question archive Enterprise Cybersecurity Program “Excellent work!” says the CEO as he starts the meeting, holding up the Virtual Currency Applicability Report from your last project
Enterprise Cybersecurity Program “Excellent work!” says the CEO as he starts the meeting, holding up the Virtual Currency Applicability Report from your last project
Subject:Computer SciencePrice: Bought3
Enterprise Cybersecurity Program
“Excellent work!” says the CEO as he starts the meeting, holding up the Virtual Currency Applicability Report from your last project.
The senior leaders at the meeting, including the CIO, give you a well-deserved round of applause.
“Thanks. I enjoy my work,” is your polite response.
“I am really glad to hear that,” adds the CEO, “because we aren’t finished just yet. As proposed several weeks ago, you have one last project. I would like you to provide a roadmap, a comprehensive, corporate-wide strategic cybersecurity program.”
“Work closely with the CIO to design this program. The program should incorporate simulation, policy, and technology components. It will also need to be strategically aligned to our corporate mission, not overlooking the unique challenges we have as a global, financial institution.”
“You will need to present and defend your program to the board of directors. We look forward to your results.”
You leave the meeting and return to your office, pleased with the feedback that you have received. As you are thinking about the size and complexity of your new Enterprise Cybersecurity project, the CIO politely taps on the door.
“Got a minute?” he asks.
After congratulating you on the fine work so far, he provides a few details for the new assignment. First, the presentation for the board of directors will be in three weeks. Second, he would like you to record a five- to 10-minute oral presentation of your report to review before the full presentation to the board of directors.
That’s a quick turnaround, but you realize that your other assignments have prepared you for this latest challenge. Time to get to work.
Project 4: Enterprise Cybersecurity Program Start Here
Print Project
Transcript
This is the final project in the course. Project 4 is a culmination of the research and reports delivered in the previous three projects. It is the creation of a strategic policy framework the CEO references as the Enterprise Cybersecurity Program.
After you earn a Master's in Cybersecurity, you will likely have the opportunity to sit at the management table. As the chief information security officer in this scenario, your opinion and recent education will bring value. However, it will be critical that you possess above-average skills in presenting your material.
Based on this expectation, the final assignment will include a 12- to 15-page Enterprise Cybersecurity Program Report as well as a five- to 10-minute audio presentation for the senior leadership team. Any questions should be directed to your boss, the CIO (course instructor). With 19 steps and five assignments to deliver in the next 19 days, it is time to start on Step 1.
Competencies
Your work will be evaluated using the competencies listed below.
· 1.8: Create clear oral messages.
· 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
· 8.3: Design a cybersecurity defense framework composed of technologies and policies.
This is the final project in the course. Project 4 is a culmination of the research and reports delivered in the previous three projects. It is the creation of a strategic policy framework the CEO references as the Enterprise Cybersecurity Program.
After you earn a Master's in Cybersecurity, you will likely have the opportunity to sit at the management table. As the chief information security officer in this scenario, your opinion and recent education will bring value. However, it will be critical that you possess above-average skills in presenting your material.
Based on this expectation, the final assignment will include a 12- to 15-page Enterprise Cybersecurity Program Report as well as a five- to 10-minute audio presentation for the senior leadership team. Any questions should be directed to your boss, the CIO (course instructor). With 19 steps and five assignments to deliver in the next 19 days, it is time to start on Step 1.
Competencies
Your work will be evaluated using the competencies listed below.
· 1.8: Create clear oral messages.
· 2.5: Develop well-reasoned ideas, conclusions or decisions, checking them against relevant criteria and benchmarks.
· 8.3: Design a cybersecurity defense framework composed of technologies and policies.
Project 4: Enterprise Cybersecurity Program Step 1: Select a Framework
The first order of business in designing an enterprise cybersecurity program is to make a list of what you need to know, an inventory of the key elements to a cybersecurity framework. You will have to assess the cybersecurity posture currently taken at your financial institution. Select the framework you feel your organization is currently using.
Make notes, a paragraph or two, on the specifics of the framework to use in the next step of identifying any vulnerabilities.
Cybersecurity Frameworks
The NIST Cybersecurity Framework (NIST CSF), produced by the Department of Commerce's National Institute of Standards and Technology (NIST), provides a policy framework for private sector computer security.
Version 1.0 was published in 2014, originally aimed at specific operators of critical infrastructure. The next version is in the draft stage, with operators encouraged to comment on the proposed policy framework, which also addresses increased privacy and civil liberty concerns.
The upcoming NIST CSF 2.0 executive summary notes that cybersecurity threats to infrastructure systems can put the economy, public safety, and health at risk, and can affect "a company's bottom line … [cybersecurity risk] can harm an organization's ability to innovate and to gain and maintain customers" (NIST, 2017). The framework's "core" provides guidance in the form of cybersecurity activities, outcomes, and it references "common across critical infrastructure sectors" (NIST, 2017). The 2.0 version continues to offer advice and guidance, based on the collaboration between the government and private sector.
ISO/IEC 27001:2013 is an information security standard by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). This information security standard is a specification for an information security management system (ISMS) with "requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization," according to the ISO's website. The standard also includes requirements for the assessment and treatment of information security risks (ISO, 2013). The goal is for organizations to meet this standard and securely pass a compliance "audit" by an independent accreditation body.
The standard places emphasis on organization "controls" to respond to security incidents. Such important controls include: information security policies; organization of information security; human resource security controls that are applied before, during, or after employment; asset management; access control; cryptography; physical and environmental security; operations security; communications security; system acquisition, development and maintenance; information security incident management; and compliance with internal requirements, such as policies, and with external requirements, such as laws (ISO, 2013).
