Reference no: EM133210517
Case: You are Megacorp's new Chief Information Security Officer. You spent your first three days going through the HR onboarding process, meeting your various colleagues in the IT department, getting a tour of the PA facility, and setting up your company computer. On Thursday, Brenda and you took a road trip to visit the Fairfax, Virginia location where you met the Chief Technology Officer and the Director of Engineering. You spent most of Friday moving from office to office in the executive suite, meeting different department heads, including the CFO, General Counsel, Director of Sales, etc. Basically, you haven't really had time to do anything substantive.
On Monday morning, Brenda and Rob show up at your door shortly after you arrive. Rob says "Chris, there is a Board meeting at the end of next week. The Board knows you started (they authorized us creating your position), and they are very anxious to see what you have planned. So, please put together an outline of what you think Megacorp needs to do. I know you're still new and learning your way, but the Board expects at least a basic outline. Please put together what you can, and then circulate it to Brenda and me for review."
Question: In 500 words or less, what would you give to Rob and Chris for the Board of Directors? That is, given that Megacorp does not have a cybersecurity program, what steps should Megacorp take to create a program?