Cyber Risk Plan
|
ARTICULATION OF RESPONSE (CLARITY, ORGANIZATION, MECHANICS): |
|
COMPETENT |
|
The candidate provides adequate articulation of response. |
|
A:RISK REGISTER |
|
COMPETENT |
|
The candidate provides a risk register with 8 risks currently facing the company, with adequate detail. |
|
A1:GLOBAL MARKETPLACE ACTIVITIES |
|
COMPETENT |
|
The candidate provides a logical explanation, with adequate support, of how 1 of the identified risks stems from an aspect of the company’s global marketplace activities. |
|
A2:RISK SOURCES |
|
COMPETENT |
|
The candidate provides an appropriate description, with adequate detail, of the source(s) of each risk. |
|
A2A:RISK SOURCES EXPLANATION |
|
COMPETENT |
|
The candidate provides a logical explanation, with adequate support, of how each risk stems from the described source(s). |
|
A3:RISK LEVELS |
|
COMPETENT |
|
The candidate accurately identifies the risk level for each risk. |
|
A3A:RISK LEVEL JUSTIFICATION |
|
COMPETENT |
|
The candidate provides a logical justification, with adequate support, for each identified risk level in terms of the given points. |
|
B:RISK RESPONSE |
|
COMPETENT |
|
The candidate provides an appropriate risk response, with adequate detail, for each risk from part A to reduce the possible damage to the company. |
|
C1:STRATEGIC PRE-INCIDENT CHANGES |
|
COMPETENT |
|
The candidate provides a logical discussion, with adequate detail, of the strategic pre-incident changes the company could follow to ensure the well-being of the company. |
|
C2A:SENSITIVE DATA |
|
COMPETENT |
|
The candidate provides a logical discussion, with adequate detail, of what constitutes sensitive data. |
|
C2B:NORMAL DATA PROTECTION |
|
COMPETENT |
|
The candidate provides a logical explanation, with adequate detail, of how data will be physically protected during normal business operations. |
|
C2C:DISRUPTION DATA PROTECTION |
|
COMPETENT |
|
The candidate provides a logical explanation, with adequate detail, of how data will be physically protected in the event of a disruption. |
|
C2D:ETHICAL USE |
|
COMPETENT |
|
The candidate provides a logical explanation, with adequate detail, of how the company will ensure data is used ethically. |
|
C3A:CUSTOMER RECORDS |
|
COMPETENT |
|
The candidate provides a logical discussion, with adequate detail, of what constitutes customer records for the candidate’s chosen company. |
|
C3B:NORMAL SECURITY MEASURES |
|
COMPETENT |
|
The candidate provides a logical discussion, with adequate detail, of the systems or security measures that would be put in place to protect customer records during normal business operations. |
|
C3C:DISRUPTION SECURITY MEASURES |
|
COMPETENT |
|
The candidate provides a logical discussion, with adequate detail, of the systems or security measures that would be put in place to protect customer records in the event of a disruption. |
|
C3D:ETHICAL USE |
|
COMPETENT |
|
The candidate provides a logical explanation, with adequate detail, of how the company will ensure the customer records are used ethically. |
|
C4:COMMUNICATION PLAN |
|
COMPETENT |
|
The candidate provides a logical discussion, with adequate detail, of the communication plan to be used during and following a disruption. |
|
C4A:STAKEHOLDERS |
|
COMPETENT |
|
The candidate accurately identifies the stakeholders who would need to be contacted in the event of a disruption. |
|
C4AI:STAKEHOLDER COMMUNICATION |
|
COMPETENT |
|
The candidate provides an appropriate description, with adequate detail, of the specific actions that will need to take place to communicate with each stakeholder. |
|
C5:RESTORATION OF OPERATIONS |
|
COMPETENT |
|
The candidate provides a logical discussion, with adequate detail, of how normal operations will be restored after a disruption has occurred. |
|
D1:BCP IMPLEMENTATION |
|
COMPETENT |
|
The candidate provides a logical discussion, with adequate detail, of how the BCP will be implemented into the company. |
|
D2:BCP COMMUNICATIONS |
|
COMPETENT |
|
The candidate provides a logical discussion, with adequate detail, of how the BCP will be communicated to the organization. |
|
D3:BCP MONITORING |
|
COMPETENT |
|
The candidate provides a logical discussion, with adequate detail, of how the BCP will be monitored or tested before the incident to ensure the plan would be effective in the event of a disruption. |
|
D4A:BCP ADJUSTMENTS |
|
COMPETENT |
|
The candidate provides a logical discussion, with adequate detail, of how the BCP will be adjusted over time. |
|
D4B:COMMUNICATION OF CHANGE |
|
COMPETENT |
|
The candidate provides a logical discussion, with adequate detail, of how changes to the plan will be communicated to the company. |
|
D:SOURCES |
|
COMPETENT |
|
When the candidate uses sources, the candidate provides appropriate in-text citations and references with no readily detectable deviations from APA style, OR the candidate does not use sources. |