. (n.d.). Www.thisdaylive.com.

Retrieved May 18, 2023, from

https://www.thisdaylive.com/index.php/2022/11/17/nigerias-top-five-leading-betting-

companies/#:~:text=Betking%20was%20birthed%20and%20launched

Odogwu, C. (2022, August 12). 5 Cost-Effective Ways to Implement Cybersecurity on a Budget.

MUO. https://www.makeuseof.com/implement-cybersecurity-low-cost/

Prokopets, M. (2022, July 21). CIS Vs. NIST: Side-by-Side Comparison. Nira.

https://nira.com/cis-vs-nist/

Shashank. (2018, June 28). A Beginner’s Guide To Cybersecurity Framework. Edureka.

https://www.edureka.co/blog/cybersecurity-framework/

Shea, S. (2021, August). What is Cybersecurity? Everything You Need to Know. SearchSecurity.

https://www.techtarget.com/searchsecurity/definition/cybersecurity

Simplilearn. (2021, June 21). What is a Cyber Security Framework: Overview, Types, and

Benefits. Simplilearn.com. https://www.simplilearn.com/what-is-a-cyber-security-

 framework-article

Wikipedia Contributors. (2019, October 14). Center for Internet Security. Wikipedia;
Wikimedia Foundation. https://en.wikipedia.org/wiki/Center_for_Internet_Security