1. Introduction (Complete after Unit 1)
Introduce your report and summarize what you will be entailing. Introduce the topics that will be covered in the report: Executive Cybersecurity Leadership, Cybersecurity Policy and Planning, Security Control Assessment, Privacy Compliance, Cybersecurity Workforce Management, Systems Security Management, Incident Response, and Secure Project Management.
Describe the importance and role of leadership in cybersecurity.
2. Executive Cybersecurity Leadership (Complete after Unit 1)
Make recommendations on how cybersecurity executives can influence organizational strategy, culture, and resilience against cyber threats. Research and analyze case studies and examples of effective cybersecurity leadership.
3. Cybersecurity Policy and Planning (Complete after Unit 2)
As a small business owner with a mission of supporting services for the health, energy, and finance sectors, you want to begin to create a strategic plan that aligns the National Cybersecurity Strategic Plan and the CISA FY2024-2026 Cybersecurity Strategic Plan.
For the first phase of this plan, you need at least two goals with corresponding and appropriate objectives that will support your over mission. List and describe the goals and objectives. Also, describe how they align with National and CISA cybersecurity strategic plans.
Review existing policy templates from this content from this week and select at least 5 policies you would start to develop to support your business. Justify why you selected these policies and how they would help mitigate risks and possible threats.
4. Security Control Assessment (Complete after Unit 3)
Using resources that include cybersecurity risk management best practices, and the implementation of appropriate security and privacy controls answer the following questions.
Note, since this is a fictional company, you will need to respond based on best practices and recommendations. When responding, be sure to reference and/or justify your answer.
1. What are the greatest cybersecurity threats to your organization?
2. What cybersecurity threat information does your organization receive?
a. What cyber threat information is most useful?
b. How is information disseminated across your organization and by whom?
c. What actions would your organization take following an alert like the one presented in the scenario?
3. Has your organization conducted a risk assessment to identify specific cyber threats, vulnerabilities, and critical assets?
a. What information technology (IT) systems or processes are the most critical to your organization?
b. Describe your organization’s asset management plan and how you prioritize critical assets.
c. What improvements have been implemented to enhance cyber resilience following recent risk assessments?
d. Does your organization have a vulnerability management program dedicated to mitigating known exploited vulnerabilities in internet-facing systems?
4. How does your organization mitigate insider threats? Does your organization have an insider threat management program?
a. What are some behavioral indicators of an insider threat?
b. What type of training do employees at your organization receive on identifying a potential insider threat?
5. Describe your organization’s cybersecurity training program for employees.
a. How often are employees required to complete this training?
b. Is training required during employee onboarding before granting system/network access?
c. What additional training is required for employees who have system administrator-level privileges?
d. What type of training methods or approaches have you found most beneficial?
6. How does your organization prevent the disclosure of PII?
7. What are your organization’s processes and procedures to revoke system access when an employee resigns or is terminated?
a. Are there any additional processes implemented if the employee’s termination is contentious?
b. Does your organization retrieve all information system-related property (e.g., authentication key, system administration's handbook/manual, keys, identification cards, etc.) during the employment termination/off boarding process?
8. How often are your cybersecurity plans, policies, and procedures externally reviewed or audited?
a. What were the most recent results and action items that followed?
9. What training does your cybersecurity incident response team undergo to detect, analyze, and report malicious activity?
10. As a leader in your organization what cybersecurity resilience goals have you set?
5. Privacy Compliance (Complete after Unit 4)
According to the Department of Defense, A Privacy Impact Assessment (PIA) , “is an analysis of how personally identifiable information is collected, used, shared, and maintained. The purpose of a PIA is to demonstrate that program managers and system owners consciously incorporated privacy protections throughout the development life cycle of a system or program. PIAs are required by the E-Government Act of 2002, which was enacted by Congress in order to improve the management and promotion of Federal electronic government services and processes. PIAs allow us to communicate more clearly with the public about how we handle information, including how we address privacy concerns and safeguard information.” (ref: https://dpcld.defense.gov/Privacy/Privacy-Impact-Assessment/)
A template from the Department of Homeland Security and DD Form 2930 are used to document the impact on privacy for a given system. Assuming the role of a privacy compliance officer, you have been tasked to complete some of the sections of DD Form 2930. Specifically, you need to complete section II – PII Risk Review.
The system being documented is a new Privacy awareness training application that allows a user to login using their Common Access Card, complete some training and then save the date and personal information of the user who completed the training. The data saved includes the DoD ID Numbers, Full name, Data of Birth, Work Email address, and official duty address.
The information being collected has been determined to be PII and at moderate confidentiality risk.
Your Cybersecurity team is working to secure the data using technical, physical and administrative controls. However, they are short-staffed and won’t be able to implement all of the controls. When completing the form, consider the most appropriate and effective controls to limit risk. Justify your selection in this document. Also, justify how cybersecurity best practices must include privacy compliance. Summarize the importance of GDPR and other privacy-related compliance frameworks while recommending strategies for maintaining compliance while enhancing data protection measures.
Attach the DD Form 2930 with section II completed as part of your submission.
Be sure to list all references used.
6. Cybersecurity Workforce Management (Complete after Unit 5)
Continuity of operations plans (COOPs) include technical aspects of dealing with impactful business disruptions such as natural disasters, war, cyber-attacks and more. Planning for a major disruption in service minimizes the impact and overall downtime of Enterprise IT assets.
In this section you will provide best practices for a COOP specifically aimed at a ransomware attack for a large federal organization in the Energy sector. Using the CISA Best Practices for COOP (Handling Destructive Malware) and other internet and library resources dedicated to preventing and restoring ransomware attacks, list and describe the best practices.
To align the task with workforce management, recommend responsible parties (e.g. CISO, Cybersecurity Analyst, Software Developer, System Administrator…) that would lead and be a part of the COOP efforts. Be sure to include training activities that each job role would need to fulfill their duties. Discuss cyber awareness and role-specific training options and recommended frequency for completing the training.
Highlight the importance of regular and updated cybersecurity training to retain both technical and maintain an excellent cyber hygiene for a company or organization.
Be sure to list all references used.
7. Systems Security Management (Complete after Unit 6)
Discuss methodologies for managing systems security throughout their lifecycle. Research and analyze lifecycle models such as the Microsoft Security Development Lifecyle, Agile, DevOps and others to illustrate effective system security management strategies.
Recommend an approach or model to adopt for your company that integrates security into system development and maintenance processes. Consider selecting tasks and examples listed in the Secure Software Development Framework (SSDF) Version 1.1 and SDL practices listed in the Security Development Lifecycle (SDL) Practices document.
8. Incident Response (Complete after Unit 7)
Draft the major components of an incident response plan for a public organization of your choice. The mission, strategies, goals, leadership structure and other details about most public organizations can be revealed by searching for this information.
The incident response plan should be 3-5 pages and include the following sections:
· Organization Mission
· Organization Strategies and goals
· Incident Response Leadership – structure and organization of the incident response capability
· Organizational approach to incident response – Best practices the organization will implement as part of the incident response program.
· Defines reportable incidents – A list and brief description of incidents that will be reported and their severity (High, moderate, Low)
· Internal and External communication overview – How the incident response team will communicate with the rest of the organization and with other organizations
· Key Performance Indicators (KPI) – Metrics for measuring the incident response capability and its effectiveness
9. Conclusion (Complete after Unit 7)
Summarize key findings and recommendations across all topics studied for this course. Reinforce the significance of continuous improvement and adaptation in cybersecurity practices. Be sure to include the importance of effective leadership in managing and governing an enterprise cybersecurity program at a company or organization.
10. References (Add after each Unit)
Provide a comprehensive list of sources, including academic literature, industry reports, case studies, and regulatory documents. Ensure all sources are properly cited in the report.
11. Appendices (Add after each Unit, as needed)
Include supplementary materials such as detailed case studies, additional analyses, or supporting data.