Reference no: EM132847270
ISYS1003 Cybersecurity Management - Southern Cross University
Assignment - Initial CISO Report (Preliminary Cybersecurity Risk Assessment and Strategic Planning)
Requirements:
A. Carefully read the Case Study scenario document. You may use information provided in the case study but do not simply just copy and paste information. This will result in poor grades. Well researched and high-quality external content will be necessary for you to succeed in this assignment.
B. Develop your initial CISO report for your new employer and organisation (‘Norman Joe'). You should read the case study and consider very carefully the type of organisation, the sector and all other details provided in the case study.
Tasks:
1. State clearly the difference between the roles of management and leadership
within Norman Joe, related to security.
i. Consider the responses in the case study document, which type of leadership do you expect Norman Joe to have? State clear reasons for your decision.
ii. What are the roles of management? Briefly outline what Norman Joe's security management team should do.
2. Develop a strategic plan for Norman Joe.
i. This should begin with:
• Mission Statement
• Vision Statement
• Values Statement
ii. This plan should then include the following:
• The strategic security goals for Norman Joe using best practice and industry standards.
• Information Security governance processes using best practice and industry standards.
• Asset identification and classification strategy (Note: you do not need to necessarily know the organisation's list of assets to do this
exercise, use an industry standard approach to classify assets using general categories)
iii. Be sure to include details indicating how this plan can be used protect the information assets that will be held by Norman Joe.
3. A detailed statement of the expected threats and vulnerabilities for ‘Norman Joe' the retailer, with clear reasons justifying your inclusions of these threats and vulnerabilities.
• As part of a preliminary threat modelling exercise to present to ‘the board' of the company, use the Mitre Att&ck Framework and Navigator based on one of the attack examples (Social engineering, ransomware or DDoS). Tables and screenshots may assist you, though you will have to explain your assessment process.
• Include what Mitre Att&ck Framework techniques and sub- techniques may be used in the attack.
4. Propose the security personnel required and their roles within Norman Joe (e.g., a security hierarchy for Norman Joe's Australian organisation
i. Include any security training requirements for the company.
5. A cybersecurity project management plan for Norman Joe. Be sure to include:
i. The security processes that you expect to be managed and how you might manage the roll-out.
ii. An outline of the proposed structure for this management process.
iii. Project management tools will assist you (e.g., Gantt chart).
Attachment:- Initial CISO Report.rar