CYBER SECURITY ESSAY QUESTION

You have been invited to participate in a round table discussion on the above topic at a conference on Best Practices for IT Security Management. For this activity you must prepare a 3 to 5 paragraph briefing statement which answers the following questions. You must use and cite information from the weekly readings.

1. What is stakeholder theory? How does it drive requirements to spend money on cybersecurity products & services?

2. How does social contract theory apply to purchasing requirements for cybersecurity products & services?

3. Name and briefly describe 3 ethics issues that IT Security managers and staff may encounter when selecting and evaluating cybersecurity products & services. (Use examples to drive home your points.)

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.

BREAK

As part of the IT Security Program, the CISO's Program Management Staff are responsible for creating and managing projects which are used to bring in, test, and deploy new security related products and services. One of the primary responsibilities of project managers is ensuring that the security products or services meet the stated functional requirements -- the "quality" targets. (The products or services must deliver the specified enterprise security functionality.) The project manager for this effort must also ensure that the products / services are delivered according to schedule ("time") and within the budgeted costs ("cost"). These three factors are called the "project management constraints:"

· Cost

· Quality (meeting requirements)

· Time

Choose the constraint ("factor") that you believe should be prioritized when managing an IT acquisition project. Write a 3 to 5 paragraph briefing statement in which you identify and then defend your selection. Your statement should address the following items:

1. Provide definitions for each of the constraints

2. Identify your chosen constraint and provide a more detailed description of how this constraint impacts project management (what happens to the other two factors). For example, if you decide that cost is the most important factor, explain the tradeoffs you might need to make with respect to quality and schedule. Or, if you decide that quality is most important (e.g. correct implementation of security controls), explain how that might affect cost and schedule.

3. Provide a closing summary of the importance of project management for IT acquisitions (with respect to the overall IT security program).

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your article.

Break

More and more hiring actions start with a written essay from job candidates followed by a telephone "screening" interview. For this week's discussion topic, you will take on the role of  an applicant for an internship in a CISO organization. You are at the first stage in the application process -- writing the essay. You have been asked to respond to ONE of the following questions:

1. Why should a large company (>1000 employees) adopt and use COBIT 5 to manage IT security risks?

2. How does compliance with the four Payment Card Industry (PCI) Standards help an e-Commerce company manage IT security risks?

The application review committee is a group of managers (both technical and non-technical) who depend upon IT security to protect their business operations (including intellectual property, company strategic and financial information, and customer data). The purpose of the essay is two fold. First, the review committee is looking for the ability to think critically and analyze a relevant problem. Second, the review committee is looking for applicants who can communicate effectively in writing for both technical and non-technical audiences.

Write a 3 to 5 paragraph application essay that provides a relevant and "job worthy" response to your selected question. Your essay should not exceed 500 words so be concise, accurate, and clear in your essay.

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your essay.

BREAK

Many businesses follow NIST guidance for identifying, managing, remediating, and monitoring Information Systems Risk. Some follow the guidance because of contractual mandates (i.e. they're under contract to the US Federal Government). Other businesses follow the NIST guidance because it represents "best practices" and is a widely accepted source of guidance.

Write a 3 to 5 paragraph position statement in which you identify and describe 3 to 5 contributions that your chosen framework (CSF or RMF) will make to effective management of enterprise IT risk.

Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.

Break

The CISO's office at your selected e-Commerce company (from Project 2) has invited you to present an analysis of how threat intelligence products and services obtained from external sources can be used to improve the company's risk management efforts.

Your presentation will be given as part of a panel discussion at the CISO's monthly meeting with executives and managers. The CISO sponsors these panels to help staff members learn more about cybersecurity products and services and the vendors from which these capabilities can be purchased. 

To prepare for your presentation, you must write a 3 to 5 paragraph briefing statement in which you summarize your analysis. This will be reviewed by the CISO before you give your presentation. Your briefing statement must provide:

1. An introduction to the topic that provides a brief overview of threat intelligence in general (how the term is defined / used) and how it can be used to support the risk management process (e.g. risk identification, risk mitigation strategies, etc.)

2. Provide examples (backed up by citations to readings) of externally developed cyber threat intelligence which could be used to support the company's risk management efforts. You should consider cyberthreat intelligence services from both commercial providers and the ISAC cooperatives.

3. Provide a summary & conclusions section in which you state your opinion as to which providers would be the best sources of cyberthreat intelligence for the company.

Post your briefing statement as a reply to this topic. Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.

Break

Failure to understand what drives customer demand in the cybersecurity market can result in a quick trip to bankruptcy court or a forced sale of a company. For this reason, product developers, service providers, and other types of vendors (e.g. resellers, systems developers, federal or state contractors, etc.) need to understand what drives current and future customer demands and requirements for technologies, products, and services. Once the relevant market factors are identified, companies can develop strategies for meeting current and future demands for products and services -- figuring out what customers want to buy and then providing it at a profit.

One of the most commonly used sets of market factors is referred to as PEST. The four factors in this set are:

· Political-Legal factors (e.g. laws & regulations -- consider both current and proposed, cybercrime, cyber terrorism)

· Economic factors (e.g. fines for non-compliance with laws or regulations, availability of trained workforce, profitability of purchasers, availability of venture capital or credit for business startups)

· Socio-cultural factors (privacy concerns, pervasiveness of computers and digital devices, digital divide, “hacker” culture)

· Technological factors (product lifecycles, cloud computing, Internet of Things, etc.)

In this activity, you will explore the 4 PEST factors. Look for information that explains why a company must identify and assess the impact these factors have or will have on the demand for IT security solutions (products or services). (Hint: GDPR is having a significant impact on two factors -- political-legal and economic -- for companies that do business in Europe.)

Present your findings in a 3 to 5 paragraph briefing paper. Your audience is a group of technical and non technical managers who are attending a monthly meeting to learn more about the cybersecurity / IT Security Industry.

INCLUDE 3 IN TEXT CITATION AND LIST REFERENCES

BRAKE

Failure to understand what drives customer demand in the cybersecurity market can result in a quick trip to bankruptcy court or a forced sale of a company. For this reason, product developers, service providers, and other types of vendors (e.g. resellers, systems developers, federal or state contractors, etc.) need to understand what drives current and future customer demands and requirements for technologies, products, and services. Once the relevant market factors are identified, companies can develop strategies for meeting current and future demands for products and services -- figuring out what customers want to buy and then providing it at a profit.

One of the most commonly used sets of market factors is referred to as PEST. The four factors in this set are:

· Political-Legal factors (e.g. laws & regulations -- consider both current and proposed, cybercrime, cyber terrorism)

· Economic factors (e.g. fines for non-compliance with laws or regulations, availability of trained workforce, profitability of purchasers, availability of venture capital or credit for business startups)

· Socio-cultural factors (privacy concerns, pervasiveness of computers and digital devices, digital divide, “hacker” culture)

· Technological factors (product lifecycles, cloud computing, Internet of Things, etc.)

In this activity, you will explore the 4 PEST factors. Look for information that explains why a company must identify and assess the impact these factors have or will have on the demand for IT security solutions (products or services). (Hint: GDPR is having a significant impact on two factors -- political-legal and economic -- for companies that do business in Europe.)

Present your findings in a 3 to 5 paragraph briefing paper. Your audience is a group of technical and non technical managers who are attending a monthly meeting to learn more about the cybersecurity / IT Security Industry.

Post your briefing paper as a reply to this topic. Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.