OLD DOMINION UNIVERSITY

CyberRisk Beyond Solution Inc.

Internship Report

“Third-Party Risk Management and Cybersecurity Policies: An Internship Experience”

Student’s Name: Vivian Owusu-Nyannor

Name of Employer: Mr. Theophilus Offei E.

CyberRisk Beyond Solution Inc.

Internship Class Name: CYSE 368 – Internship

Professor: Teresa Duvall

Date: December 1, 2024

Term: Fall 2024

Table of Contents

1. Introduction

2. Internship Overview

3. Management Environment

4. Major Work Duties & Assignments

5. Application of Cybersecurity Skills

6. ODU Curriculum Preparation

7. Achievement of Internship Objectives

8. Motivating and Exciting Aspects

9. Discouraging Aspects

10. Challenging Aspects

11. Recommendations for Future Interns

12. Conclusion

1. Introduction

I decided to intern at CyberRisk Beyond Solution Inc. due to my interest in cybersecurity and risk management. Initially, I had difficulty finding a place to do my internship. I spoke with several companies and friends who work in the industry. I was fortunate enough to be accepted to work as an intern with Cyberrisk Beyond Solution in Alabama. Though the internship was virtual, I found it hard to travel to Alabama for an in-person orientation. As a Cybersecurity student at Old Dominion University (ODU), I wanted to gain hands-on experience to complement and enhance my skills and academic studies. This internship was particularly appealing because it offered an opportunity to work with a great team in a leading cybersecurity consulting firm. I was eager to contribute to their mission of securing organizations from evolving cyber threats. I had three primary learning objectives when I started the internship:

1. To better understand third-party risk management and its importance in cybersecurity.

2. To enhance my skills in vulnerability management, mainly using Nessus, and create detailed risk assessments.

3. To gain experience ensuring compliance with cybersecurity standards such as NIST and PCI DSS.This report reflects on my experiences, the challenges and rewards of my internship, and how the internship has influenced my cybersecurity skills and future professional and academic goals.

2. Internship Overview:

Cyber Risk Beyond Control is a cybersecurity consulting firm specializing in risk management, compliance, and threat assessment. The company works with clients of all sizes. It helps organizations identify, mitigate, and manage cybersecurity risks and guides clients on how to stay in compliance with cybersecurity best practices.

Initial Orientation:

Before starting my training, I underwent an intensive two-week in-person orientation process led by Mr. Theophilus. This included an introduction to the company’s culture, policies, practices, and procedures. I was also introduced to various tools and platforms used in cybersecurity risk management, including Nessus for vulnerability scanning and Power BI for generating data reports. My supervisor, Mr. Theophilus Offei E, provided initial training on assessing third-party risks, conducting vulnerability scans, and interpreting results.

My first impression of CyberRisk Beyond Solution Inc. was its highly professional and supportive work environment. The team was welcoming, and the internship program was structured to offer substantial learning opportunities and development.

3. Management Environment.

I reported directly to Mr. Theophilus Offei E during my internship, who served as my supervisor and mentor. His leadership style was educational and engaging. He provided clear instructions, set realistic expectations, and offered constructive feedback when necessary. His approach made it easy for me to ask questions and clarify all doubts. I was nervous initially, but with time, things got better.

The company’s management structure allows for open doors and direct communication between employees and management. This environment was conducive to learning, as I received timely guidance and was given opportunities to take on responsibilities independently.

4. Work Assignments and duties.

As an intern at CyberRisk Beyond Solution Inc., I had the opportunity to work on several critical cybersecurity tasks:

1. Third-party Risk Management and Control:

While at the organization, I assisted with third-party risk assessments for existing and potential new clients. My responsibilities primarily involved obtaining and analyzing detailed information about vendors’ security practices, policies, and controls. I worked closely with various teams to evaluate and ensure that the vendors adhered to relevant standards, best practices, and regulatory requirements for cybersecurity.

An important aspect of my role and responsibility was conducting thorough assessments of vendors’ risk profiles, which included reviewing their security frameworks, data protection measures, and incident response protocols. I helped assess the potential risks associated with third-party partnerships, identifying vulnerabilities that could impact the organization’s security posture. This included evaluating vendors’ adherence to established security certifications, such as ISO 27001, SOC 2, and GDPR compliance, and their capacity to manage data securely and mitigate confidentiality, integrity, and availability risks.

Additionally, I collaborated with cross-functional teams—including legal, procurement, and IT security— to assess third-party risks from multiple perspectives, ensuring comprehensive coverage across all business units. I also assisted in implementing risk mitigation strategies, recommending contract clauses and service level agreements (SLAs) that emphasized robust security measures and outlined consequences for non-compliance or security breaches.

My work involved continuously monitoring third-party relationships to ensure ongoing compliance and risk management throughout the contract lifecycle. I helped develop reporting structures to ensure senior leadership was informed about third-party risks and provided actionable insights on effectively addressing these risks.

I developed a strong understanding of third-party risk management frameworks, risk assessment tools, and the importance of establishing solid control measures to safeguard organizational assets while working with external vendors.

B. Reviewing Cybersecurity Policies:

During my tenure at the organization, I was deeply involved in reviewing the company’s cybersecurity policy and procedure documents to ensure they were up-to-date, comprehensive, and aligned with industry standards. One of my primary tasks was to compare these documents against the company’s established review template, a process that ensured consistency, compliance, and accuracy across all cybersecurity protocols.

In my role, I meticulously examined each policy and procedure to assess its relevance and effectiveness in mitigating potential security risks. This included verifying that the policies addressed critical areas like access control, data protection, incident response, network security, and employee awareness training. I ensured these documents were consistent in structure and language and aligned with internal standards and external regulatory requirements, such as GDPR, HIPAA, and ISO 27001.

Additionally, I worked with key stakeholders, including the legal, compliance, and IT security teams, to confirm that policies reflected any updates to regulations, industry best practices, and emerging threats. I assisted in identifying any gaps or outdated procedures and recommended revisions where necessary to strengthen the company’s overall security posture.

A significant part of the review process was ensuring the policies were practical and actionable. I evaluated whether the procedures outlined were clear, enforceable, and communicated effectively across the organization so that employees at all levels would understand their role in protecting company assets and data. I also ensured that the policies supported the company’s risk management framework, integrating seamlessly with other internal processes like incident management, business continuity planning, and data governance.

I gained a deeper and a better understanding of the intricacies of cybersecurity governance and the importance of clear, well-structured policy documents in establishing a security culture. My contributions helped ensure the company’s cybersecurity policies complied with legal and regulatory obligations and effectively safeguarded against evolving cyber threats.

C. Security awareness and training program

As part of the organization’s ongoing efforts to strengthen its cybersecurity posture, I actively contributed to developing the monthly Security Awareness and Training Program. My primary responsibility was to research and analyze various social engineering tactics commonly used by adversaries to target organizations and incorporate this information into the training content. This was crucial in ensuring employees and clients understood the evolving nature of cybersecurity threats and were equipped to respond to and recognize potential attacks.

I focused heavily on identifying and understanding social engineering techniques, particularly phishing attacks, among the most damaging and common cyber threats. I researched standard phishing methods, such as spear phishing, whaling, and vishing, and developed detailed content illustrating how these tactics could exploit human vulnerabilities within the organization. I crafted real-world examples and case studies highlighting how adversaries manipulate individuals and systems to gain unauthorized access to sensitive and important data, systems, or networks.

A significant part of my work was creating interactive learning modules and training materials, which included step-by-step guides on identifying phishing emails, malicious attachments, and suspicious phone calls. I also designed quizzes and knowledge checks to reinforce key concepts and ensure employees could apply their learning in real-life scenarios. These case studies were tailored to reflect the specific risks employees and clients might face, using examples to enhance engagement and understanding.

In addition to phishing, I helped develop content around other social engineering methods, such as pretexting, baiting, and tailgating. I educated participants on how attackers could use deceptive tactics to gain unauthorized access to physical and digital resources.

I worked closely with the HR and IT departments to ensure the training program was rolled out consistently across the organization, tracking participation and feedback to improve the content continuously. By helping to increase awareness and vigilance, the program aimed to reduce the likelihood of successful attacks by empowering employees and clients to recognize and respond to threats and breaches promptly and effectively.

My role in researching, creating, and promoting this program contributed significantly to the organization’s proactive approach to cybersecurity. By focusing on human factors and fostering a security culture, the training program aimed to build a more resilient workforce that could effectively defend against social engineering and other cyber threats.

C. Vulnerability Management:

 I was actively involved in the organization’s vulnerability management process. I played a key part in analyzing Nessus scanning reports to identify and acknowledge vulnerabilities and potential weaknesses in the company’s IT infrastructure. The vulnerability management process was critical to maintaining the security and safety of our systems and ensuring that no compromises were made in our overall security posture.

My primary responsibility was to review the results of regular vulnerability scans conducted using Nessus, a widely trusted network scanning tool. These scans provided comprehensive reports on security weaknesses across the company’s environment, including misconfigurations, outdated software versions, missing patches, and exposure to known vulnerabilities. I thoroughly analyzed these reports to prioritize vulnerabilities based on their potential impact on the business, considering factors such as the severity of the vulnerability, the criticality of the affected system, and the potential for exploitation.

Once vulnerabilities were identified, I meticulously documented them in the company’s risk register, ensuring that all relevant information—such as the affected system, severity score, recommended remediation actions, and associated risks—was captured accurately. This was crucial for maintaining a structured and well-documented record of the company’s vulnerabilities, which could be used for tracking, reporting, and prioritizing mitigation efforts.

A significant aspect of my work was collaborating with the IT and system administration teams to ensure the timely remediation of identified vulnerabilities. I assisted in verifying the application of patches and updates, conducting additional scans to confirm vulnerability resolution, and ensuring that all remediation actions adhered to internal policies and industry best practices. I also worked with the teams to assess any potential impact of these updates on the company’s systems, ensuring no operational disruptions occurred due to patching or configuration changes.

Beyond remediation, I also helped ensure continuous vulnerability management. I regularly monitored the threat landscape for emerging vulnerabilities and collaborated with other departments to update scanning protocols and vulnerability management policies. This proactive approach helped reduce the attack surface and prevent the potential exploitation of newly discovered vulnerabilities.

My efforts in vulnerability management played a crucial role in maintaining the company’s security posture without compromise or shortcuts. By focusing on a thorough, systematic process of identifying, documenting, and addressing vulnerabilities, l helped reduce cyberattacks while safeguarding sensitive company data. This also ensured compliance with industry standards and regulations, often requiring organizations to maintain up-to-date security measures and respond promptly to vulnerabilities.

E. Data Quality Checks and Power BI Reporting:

As part of my role, I was actively involved in ensuring the correctness and integrity of the data used in third-party risk assessments. One of my key responsibilities was performing data quality checks to validate the information collected from various vendors, ensuring it was accurate and consistent with industry standards. These checks involved verifying the completeness of the data, ensuring that all required fields were filled, and identifying any discrepancies or inconsistencies in the information provided. This was crucial for maintaining the reliability of the risk assessments and ensuring that they could be used to make informed, data-driven decisions.I worked with the team to develop standardized data validation procedures to streamline the process. I created checklists to ensure that all key elements of the risk assessments were consistently reviewed. I also coordinated with internal and external stakeholders to address any missing or incorrect data and ensured that the necessary corrections were made promptly. This attention to detail helped to minimize errors and provided a firm foundation for analysis.

In addition to the data quality checks, I utilized Power BI to create interactive reports and dashboards that provided key insights into third-party risk levels and potential security threats. I worked closely with the risk management and cybersecurity teams to understand the key metrics and data points critical to assessing third-party risks. Connecting Power BI to various data sources allowed me to analyze and virtualize risk data from multiple perspectives, providing stakeholders with clear, actionable insights into the organization’s security posture.

Using Power BI’s powerful data visualization capabilities, I designed dynamic reports that highlighted high-risk vendors, identified trends in security vulnerabilities, and tracked the status of remediation efforts. These reports allowed leadership and other departments to monitor risk levels easily, understand potential security threats, and make data-driven decisions to mitigate risks associated with third-party relationships. The dashboards provided real-time updates, enabling teams to track progress and quickly identify emerging risks or gaps in the security landscape.

The Power BI reports also helped communicate complex risk data in an intuitive and accessible way. My team and I presented the data using a combination of graphs charts, and tables, ensuring that it was easy to digest for technical and non-technical stakeholders. This facilitated better decision-making and helped prioritize resources toward addressing the highest-risk vendors and potential threats.

My contributions in performing data quality checks and utilizing Power BI to generate insightful reports were essential in supporting the organization’s risk management efforts. By ensuring that the data was accurate and actionable, I helped the company better understand its third-party risk landscape, allowing for more proactive measures to safeguard its security and minimize potential threats.

F. Compliance with Regulatory Requirements:

An essential aspect of my team’s role was ensuring compliance with information security standards, such as PCI DSS, NIST, and ISO/IEC 27001. The company’s unwavering commitment to meeting regulatory requirements was evident in every task and accomplishment. This dedication not only instilled a sense of security and trust in the company’s operations but also gave me valuable insight into the importance of regulatory compliance in cybersecurity. Moreover, ISO/IEC 27001 evaluates the company’s processes against these standards.

5. Application of Cybersecurity Skills:

Before my internship, I gained a foundational knowledge of cybersecurity concepts, including risk management, compliance frameworks, and vulnerability assessment tools, through academic studies and certifications. While this theoretical knowledge was valuable, the internship gave me the unique opportunity to apply these skills in real-world scenarios, bridging the gap between classroom learning and practical experience.

One example of how I applied my cybersecurity knowledge was through hands-on involvement in risk management processes. I assisted in identifying and assessing potential risks associated with third-party vendors. This allowed me to leverage my understanding of risk assessment frameworks to evaluate vendor security practices and document potential risks in the organization’s risk register. Using real-world data, I gained insights into how organizations prioritize risks, implement mitigation strategies, and monitor risk levels over time.

Regarding compliance frameworks, my internship experience gave me a deeper understanding of how organizations implement standards like NIST, PCI DSS, and ISO/IEC 27001. For example, I participated in audits and assessments, comparing the company’s policies and procedures against these frameworks to identify gaps in compliance. I was also involved in ensuring that documentation and security controls were aligned with regulatory requirements, allowing me to understand how compliance is maintained in a dynamic business environment. This practical exposure gave me a comprehensive view of how companies maintain cybersecurity resilience while complying with industry regulations.

Additionally, I gained hands-on experience with vulnerability assessment tools, particularly Nessus, during my internship. I applied my theoretical knowledge of scanning and vulnerability management by running vulnerability scans across the company’s systems, interpreting the results, and working with teams to remediate identified weaknesses. I became familiar with prioritizing vulnerabilities based on their severity and potential impact, contributing directly to the organization’s ongoing vulnerability management efforts. This experience was particularly valuable, as it allowed me to see how the theoretical concepts of risk management and vulnerability assessments were executed in real time to protect the organization’s assets.I also applied my knowledge of cybersecurity policy review by assisting in evaluating and revising the company’s security policies and procedures. This involved comparing existing documents to industry standards and ensuring consistency, accuracy, and compliance. By reviewing these documents, I gained much knowledge of the practical challenges organizations face in developing comprehensive and actionable policies across all levels of the business.

Overall, my internship experience enabled me to apply and expand upon the cybersecurity concepts I had learned in an academic setting. The opportunity to work on real-world projects and collaborate with seasoned professionals provided me with invaluable skills and insights that I can use to further my career in cybersecurity. It allowed me to see firsthand how security is implemented at every level of an organization, from risk assessment to compliance to vulnerability management. It gave me a deeper understanding of cybersecurity as integral to protecting organizational assets in an ever-evolving threat landscape.

6. Vulnerability Management:

During my internship, I applied my theoretical knowledge of vulnerability management tools, particularly Nessus, in a practical, hands-on environment. While I was initially familiar with Nessus from my academic studies, my internship allowed me to gain real-world experience in running vulnerability scans, interpreting results, and actively contributing to the organization’s overall security posture.My responsibilities included running regular vulnerability scans using Nessus across various systems and networks within the organization. These scans provided a comprehensive view of potential security weaknesses, including outdated software, misconfigurations, and unpatched vulnerabilities. I carefully reviewed the scan results to identify vulnerabilities and assess their severity based on the Common Vulnerability Scoring System (CVSS) and the potential impact on the organization’s operations and data security.

In addition to identifying vulnerabilities, I gained experience in documenting them in a risk register. This involved capturing essential details such as the affected system, the specific vulnerability, the associated risk level and recommended remediation actions. I prioritized each vulnerability based on its severity and potential exploitability, allowing the organization to address the most critical issues first. This risk register became an important tool for tracking the status of vulnerabilities, from identification through to remediation and verification. Throughout the process, I worked closely with other departments, including IT, network security, and system administration, to ensure that vulnerabilities were adequately addressed. l assisted in communicating identified risks and collaborated with technical teams to implement necessary patches, configurations, or other mitigations. Once vulnerabilities were remediated, I reverted scans to verify that the fixes were adequate and that no new vulnerabilities had been introduced.

This hands-on experience with Nessus and vulnerability management gave me a deeper understanding of cybersecurity’s technical and strategic aspects. It also reinforced the importance of proactive vulnerability management in protecting the organization’s assets from potential threats. I developed attention to detail and learned to prioritize risks and their potential impact, ensuring the company could maintain a secure and resilient IT infrastructure.

7. Compliance Frameworks:

During my internship, I gained valuable hands-on experience working with key cybersecurity compliance frameworks, including NIST, PCI DSS, and ISO/IEC 27001. While I initially understood these frameworks from a theoretical standpoint, my involvement in compliance-related tasks taught me how they are applied and integrated into a business context to manage risk, ensure security, and meet regulatory requirements.I worked closely with the compliance and risk management teams to help assess the organization’s adherence to these frameworks. This included reviewing existing policies, procedures, and controls to ensure they aligned with the requirements set forth by NIST’s Cybersecurity Framework, PCI DSS standards for payment card data protection, and ISO/IEC 27001’s Information Security Management System (ISMS) requirements. I assisted in mapping the organization’s practices to the specific controls within each framework and identifying any gaps or areas where improvements were needed.

One of my key tasks was to contribute to preparing for audits and assessments by collecting necessary documentation, evidence, and records to demonstrate compliance. I helped ensure that security controls were being implemented and followed correctly, and I collaborated with different departments to verify that all required security measures were in place. This process gave me a deep understanding of the detailed requirements of each framework, such as risk assessments, vulnerability management, access control, encryption, incident response, and more.

Through this experience, I saw firsthand how compliance frameworks provide an excellent approach to managing and protecting cybersecurity risks. I also observed the challenges businesses face when maintaining compliance, including balancing security goals with operational efficiency, addressing gaps, and ensuring continuous improvement in response to emerging threats and regulatory changes.

Furthermore, I learned how these frameworks serve as strategic and tactical tools, helping organizations meet legal and regulatory obligations while fostering a security culture. Ensuring our practices aligned with NIST, PCI DSS, and ISO/IEC 27001, the organization demonstrated due diligence to regulators and clients and strengthened its overall cybersecurity posture and resilience. Overall, my compliance framework experience taught me how cybersecurity policies and controls are structured and implemented within an organization. It reinforced the importance of ongoing vigilance and continuous improvement to ensure businesses remain compliant in a rapidly changing threat landscape.

8. Power BI Reporting: I learned to use Power BI to generate risk assessment reports, which

enhanced my data analysis and presentation skills. These experiences deepened my understanding of cybersecurity, particularly in vulnerability management and compliance.

6. ODU Curriculum Preparation:

The ODU curriculum prepared me well for my internship. Courses such as Network Security, Risk Management, and Information Security Standards gave me the foundational knowledge to succeed. Specifically, I applied concepts from my risk management course to evaluate third-party vendors and analyze vulnerabilities. However, the curriculum could have provided more depth in some areas. For instance, while I had theoretical knowledge of vulnerability management tools, I had limited hands-on experience before my internship. Learning more about tools like Nessus in the classroom could have better prepared me for tasks related to vulnerability scanning and reporting.

7. Achievement of Internship Objectives

1. Third-Party Risk Management. I successfully contributed to third-party risk assessments and learned about the tools and processes for evaluating vendor security practices. This objective was fully achieved.

2. Vulnerability Management.

Through my work with Nessus scans and risk assessments, I gained practical experience

identifying and managing vulnerabilities. I also learned how to document weaknesses in a risk register.

3: Compliance with Standards

I worked on compliance-related tasks, helping ensure that the company adhered to security standards like NIST and PCI DSS. This gave me firsthand experience with regulatory frameworks and how they are implemented in business environments, and I fulfilled this objective.

8. Motivating and Exciting Aspects.

The most exciting aspect of my internship was the opportunity to work on real-world cybersecurity problems and projects, notably creating a security awareness program. It was rewarding to contribute to educating employees about social engineering tactics, a critical area of cybersecurity.

9. Discouraging and challenging Aspects.

Another discouraging part was how complex some tasks were, mainly regarding

data analysis for third-party risk assessments. It sometimes felt overwhelming, especially when deadlines were tight. However, these challenges helped me improve my problem-solving skills.

10. Challenging Aspects

Managing the volume of important information during vulnerability

assessments were the most challenging aspect. Analyzing Nessus reports and identifying critical vulnerabilities required extraordinary attention

to detail and the ability to prioritize risks effectively.

11. Recommendations for Future Interns

Future interns should focus on strengthening their skills in vulnerability management tools like Nessus. Furthermore, Power BI. Familiarity with compliance standards (e.g., NIST, PCI DSS) is also beneficial.

Additionally, a solid understanding of social engineering tactics and security awareness training would be essential.

12. Conclusion

My internship at CyberRisk Beyond Solution Inc. was an invaluable learning experience. It gave me practical exposure to third-party risk management, vulnerability management, and cybersecurity compliance. The experience has dramatically improved my understanding of cybersecurity and influenced my approach to my remaining academic work at ODU. It has reinforced and helped my decision to pursue a career in cybersecurity, particularly in risk management and compliance. This internship has solidified my career interests and given me the confidence to pursue more specialized cybersecurity roles, particularly those involving vendor risk assessments and compliance. CyberRisk Beyond Solution Inc. is renowned for its work in helping organizations mitigate cybersecurity risks, and I wanted to be part of that process.

9. References:

1. National Institute of standards and technology. (2020). NIST Cybersecurity Framework.

NIST. Retrieved from https://www.nist.gov/cyberframework

2. ISO/IEC 27001:2013. (2013). Information Security Management Systems – Requirements.

International Organization for Standardization (ISO). Retrieved from https://www.iso.org/isoiec-

27001-information-security.html

3. PCI Security Standards Council. (2021). PCI DSS – Payment Cards Industry Data Security Standards.

Retrieved from https://www.pcisecuritystandards.org/

4. U.S. Department of Energy. (2019). NERC CIP Standards Overview. North American Electric Reliability Corporation.

5. Dewan, R. (2020). Vendor Risk Management in the Age of Digital Transformation. Journal of Cybersecurity, 6(3), 15-28. https://doi.org/10.1016/j.cyber.2020.02.003

6. CIS (Center for Internet Security). (2021). CIS Controls: Version 8. Retrieved from

https://www.cisecurity.org/controls/

7. SANS Institute. (2020). Social Engineering: The Human Element of Cybersecurity. SANS.

Retrieved from https://www.sans.org/cyber-security-courses/social-engineering/

8. Harrison, R.Zwick, J. (2019). The Impact of Phishing and Other Social Engineering Tactics on Organizational Security Awareness. International Journal of Cybersecurity, 8(2), 35-42.

https://doi.org/10.1109/ICSSEC.2019.888236

9. Tanner, M. (2018). Introduction to Vulnerability Management: Scanning, Remediation, and Reporting. Wiley Cybersecurity Series.

10. Tenable, Inc. (2021). Nessus Professional: Vulnerability Scanning and Assessment. https://www.tenable.com/products/nessus

11. Microsoft. (2020). Power BI: Data Reporting and Analysis for Security Professionals. Microsoft Corporation. Retrieved from https://powerbi.microsoft.com/

12. Kennesaw State University. (2020). Security Awareness Training: Addressing Social Engineering Attacks https://www.kennesaw.edu/

13. Gartner, Inc. (2021). Best Practices for Vulnerability and Patch Management.

https://www.gartner.com/

14. ISO/IEC 27001:2013. (2013). Information Security Management Systems – Requirements.

International Organization for Standardization (ISO). https://www.iso.org/isoiec-

27001-information-security.html

15. Eckhardt, A. (2021). Third-Party Risk Management: A Framework for Identifying and Mitigating

Cybersecurity Risks in Vendor Relationships. Springer Cybersecurity Series.

16. CyberRisk Beyond Solution Inc. (2024). Cybersecurity Policies and Procedures. Internal

Document.

17. CyberRisk Beyond Solution Inc. (2024). Monthly Security Awareness Training Program. Internal Document.

18. CyberRisk Beyond Solution Inc. (2024). Vendor Risk Management Reports and Assessments. Internal Document.

19. State of App Development in NYC: A Comprehensive Overview. https://www.nycappdevelopmentcompany.com/state-of-app-development-in-nyc-a-comprehensive-overview

10. Appendices

1. Appendix A: Vendor Risk Assessment Work doc

2. Appendix B: Cybersecurity Policy Review doc

3. Appendix C: Security Awareness Training Materials

4. Appendix D: Nessus Scanning Report doc

5. Appendix E: Power BI Risk Report doc