You are the first Chief Information Security Officer (CISO) for your organization, and on your first day, you realize there are no impactful cybersecurity practices established or implemented, and decide to submit a white paper to the CEO, calling for action. Develop a project plan to stand up a brand new cybersecurity program in the form of a 10-13 page White Paper, referencing the course material, industry best practices, and NIST guidance.
Guidelines: 10-13 pages of content. In lieu of an abstract, write an executive summary. The executive summary, title page, and references page, are not included in the total. At a minimum, 10 references should be used. All cited articles, journals, books, and research, should be from credible sources and current within the last five years. Note: Wikipedia or personal blogs are not credible. Tables and graphics, if used, will count for no more than 1 page in the total. Anything more is welcome, but the space used will be deducted from the total page count. Remember that tables and graphics require in-text citations. APA formatting is required throughout – running head, page numbers, appropriate font, citations, etc.
lull vannahh10 hours ago
Content Tips: Understand the scope and value of your project. Describe the problem you are fixing by proposing this new cybersecurity program. This would include potential threat, financial loss, etc, that the organization faces due to lack of cybersecurity. Reference the NIST Cybersecurity Framework (v1.1) to build the structure of your program. This framework details each vital function of cybersecurity – Identify, Protect, Detect, Respond, and Recover – and will guide your research. Specifically, incorporate the steps detailed in section 3.2: Establishing or Improving a cybersecurity program. Keep in mind NIST is a starting point, but other resources are required (see Guidelines below). Be sure to include the following details: Include methods and best practices that satisfy each function in the framework. The categories and sub-categories offer more details for ensuring your program is robust. You do not have to list out and talk to every single sub-category; view them as data points to drive your vision. Write a security policy for your organization. The purpose of a security policy is to safeguard the confidentiality, integrity, and availability, of the organization’s systems and information. Be sure to include objectives, scope, specific goals, and consequences in the event of noncompliance. Create a team. Define roles and responsibilities of all stakeholders, including those of the CISO. Describe the access control methods you would implement for your building and network. Develop a method to track performance and report metrics.