Project 1

Project1DescriptionCSRMProgram.pdf

Home >Computer Science homework help >Project 1

I. Title: Drafting Management’s Description of the Entity’s Cybersecurity Risk Management Program.

II. Introduction The AICPA developed the Description Criteria for Management’s Description of the Entity’s Cybersecurity Risk Management program for use by management when preparing the entities’ cybersecurity risk management program. The Cybersecurity Working Group developed this guide as a set of benchmarks for the description criteria. As defined by the AICPA the entity’s cybersecurity risk management program is a set of policies, process, and controls designed to protect information and systems from security events that could compromise the achievement of the cybersecurity objectives. Management is ultimately responsible for developing, implementing, and operating the entity’s Cybersecurity Risk Management Program (CSRMP). You are hired as a consultant via a non-attest service agreement to develop the entity’s description of the cybersecurity risk management program. The description is intended to provide information to enable a better understanding of the entity’s cybersecurity risk management program. The description should include the following

1. Nature of the Business and Operations

2. Nature of the Information Risk

3. Cybersecurity Risk Management Program Objectives .

Some possible disclosures include

• Environment in which the entity operations,

• The process used to develop its cybersecurity objectives

• Commitments made to customers

• Responsibilities involved in operating and maintaining the CSRMP

• Nature of the IT components used to better understand the context of the

processes and controls of the CSRMP.

Descriptions can take the form of narratives, flowcharts, tables, graphics, or combination of any of these. The degree of detail is a matter of judgement. Competencies 1) Communication: Demonstrate the ability to communicate clearly both orally and in writing. Actively listen and effectively deliver information in multiple formats tailored to the intended audience. 2) Decision-making: Objectively identify and critically assess issues and use professional judgment to develop appropriate decision models, identify and analyze the costs and benefits of alternative courses of action and recommend optimal solutions.

3) Ethical conduct: Study and behave in accordance with the UMGC's Philosophy of Academic Integrity, in a manner bound by ethical principles for the protection of society, and in accordance with professional and ethical standards of the AICPA and other accounting organizations.

4) Professional behavior: Demonstrate a work ethic of timeliness, respect for diversity, and continuous learning consistent with high professional standards set by the AICPA and other accounting associations.

5) Project management: Plan and manage individual and team work flow through effective utilization of time and other resources to accomplish objectives.

6) Reporting: Identify the appropriate content and communicate clearly and objectively to the intended audience the work performed and the results as governed by professional standards, required by law or dictated by the business environment.

7) Research: Identify, access, and apply relevant professional frameworks, standards, and guidance, as well as other information for analysis and making informed decisions.

8) Risk assessment, analysis, and management: Assess, analyze, and manage risk using appropriate frameworks, professional judgment and skepticism for effective business management. 9) System and process management: Identify the appropriate businesses processes and system(s), related frameworks, and controls to assist in the design and use of systems for efficient and effective operations.

III. Steps to Completion

Step 1: Begin by reviewing your understanding of the AICPA resources below for the description of the Entity’s Cybersecurity Risk Management Program. Description Criteria for Management’s Description of the Entity’s Cybersecurity Risk Management Program

Step 2: Beginning on page 7 paragraph .21 of the above referenced document, use these implementation guidelines to build your description. For example, read DC1 and utilize the implementation guidance to develop your description. For DC1 you may want to include the entities principles markets, or geographic locations and also not if more than one business is operated. For DC2, you may want to discussion any individuals (special customer groups) that warrant protection from the law, what entity information such as trade secrets or corporate strategies should be protected. The same process should be followed for DC 3 through DC 19.

https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/downloadabledocuments/cybersecurity/description-criteria.pdf

IV. Deliverables

1. Submit a WORD document, which will contain the description of the

Cybersecurity Risk Management Program (CSRMP) as outlines above.

V. Frequently Ask Questions / Helpful Hints • There will be discussion forums dedicated to discussing this project. • Read the grading rubric before beginning the project to fully understand the

requirements; ask questions about the requirements if needed. • Prepare a draft version of your description before its due. • Ask a classmate, friend, or family member to read your description and offer

feedback • Submit your work to the graduate writing tutors if needed. • Submit the deliverable on or before the due date. • Review the penalty for late submissions, which is posted in the syllabus. • Ask your professor questions as needed.

VI. Rubric

You will find a rubric in LEO under Content>Course Resources>Projects & Rubrics.