Reference no: EM133255351

Description

You are a security advisor to a medium-sized company in the financial industry. In recent months, they have a willingness to increase their level of resilience, especially regarding their capability to respond appropriately to a detected cybersecurity incident. Regarding their responsiveness, they have confirmed to you that:

• They have documented an information security response plan that is updated frequently
• The internal roles and responsibilities regarding this plan are clear
• With the last incidents that involved third party service provider, there was some confusion as to who from the service provider should be contacted to manage the incident
• They also had some difficulty in obtaining data from detection systems and analyzing it to determine what as the cause of the incident 
• However, once the incident was understood, they had good capabilities to prevent the expansion and mitigate the effects of the incident

The CEO of the company would like you to assess their posture regarding the Respond function with the NIST Cyber Security Framework that was suggested by the board of directors.

Provide 3 recommendations to the CEO, considering the information provided above.   

For each recommendation, provide a reference to a specific category or subcategory of the NIST CSF.

Learning outcomes being met through this assessment

• Apply the NIST CSF to a given context

Steps to complete the assignment

1. Read the description of the assignment in this document.  
2. Use the NIST CSF
3. Identify and document 3 recommendations and their references to the NIST CSF
4. For each recommendation, provide an explanation of how the company should go about implementing your recommendation.