Cybersecurity for Leaders and Managers
Leading and Managing a Robust and Comprehensive Cybersecurity Program
Objective/Instructions:
The objective of this assignment is to prepare a comprehensive final report that integrates various aspects of cybersecurity leadership and management including cybersecurity principles, practices, and strategies in the governance of an enterprise’s cybersecurity program. Students are required to research and analyze use cases, real-world examples and existing documentation and standards to make informed recommendations and strengthen a cybersecurity program.
The report should include the following sections:
Section 1: Introduction
Introduce your report and summarize what you will be entailing. Introduce the topics that will be covered in the report: Executive Cybersecurity Leadership, Cybersecurity Policy and Planning, Security Control Assessment, Privacy Compliance, Cybersecurity Workforce Management, Systems Security Management, Incident Response, and Secure Project Management.
Section 2: Executive Cybersecurity Leadership
Describe the importance and role of leadership in cybersecurity. Provide specific examples of leadership's impact on organizational success.
Make recommendations on how cybersecurity executives can influence organizational strategy, culture,
and resilience against cyber threats.
Section 3: Case Studies and Analysis of Leadership
Research and analysis of 2 case studies that demonstrate effective cybersecurity leadership. Show clear insights on leadership's impact on organizational cybersecurity
Section 4: Cybersecurity Planning and Goals
As a small business owner with a mission of supporting services for the health, energy, and finance sectors, you want to begin to create a strategic plan that aligns the National Cybersecurity Strategic Plan and the CISA FY2024-2026 Cybersecurity Strategic Plan.
For the first phase of this plan, you need at least two goals with corresponding and appropriate objectives that will support your overall mission. List and describe the goals and objectives. Also, explain how they align with National and CISA cybersecurity strategic plans.
Section 5: Cybersecurity Policy and Justification
Review existing policy templates from this content from this week and select at least 5 policies you would start to develop to support your business. Justify why you selected these policies and how they would help mitigate risks and possible threats.
Section 6: Security Control Assessment
Tabletop exercises are often included as a critical part in preparing for cybersecurity incidents. Security controls found in the NIST Special Publication 800-53r5 specifically discuss and recommend tabletop exercises to be included as part of testing incident response, contingency and other plans. For
example, consider security control IR-3 INCIDENT RESPONSE TESTING:
Control: Test the effectiveness of the incident response capability for the system [Assignment: organization-defined frequency] using the following tests: [Assignment: organization-defined tests]. Discussion: Organizations test incident response capabilities to determine their effectiveness and identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, and simulations (parallel or full interrupt). Incident response testing can include a determination of the effects on organizational operations and assets and individuals due to incident response. The use of qualitative and quantitative data aids in determining the effectiveness of incident response processes. (CISA.gov)
Consider the following threat scenario found in CISA’s cyber insider threat situation manual.
“A disgruntled former employee takes advantage of their new position at one of your third-party vendors to exploit vulnerabilities in your systems created by a supply chain issue. An error by another employee discloses personally identifiable information (PII). “
Assume you are working as a cybersecurity manager for a medium-size company in the second year of a 50-million-dollar Department of Defense (DoD) contract award to support the Army. Your tasks are to support the growing cloud infrastructure program, but you also must support multiple off-site Windows and Linux server machines.
Using resources that include cybersecurity risk management best practices, and the implementation of appropriate security and privacy controls answer the following questions.
Note, since this is a fictional company, you will need to respond based on best practices and recommendations. When responding, be sure to reference and/or justify your answer.
1. What are the greatest cybersecurity threats to your organization?
2. What cybersecurity threat information does your organization receive?
a. What cyber threat information is most useful?
b. How is information disseminated across your organization and by whom?
c. What actions would your organization take following an alert like the one presented in the scenario?
3. Has your organization conducted a risk assessment to identify specific cyber threats, vulnerabilities, and critical assets?
a. What information technology (IT) systems or processes are the most critical to your organization?
b. Describe your organization’s asset management plan and how you prioritize critical assets.
c. What improvements have been implemented to enhance cyber resilience following recent risk assessments?
d. Does your organization have a vulnerability management program dedicated to mitigating known exploited vulnerabilities in internet-facing systems?
4. How does your organization mitigate insider threats? Does your organization have an insider threat management program?
a. What are some behavioral indicators of an insider threat?
b. What type of training do employees at your organization receive on identifying a potential insider threat?
5. Describe your organization’s cybersecurity training program for employees.
a. How often are employees required to complete this training?
b. Is training required during employee onboarding before granting system/network access?
c. What additional training is required for employees who have system administrator-level privileges?
d. What type of training methods or approaches have you found most beneficial?
6. How does your organization prevent the disclosure of PII?
7. What are your organization’s processes and procedures to revoke system access when an employee resigns or is terminated?
a. Are there any additional processes implemented if the employee’s termination is contentious?
b. Does your organization retrieve all information system-related property (e.g., authentication key, system administration's handbook/manual, keys, identification cards, etc.) during the employment termination/off boarding process?
8. How often are your cybersecurity plans, policies, and procedures externally reviewed or audited?
a. What were the most recent results and action items that followed?
9. What training does your cybersecurity incident response team undergo to detect, analyze, and report malicious activity?
10. As a leader in your organization what cybersecurity resilience goals have you set?
Links highlighted in blue:
National Cybersecurity Strategic Plan: https://www.cisa.gov/cybersecurity-strategic-plan
TabletopExcercises:https://www.cisa.gov/sites/default/files/publications/Cybersecurity-Tabletop- Exercise-Tips_508c.pdf
Security controls found in the NIST Special Publication 800-53r5: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
(CISA.gov)> https://csf.tools/reference/nist-sp-800-53/r5/ir/ir-3/
CISA’s cyber insider threat situation manual.
https://www.cisa.gov/resources-tools/resources/cybersecurity-scenarios