Waiting for answer This question has not been answered yet. You can hire a professional tutor to get the answer.

QUESTION

Project 4: Enterprise Cybersecurity Program Start Here Transcript This is the final project in the course. Project 4 is a culmination of the research and reports delivered in the previous three projec

Project 4: Enterprise Cybersecurity Program

Start Here

Transcript

This is the final project in the course. Project 4 is a culmination of the research and reports delivered in the previous three projects. It is the creation of a strategic policy framework the CEO references as the Enterprise Cybersecurity Program.

After you earn a Master's in Cybersecurity, you will likely have the opportunity to sit at the management table. As the chief information security officer in this scenario, your opinion and recent education will bring value. However, it will be critical that you possess above-average skills in presenting your material.

Based on this expectation, the final assignment will include a 12- to 15-page Enterprise Cybersecurity Program Report as well as a five- to 10-minute audio presentation for the senior leadership team. Any questions should be directed to your boss, the CIO (course instructor). With 19 steps and five assignments to deliver in the next 19 days, it is time to start on Step 1.

Competencies

Your work will be evaluated using the competencies listed below.

• 1.8: Create clear oral messages.

• 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.

• 8.3: Design a cybersecurity defense framework composed of technologies and policies.

Step 1: Select a Framework

The first order of business in designing an enterprise cybersecurity program is to make a list of what you need to know, an inventory of the key elements to a cybersecurity framework. You will have to assess the cybersecurity posture currently taken at your financial institution. Select the framework you feel your organization is currently using.

Make notes, a paragraph or two, on the specifics of the framework to use in the next step of identifying any vulnerabilities.

Step 2: Identify Current Vulnerabilities

The cybersecurity framework selected in the previous step is only a structure or blueprint of possible solutions. Specific solutions, application, and implementation within a given framework are industry-driven. For example, in response to the credit card fraud in the retail industry, the bank card industry adopted the chip-and-PIN standard for credit cards.

Based on your knowledge of the current state of cyber attack vectors and the notes made in the previous step, create a list of vulnerabilities and how to address them within the chosen framework. Identify both technical and policy options to improve the defense posture of the institution. Add this list to your notes from the previous step. You will use this work in the next step of the project.

Step 3: Prioritize the Vulnerabilities

Now that you have selected a defense framework and identified the type of cyber attack vectors to which your organization may be vulnerable, rank the cybersecurity vulnerability from both a probability of occurrence and financial impact on operations perspective. As you are ranking the vulnerabilities, make notes on your decision process. These notes will come in handy in the next step, where you will design a specific defense for your enterprise.

Step 4: Evaluate the Framework

Review the notes taken regarding which framework should be used and the prioritized vulnerabilities. Thoroughly state the existing framework being applied by your organization. Break down both technology and policy components of the framework and how they complement each other to produce the optimum framework. Consider what works well, what could be improved, and vulnerabilities that are not currently being addressed.

You will build upon this evaluation in the next step.

Step 5: Propose a Framework

Using the framework evaluation from the previous step, identify potential improvements or solutions to missing elements for your financial services organization. The improvements or solutions you identify in this step will be used to design your organization's framework in a future step.

Submit your Framework Enhancement Proposal for evaluation.

Submission for Project 4: Framework Enhancement Proposal

Previous submissions

0

Drop files here, or click below.

Step 6: Design a Framework

Using notes from previous steps, design and describe an enterprise cybersecurity framework specific to your organization. You should create a comprehensive framework covering all aspects of the previous steps in both technology and policy. Fully explain the baseline framework and why it was selected, demonstrate a thorough knowledge of cybersecurity vulnerability that the framework addresses, and use the rankings to explain recommended enhancements to the framework.

In the next step, you will begin to compose your report on the framework.

Step 7: Compose the Framework Report

The Framework Report should be two to three pages, explaining the enhanced cybersecurity framework that will serve as the foundation for the final Enterprise Cybersecurity Program Report. Include your proposal for framework improvements and solutions as an appendix. Submit the completed Defense Framework Report for feedback before moving to the next step, in which you will design a simulation for employees.

Submission for Project 4: Cybersecurity Framework Report

Previous submissions

0

Drop files here, or click below.

Step 8: Design a Simulation Experience

Now that the design of the cybersecurity framework for your organization is complete, it's time to begin to develop the specific elements needed for the enterprise cybersecurity program. The best plan is one that can reveal points of possible failure, providing an opportunity for adjustment ahead of time. It is also beneficial for the enterprise to practice implementation of the framework in such a way that the response is timely and with minimal error.

Using the Cybersecurity Framework Report and feedback received, design a cybersecurity simulation program for key employees to hone their responses to potential cyberattacks. The design of any training program will consider the following elements:

• training objectives

• audience

• scenario types

• simulation types

• timeframe

• cost

• evaluation

Compile your ideas from this step to create a simulation program design document in the next step.

Step 9: Compose the Simulation Program Design

The Simulation Design Template will assist you in molding your ideas from the last step into a Simulation Program Design. Follow the instructions on the template and submit it for feedback.

Submission for Project 4: Simulation Program Design

Previous submissions

0

Drop files here, or click below.

Add Files

In the next step, you will begin to consider policy improvements to support your framework.

Step 10: Evaluate for Policy Improvements

The previous steps dealt with the element of practice in an enterprise cybersecurity program. In this step, turn your attention to policy. Using notes taken in earlier steps as well as the Defense Framework Enhancement Proposal and the Cybersecurity Framework Report, compile a list of the policies that will best support the cybersecurity framework.

As the CISO, you will be expected to consider both strategic foresight leadership and strategic alignment to core business functions when reviewing cybersecurity policies. Include potential policy improvements or solutions to missing elements for your financial services organization. Note positives and negatives of aspects of each policy. The next step will build upon this work.

Step 11: Compose the Cybersecurity Policy Report

Using the evaluation of policy improvements in the previous step, as well as the Defense Framework Enhancement Proposal and the Cybersecurity Framework Report, create a brief, one- to two-page description of how these policy solutions should be incorporated into the given framework. The description should thoroughly analyze the positives and negatives of all policy aspects of the foundational framework.

Submit the Cybersecurity Policy Report for feedback before moving onto the next step. Integrate feedback into this report to be used in the development of the final Enterprise Cybersecurity Program Report.

Submission for Project 4: Cybersecurity Policy Report

Previous submissions

0

Drop files here, or click below.

Step 12: Evaluate Current Cybersecurity Technologies

You have incorporated both simulation and policy into the design of the enhanced enterprise cybersecurity program. The final element is to consider the NIST Cybersecurity Framework. Using the Defense Framework Enhancement Proposal and the Defense Framework Report, compile a list of cybersecurity technologies suggested for various cyber attack vectors. Look at whether these technologies are appropriate and current. The next step will build upon this work.

Step 13: Compose the Cybersecurity Technology Report

Using the evaluation of current technologies in the previous step, as well as the Defense Framework Enhancement Proposal and the Cybersecurity Framework Report, create a brief, one- to two-page description of how these technologies should be incorporated into the given defense framework.

Submit the Cybersecurity Technology Report for feedback before moving to the next step. Integrate feedback into this report to be used in the development of the final Enterprise Cybersecurity Program Report.

Submission for Project 4: Cybersecurity Technology Report

Previous submissions

0

Drop files here, or click below.

Step 14: Design the Enterprise Cybersecurity Program

Based upon all of the reports submitted thus far, as well as feedback received, design the enterprise cybersecurity program. Begin with the enhanced defense framework as a foundation to your cybersecurity program design. Included in the design should be the three program components of simulation, policy, and technology. Finally, the program design should incorporate strategic foresight leadership and strategic alignment to core business functions.

You will include the cybersecurity program design as a section in the final Enterprise Cybersecurity Program Report to the board of directors.

In the next step, you will check the credibility of your resources.

Step 15: Incorporate Credible Support

In order to thoroughly explain why each concept is important, you may need to support your statements with scholarly references. A large part of the final result should be a focus on policies and procedures that should be implemented to leverage the technology, not just depend on the technology to provide maximum cybersecurity defense capabilities. Scan and make note of resources to support your statements in your report. In the next step, you will compile the report.

Step 16: Compile the Enterprise Cybersecurity Program Report

Throughout this project, you have completed all of the pieces critical to an enterprise cybersecurity program. Use the Enterprise Cybersecurity Program Report Instructions to help compile the work into a comprehensive report. This report will document and explain the components of the new cybersecurity program you have designed for the organization. The report will also support your program design. This report will accompany your oral presentation to the board of directors. Use this report in the next several steps to prepare the presentation.

Step 17: Write Presentation Script

Use the Enterprise Cybersecurity Program Report completed in the previous step to prepare your oral presentation to the board of directors. Write the presentation by first outlining the key points to be covered during the presentation.

Remember that there will be nontechnical executives in the audience to whom you will have to sell your program. You will have five to 10 minutes to present your findings, help the executive leaders understand why the program will work, and why it is a good investment for the institution. You will practice and record the presentation in the next step.

Step 18: Record the Presentation

Now that you have written your presentation script, you will need to prepare for the presentation through review and practice. Review your presentation for clarity, making sure the board of directors will understand your proposed cybersecurity program, why it will work, and why it is a good investment for the institution.

Once you are satisfied with the script, practice reading through it two or three times, timing yourself to make sure you are within the five- to 10-minute range. After you are satisfied with your delivery, record the presentation. The type of device that you will use to make your recording will determine how you will record the audio file. Refer to the documentation for your specific device for more information. Once you are ready to move forward, record your oral presentation in MP3 format.

Step 19: Submit the Enterprise Cybersecurity Program Report and Oral Presentation

Congratulations on designing a solid enterprise cybersecurity program for your organization! Submit your Enterprise Cybersecurity Program Report and Oral Presentation files to the CIO.

Check Your Evaluation Criteria

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.

• 1.8: Create clear oral messages.

• 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.

• 8.3: Design a cybersecurity defense framework composed of technologies and policies.

Submission for Project 4: Enterprise Cybersecurity Program Report and Oral Presentation

Previous submissions

0

Drop files here, or click below.

Show more
LEARN MORE EFFECTIVELY AND GET BETTER GRADES!
Ask a Question