Reference no: EM132185337
Question: The importance of cybersecurity governance as a fundamental aspect of protecting an organization's information systems
1. Unit 1 focused on various leadership roles and their respective responsibilities in implementing an effective cybersecurity governance plan. Consider the leadership roles (CEO, CSO/CIO, and Program Managers) in Sony organization and their responsibilities in implementing the organization's cybersecurity strategy:
- Explain the Sony's organization's governing structure, and its approach to cybersecurity. you may extrapolate the formal roles from the data available and contrast this with what was observed.
- Based on your substantiation above, recommend changes that should be implemented and, if applicable, propose a new cybersecurity leadership plan that addresses it Sony's shortcomings.
- (Approx. 300-400 words)
2. Unit 2 of this module described the management processes organizations should consider when developing a cybersecurity governance plan.
? Evaluate why the management processes utilized by Sony were insufficient to ensure good cybersecurity governance; and
? Based on your substantiation above, recommend management processes that would have addressed Sony's shortcomings in implementing a cybersecurity governance plan and should be adhered to going forward.
(Approx. 300-400 words)
3. Unit 3 focuses on the importance of keeping an organization's cybersecurity awareness updated. To do so, think of types of Cybersecurity awareness training that are available and the topics that should ideally be included in training programs. In your answer, address the following:
- If relevant, identify any cybersecurity awareness programs or practices utilized by Sony.
- Based on your substantiation above, provide an outline of a cybersecurity awareness program you would suggest for Sony.
Your outline of the training program should cover the following three aspects:
1. The type of security awareness training (classroom or online);
2. The topics included in the training program;
3. The target audience; and
4. The roles and responsibilities of those responsible for executing the training program.
Each aspect should be accompanied by reasons for your choices based on the organization's context and needs.
(Approx. 300-400 words)
Note: The word counts for each question serve as a guide; your submission should not exceed 1,200 words in its entirety.