Summer 2023

ESRP 9000 Professor

Linda Gaughan

ESRP 9001 Professor

Linda Gaughan

Executive Summary

The primary objective of this strategic research project was to emphasize the necessity of analyzing and addressing the internal and external factors affecting Bank of America. As one of the largest and most prominent financial institutions globally, the bank faces significant cybersecurity risks in today's digital landscape. The banking industry, being reliant on digital technologies for operations and customer interactions, is highly susceptible to cyber threats that aim to exploit vulnerabilities to gain unauthorized access to sensitive information or disrupt services. A comprehensive analysis of both internal and external factors using a SWOT analysis approach revealed a pivotal challenge confronting the Institute—namely, the requirement for intentional efforts against mitigating ongoing cyber-attacks. To address this threat, the implementation of training focused on enhancing the awareness and knowledge base of employees was selected as the preferred solution among four alternatives, following a thorough examination of relevant literature that gauged the potential impact of each alternative approach. After assessing strategies using the Quantitative Strategic Planning Matrix (QSPM) tool, implementing comprehensive training modules was selected, as it attained the highest total attractiveness score (TAS) of 6.0. This score reflects its level of appeal and desirability considering both internal and external factors. Subsequently, an action plan was devised to outline the necessary steps for the successful implementation of this chosen strategy. These steps encompass various key actions: (a) conducting a thorough needs assessment and gap analysis, (b) the development and customization of the cybersecurity training curriculum, (c) delivery and engagement of the training program, and (d) continuous monitoring and evaluation of the training module effectiveness. While the examined literature endorsed enhancing employee awareness and knowledge base of cybersecurity paired with a comprehensive training module, challenges emerged in effectively assessing the training effectiveness. Hence, it is proposed that a continuous monitoring and evaluation process be established to gauge the effects of the training module on enhancing cybersecurity knowledge and awareness. This comprehensive tracking mechanism would encompass the magnitude of improvements in efficacy, proficiency, and engagement levels. Given the support derived from the literature reviewed in this strategic research project, there is a robust foundation to endorse the integration of this recommendation into the operational framework of Bank of America, especially as the organization progresses through the execution of the various recommended action steps.

Document Type

Strategic Research Project-NSU Access Only

Degree Name

Doctor of Education (EdD)


Abraham S. Fischler College of Education