Geo n Cyber 2
busy bee
Cyber2.docx……………………………………………………………………………………………………
As part of the IT Security Program, the CISO's Program Management Staff are responsible for creating and managing projects which are used to bring in, test, and deploy new security related products and services. One of the primary responsibilities of project managers is ensuring that the security products or services meet the stated functional requirements -- the "quality" targets. (The products or services must deliver the specified enterprise security functionality.) The project manager for this effort must also ensure that the products / services are delivered according to schedule ("time") and within the budgeted costs ("cost"). These three factors are called the "project management constraints:"
· Cost
· Quality (meeting requirements)
· Time
Choose the constraint ("factor") that you believe should be prioritized when managing an IT acquisition project. Write a 3 to 5 paragraph briefing statement in which you identify and then defend your selection. Your statement should address the following items:
1. Provide definitions for each of the constraints
2. Identify your chosen constraint and provide a more detailed description of how this constraint impacts project management (what happens to the other two factors). For example, if you decide that cost is the most important factor, explain the tradeoffs you might need to make with respect to quality and schedule. Or, if you decide that quality is most important (e.g. correct implementation of security controls), explain how that might affect cost and schedule.
3. Provide a closing summary of the importance of project management for IT acquisitions (with respect to the overall IT security program).
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your article.
https://www.pmi.org/about/learn-about-pmi/what-is-project-management
https://cisohandbook.com/security-education/project-manager-security/
https://danielmiessler.com/study/information-security-metrics/
………………………………………………………………………………………………………………………………………………
………………………Preferrably Question 1…………………………………………………………….
More and more hiring actions start with a written essay from job candidates followed by a telephone "screening" interview. For this week's discussion topic, you will take on the role of an applicant for an internship in a CISO organization. You are at the first stage in the application process -- writing the essay. You have been asked to respond to ONE of the following questions:
1. Why should a large company (>1000 employees) adopt and use COBIT 5 to manage IT security risks?
2. How does compliance with the four Payment Card Industry (PCI) Standards help an e-Commerce company manage IT security risks?
The application review committee is a group of managers (both technical and non-technical) who depend upon IT security to protect their business operations (including intellectual property, company strategic and financial information, and customer data). The purpose of the essay is two fold. First, the review committee is looking for the ability to think critically and analyze a relevant problem. Second, the review committee is looking for applicants who can communicate effectively in writing for both technical and non-technical audiences.
Write a 3 to 5 paragraph application essay that provides a relevant and "job worthy" response to your selected question. Your essay should not exceed 500 words so be concise, accurate, and clear in your essay.
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your essay.
https://learn.umuc.edu/d2l/le/content/350296/viewContent/14313203/View
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-39.pdf
https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8074v1.pdf
http://www.isaca.org/COBIT/focus/Pages/cobit-5-for-risk-a-powerful-tool-for-risk-management.aspx
