Reference no: EM133671158
Homework: Cyber
Part I
Attention: Microsoft Project is RECOMMENDED for this task. Microsoft Project may be downloaded for free from the University (not available for MacBooks). The instructions for downloading MS Project may be found under "Course Resources" and "Student Success Guide". If you have problems with the instructions, contact Technical Support for assistance. Alternatively, the homework may be completed using Microsoft Excel by creating the GANTT chart in a worksheet (required for MacBook users).
Part A
Develop a 1- to 2-page matrix using the Homework Template that identifies 5-7 key components in creating a security portfolio.
Part B
One of the tools you will use in project management is Microsoft Project. As a CISO, you may not be the person who actively creates the project in Microsoft Project, but you will need to be aware of what this tool is used for in planning projects with regard to time, resources, and budget constraints.
Read the following scenario:
The CISO manages a portfolio for a company that operates in the emergency response sector. One of the projects in the portfolio is the establishment of an emergency response center starting from a single cold site so as to eventually establish a 30-station network.
Using the Gantt chart view in Microsoft Project, create a task list/work breakdown structure. Create one task "Stand up Cold Site." All other tasks are subtasks under this one. Using Project-Project Information, input the Start date as today's date for the Project (do not input any other dates for any tasks). Under this task, create subtasks with logical dependencies for the following:
1) Obtain physical site
2) Coordinate installation of power, communications, and temperature control
3) Install office furniture
4) Install computer hardware
5) Configure software
6) Restore data
7) Assign employees to the site
Add resources to subtasks as follows:
1) Do NOT enter durations, estimated times, constraints, due dates, etc.
2) Input only human resources. Use made-up personnel names and use names of departments or groups where it is reasonable (e.g., information system group, power installation group, system software installation group, security group, etc.).
3) Assign them to tasks.
4) Be sure to assign people to all tasks.
5) Do not worry about people who are over-assigned.
6) Do not assign percent of units, costs, hourly wages, etc.
Part II
Part A
You are a newly hired CISO for the largest student loan company in the United States. Recently, the company launched a new online lending self-service platform targeted at working adults worldwide.
The new platform replaces an out-of-date lending system based on emails for processing loan applications. The online platform will be hosted in a multi-tenant data center and managed by outsourced IT staff. However, the security will be monitored by your internal security team.
Recently, the project has been delayed because of unanswered security concerns about how the company will protect the financial information of job applicants and future students. Your boss has asked you to provide project management to get things get back on track.
Soon after joining the project team, you are asked by the board of directors to illustrate an information security program development model that will be used to secure the new online platform and to provide a project plan for future security assessment activities to measure the security effectiveness of the online platform. They also would like to know how you will categorize resource planning for security monitoring of the online platform so they can make a more informed decision on how best to invest into areas of the company to improve overall security.
Create a 16 slide Microsoft PowerPoint media-rich presentation that includes an introduction slide, conclusion slides , and references slides for the board of directors. Your presentation should:
1) Outline project management.
2) Describe how to use 3 key areas of an information security program development model of your choice.
3) Categorize resource planning for security monitoring of the online platform.
4) Identify the categories of resource planning, and illustrate how stakeholders, personnel, and technology will be used.
Part B
Using the Homework Template, create a 1 to 2 pages Security Assessment Plan worksheet for two activities. Explain how these activities will measure security effectiveness. In the space below the table, describe how you would implement this plan in Microsoft Project.
References and a "Cover Sheet" with your name on it are required for all homeworks.
Part III
Scenario: You have just successfully implemented an online platform at your company. The system has been in production for 6 months processing student loan applications and accepting credit card payments for books and course fees.
The IT director has been asked by the board of directors (BOD) to build a network operations center (NOC) to provide 24/7 support to customers and internal staff. The IT director begins assembling the team who will design and implement a NOC and asks you to lead the development of a security operations center (SOC) to handle security incidents that the organization may encounter. Since the internal security team already monitors security for the online loan processing platform, it's expected that developing a SOC is the next logistical step in maturing the security of the organization.
You are asked by the IT director to create a project charter and include a project scoping statement for the SOC project with a primary focus on how the SOC will comply with the various industry and government information security regulations. The IT director also points out that you need to outline how you plan to manage scheduling, cost, teams, and the quality of the project.
Part A
Using the Homework Template, complete a 2 to 3 pages project charter. Develop a clear and understandable project scoping statement as it relates to the scenario.
Part B
Write a 2 to 3 pages plan in which you:
1) Describe the purpose of a project charter.
2) Outline how the triple constraints can affect a project.
3) Identify at least 3 model project management phases and describe the purpose of each phase.
4) Select one approach to manage scheduling, cost, teams, and quality of a project specifying the use of Microsoft Project or another tool.
5) Propose how you plan to resolve personnel and teamwork issues as they arise.
Part IV
Scenario: As the CISO, you have overseen the security operations center (SOC) implementation and your team has successfully handled a variety of security incidents. The buzz around the company is that the new SOC is friendly and quick to solve incoming requests. However, the NOC implementation has slowed because of project delays and concerns about budget overrun.
One afternoon the chief financial officer (CFO) turned on her computer and opened an email from someone she knew. After she clicked a suspicious web link, the computer screen suddenly went dark then green text began to fill up the screen saying the computer files had been encrypted. The CFO called the help desk, and the SOC responded immediately.
You later learned that your CFO was attacked by a new ransomware attack named Petya. The next morning the CFO called you into her office to explain that the board of directors has called an emergency meeting for next week to discuss the impact of the cyberattack and to learn more about how the NOC and SOC are designed to protect the company and its customers from security incidents like ransomware. She has asked you to prepare for a meeting with the board.
Part A
Develop a 14 to 16 slides Microsoft PowerPoint presentation in which you:
1) Illustrate the information security portfolio hierarchy and the SOC functions that support the company's overall security program. The illustration should include at least three SOC functions.
2) Describe how security operations processes, policies, and procedures are integrated into SOC functions.
3) Explain how you will assess the security effectiveness of the SOC.
4) Describe how your approach could mitigate incidents like the Petya attack.
5) Illustrate the conflicting roles of security operations personnel in reporting audit findings, and offer a logical prediction of how the SOC plans to address these concerns given your current perspective.
Part B
Write a 2 to 3 pages handout for the meeting with the board of directors in which you:
1) Outline computer security incident response.
2) Explain the purpose of a security operations center and its staffing.
3) Describe at least three differences between security operations processes, policies, and procedures.
4) Select one approach to assessing the effectiveness of a security operations center.
5) Explain the possibility of conflicting roles of security operations personnel in reporting audit findings to raise awareness to senior management.