Cybersecurity Management
WGU D489 TASK 1 | CYBERSECUTITY MANAGEMENT | 2026 UPDATE
WITH COMPLETE SOLUTION (GRADED A+)
A. Summary of the gaps that currently exist Sage’s in “Independent Security Report.”
Sage’s “Independent Security Report”, or aforementioned “ISR,” revealed considerable
gaps in their cybersecurity framework. The gaps will be discussed below.
1. Business Continuity Plan
Sage’s BCP does not encompass the minute details that are important to continue a business in
the event of a natural disaster and no recovery strategies are in place.
2. Inadequate Security Awareness Plan
Sage’s cybersecurity awareness plan is not compliant with the industry’s best practices and
standards in regard to NIST and PCI Requirement 12.6.
3. Inadequate Incident Response Plan
Sage’s IRP does not define roles and responsibilities of team members. The IRP also has
significant shortcomings regarding efficient incident handling and analysis.
, Cybersecurity Management
4. Noncompliance with PCI-DSS and GDPR
Sage currently does not have policies and procedures that would enable it to become and
maintain compliance with two very important global industry standards: PCI-DSS and GDPR.
B. Mitigation strategies that were developed to address the gaps identified in Sage’s
“Independent Security Report,” ensuring compliance with PCI DSS and GDPR.
The gaps that were identified in Sage’s ISR were the lack of an adequate business
continuity plan, security awareness plan, incident response plan, and information security team,
leading to non-compliance with the security principles and standards of GDPR and PCI-DSS.
Compliance with these two important standards is essential for international businesses.
The following sections will include mitigation strategies to be implemented to address the gaps
and achieve compliance with the industry’s standards.
1. Inadequate Information Security Team
Sage’s information security team is poorly staffed and is lacking key team members that are
necessary to provide the company with effective security compliance and regulatory efforts.
, Cybersecurity Management
1. Business Continuity Plan
The mitigation strategy that was developed to address Sage’s BCP and ensure compliance with
GDPR and PCI-DSS was done by developing a thorough and finely detailed recovery plan that
addresses natural disasters. The new mitigation strategy will be used to ensure European data and
cardholder data protection and quickly recover the systems that store or use this data. The BCP
mitigation strategy will include a risk assessment, business impact assessment, emergency
response plan, communication plan, and backup recovery plan. Editing the business continuity
plan to include these attuned details can ensure that the business can withstand any disaster and
is properly prepared for any unforeseen event that could possibly disrupt the business’s
operations.
2. Inadequate Incident Response Plan
The mitigation strategy that will be used to ensure GDPR and PCI-DSS compliance regarding
Sage’s inadequate IRP will be discussed in the following. Sage’s current IRP does not define
roles and responsibilities of its team members, and this confusion severely damages its focus on
data and cardholder protection, which are standards of PCI-DSS and GDPR.
The IRP also has significant shortcomings regarding efficient incident handling and analysis.
The mitigation strategy that will be used to ensure GDPR and PCI-DSS compliance will be
accomplished by clearly defining the roles and responsibilities of each team member. Post role
WGU D489 TASK 1 | CYBERSECUTITY MANAGEMENT | 2026 UPDATE
WITH COMPLETE SOLUTION (GRADED A+)
A. Summary of the gaps that currently exist Sage’s in “Independent Security Report.”
Sage’s “Independent Security Report”, or aforementioned “ISR,” revealed considerable
gaps in their cybersecurity framework. The gaps will be discussed below.
1. Business Continuity Plan
Sage’s BCP does not encompass the minute details that are important to continue a business in
the event of a natural disaster and no recovery strategies are in place.
2. Inadequate Security Awareness Plan
Sage’s cybersecurity awareness plan is not compliant with the industry’s best practices and
standards in regard to NIST and PCI Requirement 12.6.
3. Inadequate Incident Response Plan
Sage’s IRP does not define roles and responsibilities of team members. The IRP also has
significant shortcomings regarding efficient incident handling and analysis.
, Cybersecurity Management
4. Noncompliance with PCI-DSS and GDPR
Sage currently does not have policies and procedures that would enable it to become and
maintain compliance with two very important global industry standards: PCI-DSS and GDPR.
B. Mitigation strategies that were developed to address the gaps identified in Sage’s
“Independent Security Report,” ensuring compliance with PCI DSS and GDPR.
The gaps that were identified in Sage’s ISR were the lack of an adequate business
continuity plan, security awareness plan, incident response plan, and information security team,
leading to non-compliance with the security principles and standards of GDPR and PCI-DSS.
Compliance with these two important standards is essential for international businesses.
The following sections will include mitigation strategies to be implemented to address the gaps
and achieve compliance with the industry’s standards.
1. Inadequate Information Security Team
Sage’s information security team is poorly staffed and is lacking key team members that are
necessary to provide the company with effective security compliance and regulatory efforts.
, Cybersecurity Management
1. Business Continuity Plan
The mitigation strategy that was developed to address Sage’s BCP and ensure compliance with
GDPR and PCI-DSS was done by developing a thorough and finely detailed recovery plan that
addresses natural disasters. The new mitigation strategy will be used to ensure European data and
cardholder data protection and quickly recover the systems that store or use this data. The BCP
mitigation strategy will include a risk assessment, business impact assessment, emergency
response plan, communication plan, and backup recovery plan. Editing the business continuity
plan to include these attuned details can ensure that the business can withstand any disaster and
is properly prepared for any unforeseen event that could possibly disrupt the business’s
operations.
2. Inadequate Incident Response Plan
The mitigation strategy that will be used to ensure GDPR and PCI-DSS compliance regarding
Sage’s inadequate IRP will be discussed in the following. Sage’s current IRP does not define
roles and responsibilities of its team members, and this confusion severely damages its focus on
data and cardholder protection, which are standards of PCI-DSS and GDPR.
The IRP also has significant shortcomings regarding efficient incident handling and analysis.
The mitigation strategy that will be used to ensure GDPR and PCI-DSS compliance will be
accomplished by clearly defining the roles and responsibilities of each team member. Post role
