User Account

All Pages

Discuss methodologies for managing systems security

Assignment Help Other Subject
Reference no: EM133982010

Report: Leading and Managing a Robust and Comprehensive Cybersecurity Program
Objective
The objective of this assignment is to prepare a comprehensive final report that integrates various aspects of cybersecurity leadership and management including cybersecurity principles, practices, and strategies in the governance of an enterprise's cybersecurity program. Students are required to research and analyze use cases, real-world examples and existing documentation and standards to make informed recommendations and strengthen a cybersecurity program.

Assignment Details
The final report should be between 8-12 pages, excluding appendices. It should use APA or MLA formatting guidelines for citations and references and include the following sections.

The report should include the following sections:

Section 1: Introduction (Recommend completing after Unit 1)
Introduce your report and summarize what you will be entailing. Introduce the topics that will be covered in the report: Executive Cybersecurity Leadership, Cybersecurity Policy and Planning, Security Control Assessment, Privacy Compliance, Cybersecurity Workforce Management, Systems Security Management, Incident Response, and Secure Project Management.

Section 2: Executive Cybersecurity Leadership (Recommend completing after Unit 1)
Describe the importance and role of leadership in cybersecurity. Provide specific examples of leadership's impact on organizational success.
Make recommendations on how cybersecurity executives can influence organizational strategy, culture, and resilience against cyber threats.

Section 3: Case Studies and Analysis of Leadership (Recommend completing after Unit 2)
Research and analysis of 2 case studies that demonstrate effective cybersecurity leadership. Show clear insights on leadership's impact on organizational cybersecurity

Section 4: Cybersecurity Planning and Goals (Recommend completing after Unit 3)
As a small business owner with a mission of supporting services for the health, energy, and finance sectors, you want to begin to create a strategic plan that aligns the National Cybersecurity Strategic Plan and the CISA FY2024-2026 Cybersecurity Strategic Plan.
For the first phase of this plan, you need at least two goals with corresponding and appropriate objectives that will support your overall mission. List and describe the goals and objectives. Also, explain how they align with National and CISA cybersecurity strategic plans.

Section 5: Cybersecurity Policy and Justification (Recommend completing after Unit )
Review existing policy templates from this content from this week and select at least 5 policies you would start to develop to support your business. Justify why you selected these policies and how they would help mitigate risks and possible threats.

Section 6: Security Control Assessment (Recommend completing after Unit 4)
Tabletop exercises are often included as a critical part in preparing for cybersecurity incidents.
Security controls found in the NIST Special Publication 800-53r5 specifically discuss and recommend tabletop exercises to be included as part of testing incident response, contingency and other plans. For example, consider security control IR-3 INCIDENT RESPONSE TESTING:
Control: Test the effectiveness of the incident response capability for the system [Assignment: organization-defined frequency] using the following tests: [Assignment: organization-defined tests].
Discussion: Organizations test incident response capabilities to determine their effectiveness and identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, and simulations (parallel or full interrupt). Incident response testing can include a determination of the effects on organizational operations and assets and individuals due to incident response. The use of qualitative and quantitative data aids in determining the effectiveness of incident response processes. (CISA.gov)
Consider the following threat scenario found in CISA's cyber insider threat situation manual.
"A disgruntled former employee takes advantage of their new position at one of your third-party vendors to exploit vulnerabilities in your systems created by a supply chain issue. An error by another employee discloses personally identifiable information (PII). "
Assume you are working as a cybersecurity manager for a medium-size company in the second year of a 50-million-dollar Department of Defense (DoD) contract award to support the Army. Your tasks are to support the growing cloud infrastructure program, but you also must support multiple off-site Windows and Linux server machines.
Using resources that include cybersecurity risk management best practices, and the implementation of appropriate security and privacy controls answer the following questions.
Note, since this is a fictional company, you will need to respond based on best practices and recommendations. When responding, be sure to reference and/or justify your answer.
What are the greatest cybersecurity threats to your organization?
What cybersecurity threat information does your organization receive?
What cyber threat information is most useful?
How is information disseminated across your organization and by whom?
What actions would your organization take following an alert like the one presented in the scenario?
Has your organization conducted a risk assessment to identify specific cyber threats, vulnerabilities, and critical assets?
What information technology (IT) systems or processes are the most critical to your organization?
Describe your organization's asset management plan and how you prioritize critical assets.
What improvements have been implemented to enhance cyber resilience following recent risk assessments?
Does your organization have a vulnerability management program dedicated to mitigating known exploited vulnerabilities in internet-facing systems?
How does your organization mitigate insider threats? Does your organization have an insider threat management program?
What are some behavioral indicators of an insider threat?
What type of training do employees at your organization receive on identifying a potential insider threat?
Describe your organization's cybersecurity training program for employees.
How often are employees required to complete this training?
Is training required during employee onboarding before granting system/network access?
What additional training is required for employees who have system administrator-level privileges?
What type of training methods or approaches have you found most beneficial?
How does your organization prevent the disclosure of PII?
What are your organization's processes and procedures to revoke system access when an employee resigns or is terminated?
Are there any additional processes implemented if the employee's termination is contentious?
Does your organization retrieve all information system-related property (e.g., authentication key, system administration's handbook/manual, keys, identification cards, etc.) during the employment termination/off boarding process?
How often are your cybersecurity plans, policies, and procedures externally reviewed or audited?
What were the most recent results and action items that followed?
What training does your cybersecurity incident response team undergo to detect, analyze, and report malicious activity?
As a leader in your organization what cybersecurity resilience goals have you set?
Section 7: Privacy Compliance (Complete during Unit 5)
According to the Department of Defense, A Privacy Impact Assessment (PIA) , "is an analysis of how personally identifiable information is collected, used, shared, and maintained. The purpose of a PIA is to demonstrate that program managers and system owners consciously incorporated privacy protections throughout the development life cycle of a system or program. PIAs are required by the E-Government Act of 2002, which was enacted by Congress in order to improve the management and promotion of Federal electronic government services and processes. PIAs allow us to communicate more clearly with the public about how we handle information, including how we address privacy concerns and safeguard information." (Defense.gov)
A template from the Department of Homeland Security and DD Form 2930 is used to document the impact on privacy for a given system. Assuming the role of a privacy compliance officer, you have been tasked to complete some of the sections of DD Form 2930. Specifically, you need to complete section II - PII Risk Review.
Complete the DD Form 2930, Section II, with thorough, detailed responses, including appropriate and effective controls to mitigate PII risks, justified with best practices. Maximize your scores with our expert assignment help - get help now! 
Section 8: Privacy Compliance and Best Practice (Complete during Unit 5)
Cybersecurity best practices must be complemented by strong privacy compliance to ensure data protection and legal accountability. As part of your PIA documentation, you are also responsible for demonstrating awareness of major privacy frameworks and recommending measures to maintain compliance.
Explain how cybersecurity best practices integrate with privacy compliance to protect user data within the Privacy Awareness Training Application. Summarize the importance of GDPR, U.S. federal privacy laws, and other applicable industry compliance frameworks (e.g., Privacy Act of 1974, HIPAA, or state-level privacy laws).
Section 9: COOP Best Practices (Recommend completing after Unit 6)
Continuity of operations plans (COOPs) include technical aspects of dealing with impactful business disruptions such as natural disasters, war, cyber-attacks and more. Planning for a major disruption in service minimizes the impact and overall downtime of Enterprise IT assets.
In this section you will provide best practices for a COOP specifically aimed at a ransomware attack for a large federal organization in the Energy sector. Using the CISA Best Practices for COOP (Handling Destructive Malware) and other internet and library resources dedicated to preventing and restoring ransomware attacks, list and describe the best practices.
Section 10: Training and Cyber Awareness Justification (Recommend completing after Unit 6)
To align the task with workforce management, recommend responsible parties (e.g. CISO, Cybersecurity Analyst, Software Developer, System Administrator...) that would lead and be a part of the COOP efforts.
Explain the training activities that each job role would need to fulfill their duties. Discuss cyber awareness and role-specific training options and recommended frequency for completing the training.
Highlight the importance of regular and updated cybersecurity training to retain both technical and maintain an excellent cyber hygiene for a company or organization.
Section 11: Systems Security Management Methodologies (Recommend completing after Unit 6)
Discuss methodologies for managing systems security throughout their lifecycle. Research and analyze lifecycle models such as the Microsoft Security Development Lifecyle, Agile, DevOps and others to illustrate effective system security management strategies.
Recommend an approach or model to adopt for your company that integrates security into system development and maintenance processes. Consider selecting tasks and examples listed in the Secure Software Development Framework (SSDF) Version 1.1 and SDL practices listed in the Security Development Lifecycle (SDL) Practices document.
Section 12: Incident Response Plan Components (Complete during Unit 7)
Draft the major components of an incident response plan for a public organization of your choice. The mission, strategies, goals, leadership structure and other details about most public organizations can be revealed by searching for this information.
The incident response plan should be 3-5 pages and include the following sections:
Organization Mission
Organization Strategies and goals
Incident Response Leadership - structure and organization of the incident response capability
Organizational approach to incident response - Best practices the organization will implement as part of the incident response program.
Defines reportable incidents - A list and brief description of incidents that will be reported and their severity (High, moderate, Low)
Internal and External communication overview - How the incident response team will communicate with the rest of the organization and with other organizations
Key Performance Indicators (KPI) - Metrics for measuring the incident response capability and its effectiveness
Section 13: Conclusion (Complete during Unit 7)
Summarize key findings and recommendations across all topics studied for this course. Reinforce the significance of continuous improvement and adaptation in cybersecurity practices. Be sure to include the importance of effective leadership in managing and governing an enterprise cybersecurity program at a company or organization

Reference no: EM133982010

Questions Cloud

Identify the primary functions and interdependencies : Identify the primary functions and interdependencies and Identify and explain at least three significant threats to the sector
What is the amount of marens bargain element : Eighteen months later, she sold all of the shares for $25 per share. What is the amount of Maren's bargain element?
How will you justify the budget with details of activities : How will you Justify the budget with details of activities and associated spending to convince the funding agency?
How much gain will maren recognize on the sale of the shares : How much gain will Maren recognize on the sale of the shares and how much tax will she pay assuming her marginal tax rate is 37 percent?
Discuss methodologies for managing systems security : Discuss methodologies for managing systems security throughout their lifecycle. Research and analyze lifecycle models such as the Microsoft Security Development
What is the amount of toms income or loss on the sale : Tom held the shares for a little more than three years and sold them when the market price was $13. What is the amount of Tom's income or loss on the sale?
How is pert diagram useful in a project management : How is PERT diagram useful in a project management? Show a PERT diagram for construction project. What is Work package in project management.
Diagnosed with insulin dependent : Twenty-one-year-old female professional violinist, Bethany, was diagnosed with insulin dependent Type 1 Diabetes Mellitus nine months ago.
Create a working prototype of your homepage : Create a working prototype of your homepage and one other page using a design prototyping software of your choice - you should focus on usability

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd