[Solved] IS486 - Managing Cyber Security Operation

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Sep 22, 2024

IS486 - Managing Cyber Security Operations Case Study Lab Assignment #3 Due Date: The exact due date for the assignment will be announced in class/lab.

IS486 - Managing Cyber Security Operations Case Study Lab Assignment #3 Due Date: The exact due date for the assignment will be announced in class/lab. Instructions. In this Case Study Lab Assignment there is ONE case study. Read the CASE carefully (the opening and closing scenario) and answer ALL the Case Discussion Questions at the end of the case). Please state cach question and then follow it with the answer. o Each question must be answered completely and you must give detailed explanation of your answer to receive full credit. The complete answer to the case study (i.e. the answers to all the Case Discussion Questions) must NOT be less than 500-words in length. Please note that you may have to do research on the net to help you analyze the case and answer the questions completely. Please remember that you CANNOT copy from the net and ALL your work must be in your own words. Case Opening Scenario Risk Management Charlie Moody called the meeting to order. The conference room was full of developers, systems analysts, and IT managers, as well as staff and management from sales and other departments. **All right everyone, let's get started. Welcome to the kick-off meeting of our new project team, the Sequential Label and Supply Information Security Task Force. We're here today to talk about our objectives and to review the initial work plan." "Why is my department here?" asked the manager of sales. "Isn't security a problem for the IT department?" Charlie explained, "Well, we used to think so, but we've come to realize that information security is about managing the risk of using information, which involves almost everyone in the company. In order to make our systems more secure, we need the participation of representatives from all departments." Charlie continued, "I hope everyone read the packets we sent out last week describing the legal requirements we face in our industry and the background articles on threats and attacks. Today we'll begin the process of identifying and classifying all of the information technology risks that face our organization. This includes everything from fires and floods that could disrupt our business to hackers who might try to steal or destroy our data. Once we identify and classify the risks facing our assets, we can discuss how to reduce or eliminate these risks by establishing controls. Which controls we actually apply will depend on the costs and benefits of each control." "Wow, Charlie!" said Amy Windahl from the back of the room. "I'm sure we need to do it I was hit by the last attack, just as everyone here was--but we have hundreds of systems." "It's more like thousands," said Charlie. "That's why we have so many people on this team, and why the team includes members of every department." Charlie continued, "Okay, everyone, please open your packets and take out the project plan with the work list showing teams, tasks, and schedules. Any questions before we start Case Closing Scenario IS486 - Managing Cyber Security Operations Case Study Lab Assignment #3 reviewing the work plan?" As Charlie wrapped up the meeting, he ticked off a few key reminders for everyone involved in the asset identification project. "Okay, everyone, before we finish, please remember that you should try to make your asset lists complete, but be sure to focus your attention on the more valuable assets first. Also, remember that we evaluate our assets based on business impact to profitability first, and then economic cost of replacement. Make sure you check with me about any questions that come up. We will schedule our next meeting in two weeks, so please have your draft inventories ready." Case Discussion Questions 1. Did Charlie effectively organize the work before the meeting? Why or why not? Make a list of the important issues you think should be covered by the work plan. For each issue, provide a short explanation. 2. Will the company get useful information from the team it has assembled? Why or why not? 3. Why might some attendees resist the goals of the meeting? Does it seem that each person invited was briefed on the importance of the event and the issues behind it? IS486 - Managing Cyber Security Operations Case Study Lab Assignment #3 Due Date: The exact due date for the assignment will be announced in class/lab. Instructions. In this Case Study Lab Assignment there is ONE case study. Read the CASE carefully (the opening and closing scenario) and answer ALL the Case Discussion Questions at the end of the case). Please state cach question and then follow it with the answer. o Each question must be answered completely and you must give detailed explanation of your answer to receive full credit. The complete answer to the case study (i.e. the answers to all the Case Discussion Questions) must NOT be less than 500-words in length. Please note that you may have to do research on the net to help you analyze the case and answer the questions completely. Please remember that you CANNOT copy from the net and ALL your work must be in your own words. Case Opening Scenario Risk Management Charlie Moody called the meeting to order. The conference room was full of developers, systems analysts, and IT managers, as well as staff and management from sales and other departments. **All right everyone, let's get started. Welcome to the kick-off meeting of our new project team, the Sequential Label and Supply Information Security Task Force. We're here today to talk about our objectives and to review the initial work plan." "Why is my department here?" asked the manager of sales. "Isn't security a problem for the IT department?" Charlie explained, "Well, we used to think so, but we've come to realize that information security is about managing the risk of using information, which involves almost everyone in the company. In order to make our systems more secure, we need the participation of representatives from all departments." Charlie continued, "I hope everyone read the packets we sent out last week describing the legal requirements we face in our industry and the background articles on threats and attacks. Today we'll begin the process of identifying and classifying all of the information technology risks that face our organization. This includes everything from fires and floods that could disrupt our business to hackers who might try to steal or destroy our data. Once we identify and classify the risks facing our assets, we can discuss how to reduce or eliminate these risks by establishing controls. Which controls we actually apply will depend on the costs and benefits of each control." "Wow, Charlie!" said Amy Windahl from the back of the room. "I'm sure we need to do it I was hit by the last attack, just as everyone here was--but we have hundreds of systems." "It's more like thousands," said Charlie. "That's why we have so many people on this team, and why the team includes members of every department." Charlie continued, "Okay, everyone, please open your packets and take out the project plan with the work list showing teams, tasks, and schedules. Any questions before we start Case Closing Scenario IS486 - Managing Cyber Security Operations Case Study Lab Assignment #3 reviewing the work plan?" As Charlie wrapped up the meeting, he ticked off a few key reminders for everyone involved in the asset identification project. "Okay, everyone, before we finish, please remember that you should try to make your asset lists complete, but be sure to focus your attention on the more valuable assets first. Also, remember that we evaluate our assets based on business impact to profitability first, and then economic cost of replacement. Make sure you check with me about any questions that come up. We will schedule our next meeting in two weeks, so please have your draft inventories ready." Case Discussion Questions 1. Did Charlie effectively organize the work before the meeting? Why or why not? Make a list of the important issues you think should be covered by the work plan. For each issue, provide a short explanation. 2. Will the company get useful information from the team it has assembled? Why or why not? 3. Why might some attendees resist the goals of the meeting? Does it seem that each person invited was briefed on the importance of the event and the issues behind it