Objective • Develop a Cybersecurity Strategic Plan.
Tasks • Your fictitious organization is a County Government which
you may create a fictitious name and
facts and/or use real data from a County and change its name.
A cyber security plan is an organisation’s written guide to follow and improve its overall risk management and defences against the on-going threat of cybercrime - and some might say the most significant threat they face. A cyber security strategy is fundamental in helping your company take a proactive approach to security instead of reacting to every new threat, which can be time consuming and expensive. Whether you have an outdated strategy in place or you are starting from scratch, you can use this guide to get started building an effective and strategic cyber security plan.This Cyber Security Strategic Plan outlines the goals and objectives of the DOE cyber security program to safeguard the DOE’s information assets and assure the confidentiality, integrity, and availability of the information vital to achieve the DOE’s missions. The details of how the Department will share information, counter new and evolving threats, and develop new methods for protecting information and information systems will be defined in the policies and in the mission-centric Senior DOE Management Program Cyber Security Plans (PCSPs).
Step 1: Lay the foundation for a sound security strategy.
First, determine what you have to protect:-Gain an understanding of the assets your company has to protect. While you cannot protect everything 100%, you can focus on what you absolutely need to protect first. Start with reviewing your business processes and understanding how revenue is generated by the company as well as what systems would have the ability to disrupt that by being unavailable or having their data stolen. You should also identify the data and other IT assets such as applications, devices, servers, and users that are critical to your business.
Identify what you’re legally required to protect:-While compliance and security aren’t the same thing, most organizations put the responsibility of maintaining compliance or security compliance frameworks on the CISO. Incompliance is costly and damaging to your business. Ensuring you design your strategic cyber security plan with required compliance frameworks in mind while help ensure your plan prioritizes legal requirements.
Understand your company’s risk appetite:-Before you begin developing a cyber security strategy, understand your organization’s risk appetite, or the total risk your organization is prepared to accept in pursuit of its strategic objectives. (Tweet this!) Risk appetites differ depending on your company’s financial strength, industry, objectives being pursued, and more. The cyber security strategic plan that works for a startup likely won’t work for a large, established corporation. By understanding your company’s risk appetite, you can ensure you’re not over- or under-protecting your business.
Step 2: Get to know the threat landscape.
Once you know what you need to protect, you need to analyze the threat landscape. To do that, you’ll need to first understand the environment in which your company operates. Who are your customers? What are you selling? Who would benefit from disrupting your business? The answers to these questions help you become more familiar with the general environment.You’ll also want to look at what is happening with your competitors. What threats do they face? Has their security been breached in the past? The threats your competitors are facing are almost always the same threats that may impact your business.Finally, understand the types of threats that your business needs to protect itself against. What types of resources do potential attackers have? What are their motivations for shutting you down? Knowing these answers will give you the upper hand in defending your business against these threats.
Step 3: Build your strategic cyber security plan.
To build your plan, you need to pick a framework to use. Options include CIS Controls, ISO, and NIST. It’s important to choose a framework so you can effectively track progress while prioritizing the most important steps. For instance, the CIS Controls provide you with a set of prioritized actions to protect your organization and the order in which you should take these actions. This allows you to track progress so that you know where you are in the process and what you still have to do.When you know what needs to be protected from a processes and risk management point of view, evaluate the effectiveness of your current security measures. Are you protecting the right assets? Do you currently have the right processes in place for compliance?You’ll also need to decide on a timeline, which will depend on the current state of your security. Things will change over time, requiring occasional updates to the timeline. However, it’s important to have a target timeline in mind to get to what your organization considers an acceptable level of risk. With a two- or three-year plan, you’ll need to spend the first year focused on IT hygiene while addressing the greatest or most-likely-to-be-exploited risks.Evaluate your company’s security maturity level:-Using either in-house staff or an outside consultant, evaluate your organization’s security maturity level. The concept of security maturity refers to a company’s adherence to security best practices and processes; measuring it helps you identify gaps and areas for improvement. Whether you do this analysis yourself or hire a consultant, make sure the process is repeatable. That way, when you check your security maturity in the future, you’ll have a benchmark with which to compare the results.
Step 4: Evaluate your organization’s ability to execute the plan.
The final step in the process of developing a cyber security strategy is assessing your organization’s ability to get the necessary security work done. You’ll need to take a look at your current IT and security teams to understand their skill sets and bandwidth. If you don’t have the resources you need, you may need to plan to hire additional team members or outsource some of your security work in order to execute your strategic cyber security plan.
Objective • Develop a Cybersecurity Strategic Plan. Tasks • Your fictitious organization is a County...
you will be building a Communication Plan for the CDC Organization. you will develop a plan for communicating your goals. You will need to concentrate on the following elements: Who are your stakeholders? What information do they need? Do all stakeholders need the same information communicated to them? What type of communication strategies should be used? Why? What communication channels will work best in your chosen organization? What type of traditional framework should be established? What type of technological framework...
A Corporate Compliance plan is necessary for any organization that uses organizational and strategic management practices. The Compliance plan is the guide that the organization will use to ensure they are meeting the mission, vision, and values statements established by the organization. Assignment Description Create a mock corporate compliance and risk management plan: You have been tasked with creating a corporate compliance and risk management plan for a small, rural public community hospital. In a minimum of 1000 words, discuss...
The Strategic Marketing Plan (Your recommendations) on Brooklyn Nets. The Plan may include various media for its effectiveness and efficiency in reaching the chosen segment(s). You should consider the following types of media even if not all of them are used for strategic or budget reasons: Traditional Print or Electronic, Direct Mail/E-mail, Digital, including Web, search, mobile, Social networks, Guerrilla marketing, events, promotions, Public Relations Questions: 1) What is the theme of your new Campaign? What would you do different?...
Strategic Plan vs. Business Continuity Plan Strategic Planning and Business Continuity and Disaster Recovery Plans are crucial in the healthcare field. These plans assist the healthcare organization in meeting its goals and vision even when the unexpected events do occur. Preparedness is important to minimize disruption and maintain patient safety and the quality of healthcare. Tasks: Using Online Library or the Internet, create a report in a Microsoft Word document that answers the following questions: Compare and contrast the goal...
From a healthcare organization perspective, develop a disaster recovery plan for either an organization or a hospital department. Include: A description of healthcare disaster issues in general and for your state. Develop a list of consequences of loss of data from a disaster (for example, risk of losing data required for patient care that can have life or death ramifications). Identify a list of minimal resources required to maintain business operations. Determine the priority for resuming business functions.
One key objective of the compliance plan in a healthcare organization is to create a secure and effective reporting process, thereby avoiding qui tam lawsuits against the facility. What is a qui tam lawsuit, and how can we avoid them? Can you envision any situation in which you yourself might file a qui tam lawsuit?
Assignment: Your organization has made a strategic decision to outsourcework currently performed in house. You have been assigned the responsibility to ensure the contracted supplier meets your organization’s requirements for supplying parts/products or services (you choose) and is a viable long-term partner. Develop a program/plan/criterion you will use to evaluate whether the supplier can meet your exacting requirements. Keep in mind, your organization is the customer in the assignment. If you are bulleting information, it is wise to elaborate on...
Strategic planning is nothing but the process by which the organization define its strategy and allocate its resources appropriately to proceed with the strategy. Strategic control is the process of controlling the formation and execution of strategic plan. Strategic control system helps in handling uncertainty and ambiguity in the control process. Strategic planning is done based on the following:- The current status of the organization in terms of profits, success, reputation, etc. • The long term goals of the organization....
New Hope Housing Strategic Plan 2013–2018: The following is a summary of the 2013–2018 strategic plan of New Hope Housing (2017), a nonprofit organization in Northern Virginia, founded in 1977, that provides shelter, transitional, and permanent housing for homeless families and single adults. Introduction New Hope Housing has demonstrated over 35 years of innovative and award-winning programs and services assisting homeless families and individuals in our northern Virginia community. Our founders saw a need and responded, opening the first homeless...
Rationale The focus of the project is to develop your database programming skills. This project will help you get a fair idea of the sales and distribution system in any organization that has a chain of Carrying and Forwarding Agents (CFAs) or super stockists and stockists. You will be able to implement database programming concepts of ADO.NET in VB.NET and ASP.NET to create a real-life, web-based database application. (VB stands for Visual Basic.) Scenario Smooth Pen, Inc., a pen manufacturing...