Cyber-Security Leadership Assignment | Homework for You
This activity will address module outcomes 1, 2, 3, 4, and 5. Upon completion of this activity, you will be able to:
Identify an organization’s cybersecurity stakeholders, their responsibilities, and sources of authority. (CO1)
Contrast various management styles and their applicability to various cyber roles. (CO1)
Describe relevant strategic and tactical goals within the cybersecurity context. (CO2)
Determine organizational communications models in use by organizations for cybersecurity—critical and non-critical—event management. (CO1, CO2)
Synthesize how a CISO would lead and communicate to pursue organizational goals. (CO1, CO2)
review the scenario presented:
Imagine this is your first day as Senior Chief Information Security Officer (CISO) of Company A. The Chief Financial Officer (CFO) calls you wondering what should have been done differently during a recent incident involving your predecessor. The following incidents recently occurred and were closed out without any alert to senior staff or the CFO.
The Chief Financial Officer’s admin reported that their laptops were performing erratically and many popup screens kept appearing while browsing the Internet. Upon inspection, it was found that the laptops were infected with malware and computer viruses. As the users were the CFO’s direct subordinates, the service desk decided to respond quickly. However, the service desk did not report the incident up the chain. As soon as the malware was removed, the service desk closed the ticket.
Based on your understanding of the prior scenario involving the CFO’s admin, identify at least one risk if the process or procedures are not changed.
Your paper should include the following information:
Executive summary describing Incident
Analysis Section describing the risk or risks identified.
Categorize the risk or risks if not changed (high, medium or low) and the potential impact (what is the worst that could happen).
Describe the mitigation or process and procedure that should be changed.
Categorize any remaining risk.