Reference no: EM133727126
Question: Determine the cybersecurity maturity level of the organization for two assessment factors from two different domains using the statements below.
Submit a table with the domains identified that includes the following for each assessment factor:
- Baseline
- Evolving
- Intermediate
- Advanced
- Innovative
Domain 1: Cyber Risk Management and Oversight
Assessment Factor: Risk Management
Criteria: Risk Management Program
Baseline
An information security and business continuity risk management function(s) exists within the institution.
Evolving
The risk management program incorporates cyber risk identification, measurement, mitigation, monitoring, and reporting.
Management reviews and uses the results of audits to improve existing cybersecurity policies, procedures, and controls.
Management monitors moderate and high residual risk issues from the cybersecurity risk assessment until items are addressed.
Intermediate
The cybersecurity function has no clear reporting line.
The risk management program does not address cyber risks beyond the boundaries of the technological impacts.
There are no benchmarks or target performance metrics.
Management uses the results of independent audits and reviews to improve cybersecurity.
Advanced
The cybersecurity strategy outlines the institution's future state of cybersecurity with short-term and long-term perspectives.
Innovative
The cybersecurity strategy identifies and communicates the institution's role as it relates to other critical infrastructures.
Domain 2: Threat Intelligence and Collaboration
Assessment Factor: Threat Intelligence
Criteria: Threat Intelligence and Information
Baseline
The institution belongs to a threat and vulnerability information sharing source that provides information on threats.
Threat information is used to monitor threats and vulnerabilities with some compensating controls.
Threat information is used to enhance internal risk management and controls.
Evolving
Threat information received by the institution does not include analysis of tactics, patterns, and risk mitigation recommendations.
Advanced
Cyber intelligence model is used for gathering threat information.
Innovative
A threat analysis system automatically correlates threat data to specific risks and then takes risk-based automated actions while alerting management.
Your document should be no less than 4 pages long (not including the list of references), but it is the quality of the work that is important, not the number of pages. Cite and reference all sources using APA format and style guidelines and submit in a single document.
Submit a 2- to 4-page paper in APA format in which you:
- Analyze the organization's risk profile in relation to its cybersecurity maturity level.
- Use the relationship matrix provided in Table 3 (p. 9) of the Federal Financial Institutions Examination Council (2017) User's Guide
- Provide comments on your findings.
Your document should be 2-4 pages long (not including the list of references), but it is the quality of the work that is important, not the number of pages. Cite and reference all sources using APA format and style guidelines and submit in a single document.