Question
As the new Chief Information Security Officer in the organization, you were tasked in Module 3 by your Board of Directors to develop a rough
As the new Chief Information Security Officer in the organization, you were tasked in Module 3 by your Board of Directors to develop a rough draft Cybersecurity Implementation Guideline using a combination of the NIST Framework and the CIS 20 Critical Controls. You have developed the rough draft Guideline that you have shared with the Chief Information Officer and your staff. You will use the feedback from them to make adjustments to your rough draft Guideline.
As part of their feedback, they have asked that you provide a detailed rough draft Implementation Action Plan Matrix at a Board Level (large tasks) with details for the Implementation Action Plan Matrix that you will incorporate as an Appendix to the Guideline prior to submission of your Semi-Complete Draft Cybersecurity Guideline.
Background
In the broad sense, you are identifying how you will determine where your organization currently is in regard to cybersecurity; how you will determine where your organization wants to be with regard to cybersecurity in the long term; identify and define what you need to do to achieve these prioritized issues; identify who will be responsible and accountable to develop the strategies, action plans, budgets, and steps needed allocate the time, financial, and human resources to achieve the objectives; and ensure you revisit and review what you have developed before submitting to the Board. In other words, you are laying out the plan, not developing the actions themselves. You will need to ensure you can get the needed physical, financial (approved budget), and human (such as subject matter experts) resources.
Directions
Using the feedback provided, revise the rough draft Cybersecurity Implementation Guideline from Milestone 1 (completed in Module 3) into a Revised Cybersecurity Implementation
Guideline for Milestone 2 and include in that document a rough draft Implementation Action Plan Matrix as an Appendix. (A template for that is provided below.)
Ensure you also review for completeness, format, spelling, punctuation, and grammar.
Student Deliverables for Milestone 2:
3-4 page revised Cybersecurity Implementation Guideline
1-2 page rough draft Implementation Action Plan Matrix included in the Guideline as an Appendix
Using the available resources from various websites and class materials, you may use the following Cybersecurity Implementation Guideline Template as a guide to help you complete this assignment for Milestone 2.
Cybersecurity Implementation Guideline Template
[NOTE: You may add or delete sections to this template as it is here as a guide for you to use.]
Cover Page
Table of Contents
I. Executive Summary
a. Background b. Purpose of the Guideline c. Organization of the Guideline
II. History of the Organization
a. Mission and Vision
III. Framework Implementation Overview
a. Framework Guidance Terminology b. Framework Guidance Purpose c. Framework Implementation Benefits d. D Strategy used to develop the Guideline
IV. Framework Guidance Resources
a. List Resources and Requirements Used for Development of the Guideline
V. Proposed Budget
VI. Resources Required
a. Financial / Human Resources
VII. Steps to Implementation of the CIS Critical Controls / Framework
a. Prioritize and Scope b. Orient c. Create a Current Profile d. Conduct a Risk Assessment e. Create a Target Profile f. Determine, Analyze, and Prioritize Gaps g. Implement Action Plan
VIII. Conclusions and Recommendations
IX. Next Steps
X. Appendices (now to include at least the Cybersecurity Implementation Action Plan Matrix)
XI. Figures (if used)
Cybersecurity Implementation Action Plan Matrix
Milestone Assignment Resources
The 20 CIS Controls & Resources(https://www.cisecurity.org/controls/cis-controls-list). - This CIS document provides all 20 controls with definition and guidance on each.
NIST CSF: The Seven-Step Cybersecurity Framework Process(chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://csrc.nist.gov/CSRC/media/Presentations/Cybersecurity-Framework-Overview/images-media/NIST%20CSF%20Overview.pdf). - This InfoSec article details the NIST 7 steps to implementing a cybersecurity plan.
Framework for Improving Critical Infrastructure Cybersecurity(chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://csrc.nist.gov/CSRC/media/Presentations/Cybersecurity-Framework-Overview/images-media/NIST%20CSF%20Overview.pdf). - This NIST slide presentation provides a brief outline of all sections of the NIST Framework.
5 Steps to Turn the NIST Cybersecurity Framework into Reality(https://www.securitymagazine.com/articles/88624-steps-to-turn-the-nist-cybersecurity-framework-into-reality). - This Security Magazine article provides five simple concepts to help implement the NISTS Cybersecurity Framework.
Strategic Plan Tracking Matrix Template(chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://www.tasha-harmon.com/pdf/Strategic_Plan_Matrix_Template.pdf).- This basic template can be used at the staff level and at the board level with only minor modifications.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started