This framework was created to fulfill the requirements of COS 485: Cybersecurity Capstone at the University of Maine at Presque Isle. I entered UMPI in the fall of 2023 and began working as an IT Help Desk Technician through a work-study position. During my time with the campus IT Department, I gained experience in a wide range of IT-related tasks. Cybersecurity topics were my main area of interest, and I began thinking about how to apply my work and educational experiences to real-world situations.
Having lived in rural Maine all my life, I am very familiar with the small businesses and community organizations that form the backbone of our local economies and communities. Many of these organizations lack proper cybersecurity coverage, leaving them vulnerable to many of the same threats that larger enterprises can more easily mitigate. For my final capstone project, I decided to create a free and accessible framework to help these organizations achieve stronger cybersecurity coverage.
While building this framework, I drew inspiration from major industry frameworks that guide cybersecurity compliance in larger organizations. NIST SP 800-53, CIS Benchmarks, ISO 27001/27002, and Microsoft Security Compliance Toolkits all helped me clearly define the requirements necessary for a serious framework. However, I kept in mind that my framework was aimed at a less tech-savvy demographic that likely lacks dedicated IT staff. I wanted to ensure that all controls outlined in this framework could be understood by a non-technical audience. Recognizing that the target demographic often has limited budgets, I incorporated as much open-source and freeware technology as possible.
My final project consists of two parts: a paper documenting my research and development process, and a website hosting the framework itself. I went through many revisions while trying to determine the best way to present it. I ultimately settled on the four-stage process displayed on the website, with documentation expanding each stage into a comprehensive guidebook.
In keeping with modern trends, I utilized AI tools to assist in developing several aspects of the website. The templates provided for creating real-world documentation were generated using AI, with final details and refinements made at my discretion. I also used AI to help analyze real data I compiled for exhibits in certain sections of the framework, such as malware scans and phishing analysis. However, all written content in this framework, including the final paper submitted to my instructor—is my own work. The illustrations and diagrams are also my own, created using the freeware platform Draw.io.
This project has been a long journey that allowed me to delve deeply into the specific areas of cybersecurity that interest me most. Applying those interests to a project designed for real-world use helped me adopt the mindset of working in a professional information security role. I believe these insights will serve me well as I move forward in my career.
To all those viewing this website, I hope you enjoy the work and find it useful. If you are part of the target audience for this framework, I sincerely hope it provides insights and guidance to help your organization strengthen its cybersecurity posture. For experts in information security, I welcome constructive criticism and suggestions for improvement. I plan to expand and refine this framework over time, and I will be mindful of any feedback provided to me.
Shane DelMonaco
University of Maine at Presque Isle
August 2025
Final Paper
Socials
