IT575 Information Security Management

Assignment 2 Planning a New Cybersecurity Initiative

Word document

At the recent Marymount University Board of Trustees meeting, the Marymount CIO reported on a recent small data breach, the use of an expert consultant to help mitigate the results of the breach, and the increasing number of attacks that the university was experiencing.

As a result of the meeting, you have been asked to support the planning for a new Incident Response Center in the existing Information Technology Services (ITS) department. In discussions with the CIO, it has been estimated that the new team will include:

Quarter time (512 hours per year) for one of the existing managers ($90,000 per year) Promotion of one of the Customer Support Team (salary $75,000): it is estimated that he will need to take about 4 weeks of specialized SANS training in the first year) Addition of one new Incident Response Analyst, recruited at the average rate of such a cybersecurity professional, with about 3 years of experience and at least a 4-year degree Acquisition of appropriate incident response management software tools. Notes: for budgeting purposes:

Marymount University is primarily a CISCO networking environment. Marymounts fiscal year begins July 1 and ends June 30, all budgets should be based on the fiscal year basis. Marymount estimates an average of 2% increase in salary each year Marymounts overhead rate is estimated at 50% for all employees to include benefits, space, etc. Marymounts indirect cost rate for other items (e.g., software purchases, training) is 12%. You are tasked with producing the following documentation to support the planning process:

A one-page description of the Incident Response Center including its value to the university at this time. A detailed budget as an Excel spreadsheet assuming a start date of October 1, 2017. Budget should be for 2019 2020 and 2020-2021. A memo to the CIO summarizing the budget request and its significance in improving cybersecurity at the university.