As the new Chief Information Security Officer in the organization, you were tasked in Module 3 by your Board of Directors to develop a rough draft Cybersecurity Implementation Guideline using a combination of the NIST Framework and the CIS 20 Critical Controls. You have developed the rough draft Guideline that you have shared with the Chief Information Officer and your staff. You will use the feedback from them to make adjustments to your rough draft Guideline.

As part of their feedback, they have asked that you provide a detailed rough draft Implementation Action Plan Matrix at a Board Level (large tasks) with details for the Implementation Action Plan Matrix that you will incorporate as an Appendix to the Guideline prior to submission of your Semi-Complete Draft Cybersecurity Guideline.

Background

In the broad sense, you are identifying how you will determine where your organization currently is in regard to cybersecurity; how you will determine where your organization wants to be with regard to cybersecurity in the long term; identify and define what you need to do to achieve these prioritized issues; identify who will be responsible and accountable to develop the strategies, action plans, budgets, and steps needed allocate the time, financial, and human resources to achieve the objectives; and ensure you revisit and review what you have developed before submitting to the Board. In other words, you are laying out the plan, not developing the actions themselves. You will need to ensure you can get the needed physical, financial (approved budget), and human (such as subject matter experts) resources.

Directions

Using the feedback provided, revise the rough draft Cybersecurity Implementation Guideline from Milestone 1 (completed in Module 3) into a Revised Cybersecurity Implementation

Guideline for Milestone 2 and include in that document a rough draft Implementation Action Plan Matrix as an Appendix. (A template for that is provided below.)

Ensure you also review for completeness, format, spelling, punctuation, and grammar.

Student Deliverables for Milestone 2:

3-4 page revised Cybersecurity Implementation Guideline

1-2 page rough draft Implementation Action Plan Matrix included in the Guideline as an Appendix

Using the available resources from various websites and class materials, you may use the following Cybersecurity Implementation Guideline Template as a guide to help you complete this assignment for Milestone 2.

Cybersecurity Implementation Guideline Template

[NOTE: You may add or delete sections to this template as it is here as a guide for you to use.]

Cover Page

Table of Contents

I. Executive Summary

a. Background b. Purpose of the Guideline c. Organization of the Guideline

II. History of the Organization

a. Mission and Vision

III. Framework Implementation Overview

a. Framework Guidance Terminology b. Framework Guidance Purpose c. Framework Implementation Benefits d. D Strategy used to develop the Guideline

IV. Framework Guidance Resources

a. List Resources and Requirements Used for Development of the Guideline

V. Proposed Budget

VI. Resources Required

a. Financial / Human Resources

VII. Steps to Implementation of the CIS Critical Controls / Framework

a. Prioritize and Scope b. Orient c. Create a Current Profile d. Conduct a Risk Assessment e. Create a Target Profile f. Determine, Analyze, and Prioritize Gaps g. Implement Action Plan

VIII. Conclusions and Recommendations

IX. Next Steps

X. Appendices (now to include at least the Cybersecurity Implementation Action Plan Matrix)

XI. Figures (if used)

Cybersecurity Implementation Action Plan Matrix

Milestone Assignment Resources

The 20 CIS Controls & Resources(https://www.cisecurity.org/controls/cis-controls-list). - This CIS document provides all 20 controls with definition and guidance on each.

NIST CSF: The Seven-Step Cybersecurity Framework Process(chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://csrc.nist.gov/CSRC/media/Presentations/Cybersecurity-Framework-Overview/images-media/NIST%20CSF%20Overview.pdf). - This InfoSec article details the NIST 7 steps to implementing a cybersecurity plan.

Framework for Improving Critical Infrastructure Cybersecurity(chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://csrc.nist.gov/CSRC/media/Presentations/Cybersecurity-Framework-Overview/images-media/NIST%20CSF%20Overview.pdf). - This NIST slide presentation provides a brief outline of all sections of the NIST Framework.

5 Steps to Turn the NIST Cybersecurity Framework into Reality(https://www.securitymagazine.com/articles/88624-steps-to-turn-the-nist-cybersecurity-framework-into-reality). - This Security Magazine article provides five simple concepts to help implement the NISTS Cybersecurity Framework.

Strategic Plan Tracking Matrix Template(chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj/https://www.tasha-harmon.com/pdf/Strategic_Plan_Matrix_Template.pdf).- This basic template can be used at the staff level and at the board level with only minor modifications.