Enterprise Cybersecurity Program Transcript
“Excellent work!” says the CEO as he starts the meeting, holding up the Virtual Currency Applicability Report from your last project. The senior leaders at the meeting, including the CIO, give you a well-deserved round of applause.
“Thanks. I enjoy my work,” is your polite response.
“I am really glad to hear that,” adds the CEO, “because we aren’t finished just yet. As proposed several weeks ago, you have one last project. I would like you to provide a roadmap, a comprehensive, corporate-wide strategic cybersecurity program.”
“Work closely with the CIO to design this program. The program should incorporate simulation, policy, and technology components. It will also need to be strategically aligned to our corporate mission, not overlooking the unique challenges we have as a global, financial institution.”
“You will need to present and defend your program to the board of directors. We look forward to your results.”
You leave the meeting and return to your office, pleased with the feedback that you have received. As you are thinking about the size and complexity of your new Enterprise Cybersecurity project, the CIO politely taps on the door.
“Got a minute?” he asks.
After congratulating you on the fine work so far, he provides a few details for the new assignment. First, the presentation for the board of directors will be in three weeks. Second, he would like you to record a five- to 10-minute oral presentation of your report to review before the full presentation to the board of directors.
That’s a quick turnaround, but you realize that your other assignments have prepared you for this latest challenge. Time to get to work.
This is the final project in the course. Project 4 is a culmination of the research and reports delivered in the previous three projects. It is the creation of a strategic policy framework the CEO references as the Enterprise Cybersecurity Program.
After you earn a Master’s in Cybersecurity, you will likely have the opportunity to sit at the management table. As the chief information security officer in this scenario, your opinion and recent education will bring value. However, it will be critical that you possess above-average skills in presenting your material.
Based on this expectation, the final assignment will include a 12- to 15-page Enterprise Cybersecurity Program Report as well as a five- to 10-minute audio presentation for the senior leadership team. Any questions should be directed to your boss, the CIO (course instructor). With 19 steps and five assignments to deliver in the next 19 days, it is time to start on Step 1.
The first order of business in designing an enterprise cybersecurity program is to make a list of what you need to know, an inventory of the key elements to a cybersecurity framework. You will have to assess the cybersecurity posture currently taken at your financial institution. Select the framework you feel your organization is currently using.
Make notes, a paragraph or two, on the specifics of the framework to use in the next step of identifying any vulnerabilities.
The cybersecurity framework selected in the previous step is only a structure or blueprint of possible solutions. Specific solutions, application, and implementation within a given framework are industry-driven. For example, in response to the credit card fraud in the retail industry, the bank card industry adopted the chip-and-PIN standard for credit cards.
Based on your knowledge of the current state of vectors of cyberattacks and the notes made in the previous step, create a list of vulnerabilities and how to address them within the chosen framework. Identify both technical and policy options to improve the defense posture of the institution. Add this list to your notes from the previous step. You will use this work in the next step of the project.
Now that you have selected a defense framework and identified the type of cyberattacks to which your organization may be vulnerable, rank the cybersecurity vulnerability from both a probability of occurrence and financial impact on operations perspective. As you are ranking the vulnerabilities, make notes on your decision process. These notes will come in handy in the next step, where you will design a specific defense for your enterprise.
Review the notes taken regarding which framework should be used and the prioritized vulnerabilities. Thoroughly state the existing framework being applied by your organization. Break down both technology and policy components of the framework and how they complement each other to produce the optimum framework. Consider what works well, what could be improved, and vulnerabilities that are not currently being addressed.
You will build upon this evaluation in the next step.
Using the framework evaluation from the previous step, identify potential improvements or solutions to missing elements for your financial services organization. The improvements or solutions you identify in this step will be used to design your organization’s framework in a future step.
Submit your Framework Enhancement Proposal for evaluation.
Using notes from previous steps, design and describe an enterprise cybersecurity framework specific to your organization. You should create a comprehensive framework covering all aspects of the previous steps in both technology and policy. Fully explain the baseline framework and why it was selected, demonstrate a thorough knowledge of cybersecurity vulnerability that the framework addresses, and use the rankings to explain recommended enhancements to the framework.
In the next step, you will begin to compose your report on the framework.
The Framework Report should be two to three pages, explaining the enhanced cybersecurity framework that will serve as the foundation for the final Enterprise Cybersecurity Program Report. Include your proposal for framework improvements and solutions as an appendix. Submit the completed Defense Framework Report for feedback before moving to the next step, in which you will design a simulation for employees.
Now that the design of the cybersecurity framework for your organization is complete, it’s time to begin to develop the specific elements needed for the enterprise cybersecurity program. The best plan is one that can reveal points of possible failure, providing an opportunity for adjustment ahead of time. It is also beneficial for the enterprise to practice implementation of the framework in such a way that the response is timely and with minimal error.
Using the Cybersecurity Framework Report and feedback received, design a cybersecurity simulation program for key employees to hone their responses to potential cyberattacks. The design of any training program will consider the following elements:
Compile your ideas from this step to create a simulation program design document in the next step.
The Simulation Design Template will assist you in molding your ideas from the last step into a Simulation Program Design. Follow the instructions on the template and submit it for feedback.
The previous steps dealt with the element of practice in an enterprise cybersecurity program. In this step, turn your attention to policy. Using notes taken in earlier steps as well as the Defense Framework Enhancement Proposal and the Cybersecurity Framework Report, compile a list of the policies that will best support the cybersecurity framework.
As the CISO, you will be expected to consider both strategic foresight leadership and strategic alignment to core business functions when reviewing cybersecurity policies. Include potential policy improvements or solutions to missing elements for your financial services organization. Note positives and negatives of aspects of each policy. The next step will build upon this work.
Using the evaluation of policy improvements in the previous step, as well as the Defense Framework Enhancement Proposal and the Cybersecurity Framework Report, create a brief, one- to two-page description of how these policy solutions should be incorporated into the given framework. The description should thoroughly analyze the positives and negatives of all policy aspects of the foundational framework.
Submit the Cybersecurity Policy Report for feedback before moving onto the next step. Integrate feedback into this report to be used in the development of the final Enterprise Cybersecurity Program Report.
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we\'ll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.