Prepare A Short Presentation For One Of The Company's Brown ✓ Solved

Posted on December 13, 2025

Prepare a short presentation for one of the company's Brown Bag Lunch

Prepare a short presentation for one of the company's Brown Bag Lunch training events. This ten-minute session targets business professionals who use IT daily at a high level; focus on meeting their information needs from internal business units supported by the IT department. Anticipate questions for a 10-minute Q&A. Choose one article: 1) Selecting the Right Cloud Operating Model: Privacy and Data Security in the Cloud 2) Understanding Managed Services (benefits of Managed IT Services) 3) Shadow IT: Mitigating Security Risks. After reading the article, prepare slides (talking points) with speaker notes highlighting key information and why Padgett-Beale employees should care. Make the presentation relevant by integrating Padgett-Beale’s business operations (company profile, weekly descriptions, and course readings). At least one slide must address cybersecurity issues arising from your chosen article, using CSCU textbooks and other course readings. Include a title slide, a slide with the article title and publication information, content slides, and a summary slide (8–12 slides total). End with a Q&A slide and a backup slide with additional resources. Each slide must have speaker notes (at least one paragraph). Write in business-appropriate language. Use UMGC Office 365 to create the slide deck. Read supplementary readings for additional information relevant to your chosen article.

Paper For Above Instructions

Introduction

The assigned task is to develop a concise, business-facing slide deck for a Brown Bag Lunch event in the company’s IT department. The target audience consists of professionals who interact with information technology in routine business activities but who require high-level, practical guidance rather than deep technical detail. The chosen article will frame the presentation content, with a focus on translating technical concepts into actionable insights for Padgett-Beale’s internal customers. This paper outlines the approach to selecting the article, structuring the slides, addressing cybersecurity concerns, and aligning the content with Padgett-Beale’s operational context. Throughout, the discussion references established information security frameworks and industry practices to ensure that the deck is credible and useful for decision-makers and practitioners alike (NIST SP 800-53 Rev. 5; ENISA Threat Landscape; ISO/IEC 27001).

Article Choice and Rationale

For this presentation, the article chosen is Shadow IT: Mitigating Security Risks. Shadow IT refers to information technology systems, applications, and services used inside an organization without explicit organizational approval. This phenomenon can create blind spots in security, privacy, data governance, and compliance if unmanaged (OWASP Top 10, 2021). The rationale for selecting this topic is twofold: first, it directly impacts internal business units that rely on fast, often informal, IT solutions to stay productive; second, it highlights governance and cybersecurity considerations that are especially relevant to Padgett-Beale’s operations, where data protection and vendor risk management are ongoing priorities (NIST SP 800-53 Rev. 5; CSA Guidance). Integrating this topic with Padgett-Beale’s business profile aligns the talk with real-world decision-making, improves the audience’s information literacy, and provides concrete steps for risk reduction (ENISA Threat Landscape, 2023).

Audience relevance is enhanced by emphasizing practical actions such as discovering shadow IT usage, assessing risk levels of unsanctioned apps, and implementing governance controls that balance innovation with security. As with other recommended topics (cloud operating models and managed services), the Shadow IT discussion complements Padgett-Beale’s ongoing digital transformation and cloud adoption efforts, while underscoring cybersecurity considerations that require cross-functional collaboration (NIST 800-53; ISO/IEC 27001).

Key citations underpinning this rationale include guidance on cloud security and risk management (NIST SP 800-53 Rev. 5; CSA), cloud definitions (NIST SP 800-145), and threat landscape analyses (ENISA). These references support the claim that unmanaged IT can undermine data integrity, confidentiality, and regulatory compliance if left unchecked (OWASP Top 10, 2021).

Padgett-Beale Context and Relevance

Padgett-Beale’s corporate profile and weekly descriptions indicate a mid-market organization navigating digital tools to support business operations. The presentation should translate technical risk into business language that executives and business line managers can act upon. For example, a slide on Shadow IT might include a risk map (high, medium, low) tied to data sensitivity, regulatory exposure, and operational impact. The content should also address cybersecurity concerns pertinent to internal processes—such as data leakage, credential hygiene, and cloud misuse—by drawing on CSCU textbook material and other course readings. The aim is to show how governance, policy, and technical controls work together to reduce risk without stifling productive user autonomy (NIST SP 800-53 Rev. 5; OWASP Top 10).

Slide Structure and Speaker Notes

The presentation should be 8–12 slides, including a title slide, an article information slide, content slides, a summary slide, a Q&A slide, and a backup/resources slide. Each slide requires speaker notes with at least one paragraph. The following structure is recommended:

Title slide: "Shadow IT: Mitigating Security Risks" with publication information.
Article information slide: brief bibliographic details (author, year, publication venue).
Context and business relevance slide: how shadow IT manifests in Padgett-Beale’s environment.
Risk landscape slide: categories of risk (data leakage, non-compliant data handling, shadow apps) and illustrative examples.
Cybersecurity controls slide: technical and policy measures (discovery tools, approval workflows, SSO, DLP, app whitelisting).
Governance and policy slide: roles and responsibilities, governance framework, and escalation paths.
Vendor and data risk management slide: third-party risk processes and due diligence.
Cyber incident response considerations slide: how to respond to shadow IT incidents.
Summary slide: key takeaways and action items.
Q&A slide: anticipated questions and succinct answers.
Backup/resources slide: additional references and tools for further exploration.

Speaker notes should translate each slide’s content into actionable talking points, avoiding excessive jargon while maintaining business-appropriate language. Emphasize practical steps Padgett-Beale can take, such as implementing an application discovery process, clarifying sanctioned tool lists, and creating a risk-based approval workflow for new software purchases.

Cybersecurity Issues and Considerations

The chosen article’s focus on Shadow IT requires acknowledging several cybersecurity concerns. Unapproved applications can bypass centralized security controls, create data governance gaps, and introduce malware or data leakage risks. A robust discussion should cover:

Data leakage and privacy exposure from unsanctioned apps (data in transit and at rest, data classification, and data loss prevention constraints).
Access management risks, including weak authentication, credential reuse, and insufficient auditing of shadow apps.
Inconsistent patching and vulnerability management for non-sanctioned software, increasing the attack surface.
Regulatory and contractual implications of unmanaged data processing and cross-border data flows.
Potential supply chain risks from third-party shadow IT apps and services.

To mitigate these issues, the deck should cite established controls such as asset inventory, continuous monitoring, access controls (principle of least privilege), encryption, and incident response planning. The discussion should connect these controls to recognized standards and best practices (NIST SP 800-53 Rev. 5; ISO/IEC 27001; OWASP Top 10). Additionally, the presentation should highlight enterprise-ready approaches—like sanctioned SaaS catalogs, automated discovery tools, and governance processes—that align with Padgett-Beale’s business operations (CSA guidance on cloud security; ENISA threat insights).

In-text references throughout this section reflect established frameworks and best practices, underscoring the need for a structured response to Shadow IT (NIST SP 800-53 Rev. 5; ENISA Threat Landscape; OWASP Top 10; CSA Guidance).

Implementation Guidance and Recommendations

Effective mitigation of Shadow IT relies on a balanced approach that preserves user agility while enforcing security. Key recommendations include:

Inventory and visibility: deploy an application discovery program to identify sanctioned and unsanctioned apps in use across the organization (NIST SP 800-53 Rev. 5; ENISA).
Policy and governance: codify acceptable-use policies, require approvals for new SaaS apps, and implement a formal governance process for IT purchases (ISO/IEC 27001; NIST SP 800-53).
Access and data protection: enforce least-privilege access, MFA, and encryption for data in transit and at rest; implement DLP across sanctioned tools (OWASP Top 10; NIST SP 800-53).
Application risk management: establish an approved SaaS catalog, vet vendors, and require security posture assessments for new tools (CSA Guidance; ISO/IEC 27002).
Technology enablers: use SSO and centralized monitoring to reduce risk without hindering productivity; integrate security tools with the cloud environment (NIST 800-53; CSA).
Training and awareness: educate employees about cybersecurity risks associated with shadow IT and provide channels for sanctioned tool requests (ENISA; OWASP).

The proposed actions are designed to help Padgett-Beale maintain business agility while strengthening security controls in line with recognized standards and best practices (NIST SP 800-53 Rev. 5; ISO/IEC 27001; ENISA; OWASP).

Conclusion

The Shadow IT topic offers a timely and practical lens through which to view cybersecurity in a business context. By selecting this topic and tailoring the content to Padgett-Beale’s operations, the presentation can illuminate real-world risks and actionable mitigations. The slide deck should balance high-level business language with concrete steps—emphasizing visibility, governance, data protection, and vendor management—so that business professionals leave with a clear understanding of how to reduce risk without stifling innovation. Aligning the content with established frameworks such as NIST SP 800-53 Rev. 5, ISO/IEC 27001, CSA Guidance, and OWASP Top 10 ensures credibility and facilitates ongoing governance in Padgett-Beale’s IT environment.

References

Note: The references below are provided to support the content and in-text citations used in this paper. They reflect widely recognized standards, guidelines, and industry resources relevant to cloud security, governance, and Shadow IT.

NIST. (2020). NIST SP 800-53 Rev. 5: Security and Privacy Controls for Information Systems and Organizations. National Institute of Standards and Technology.
NIST. (2020). NIST SP 800-171 Rev. 2: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations. National Institute of Standards and Technology.
Mell, P., & Grance, T. (2011). The NIST Definition of Cloud Computing (NIST SP 800-145).
Cloud Security Alliance (CSA). (2019). Security Guidance for Critical Areas of Focus in Cloud Computing v4.0.
ISO/IEC. (2013). ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements.
ISO/IEC. (2013). ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls.
ENISA. (2023). Threat Landscape 2023: An Overview of Cyber Threats and Trends.
OWASP. (2021). OWASP Top 10 – 2021: The Most Critical Web Application Security Risks.
SANS Institute. (2019). Shadow IT: The Security Challenge and How to Manage It.
Rittinghouse, J., & Ransome, D. (2016). Cloud Computing: Implementation, Management, and Security. CRC Press.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.