Reference no: EM132692782
Develop a comprehensive Cybersecurity risk management strategy/plan for a fictitious enterprise based on what you have learned so far, the textbook readings, secondary sources, and from your personal experience (if any).The guidance for the assignment follows:
Cybersecurity Risk Management Strategy/Plan
Assignment: You will develop a comprehensive cybersecurity risk management strategy for a new enterprise, which was established in March 2020 (literally during the outbreak of the COVID pandemic).
You may consider the following attributes as your basis for the development of your strategies.
It's a consultancy firm in the area of business and finance and have had offices in Ankara, Tallinn, and Ulaanbaatar - with the headquarter in Richmond, VA.
The firm started its operation in March 2020 (during the COVID outbreak)
2000+ employees
Users in Ankara and Ulannbaatar are authenticated through a domain controller hosted on-premise in their respective data center (which is on the same building), whereas user's in Tallinn and Richmond are authenticated to Microsoft Azure Active Directory (AD) infrastructure hosted in Microsoft's Azure cloud.
User's in Ankara, Tallinn, and Ulannbaatar are using on-premise exchange server for email management as opposed to Microsoft O356 - as in the case with Richmond users'
80% of employees have little awareness on Cyber security and its associated risks Project Presentation Due 11/18/2020
Splunk Free is the Security information and event management (SIEM) software which all locations use.
Each location has their own Configuration Control Board (CCB) and there is no centralized repository to track hardware/software inventory.
Neither vulnerability management, nor incident response plan is formulated.
The Help Desk is in Richmond so that all users from Tallinn, Ankara, and Ulaanbaatar has to contact them for their technical issues. At times, when there is an outage on their corporate email platform (outlook), they communicate with Help Desk team in Richmond through public email domains/services, say, Gmail
GOAL: Develop a comprehensive risk management strategy so as to implement defense-in-depth in all locations. Provide a fictitious name to your project. Feel free to add different attributes which you deem is necessary to beef-up the overall security posture of the enterprise in question - as part of your risk management strategy
RULES:
Your cybersecurity strategy/plan must be attainable and yet realistic
SUBMISSION: Word/PowerPoint/Video or Other means which:
Introduction
Outlines your strategy/plan
Identifies actual and potential issues/cyber risks
Discusses the severity level of the cyber risks
Mitigation/remediation strategies
Conclusion