Project 4

1

ACCT 620: Cyber Accounting: Management and Compliance I. Title: Evolution of the NIST Cybersecurity Framework II. Introduction Based on your performance on other projects, your supervisor has asked you to prepare and make a presentation to existing employees and a few who were recently hired. Specifically, your supervisor wants these employees to learn the evolution of the NIST Cybersecurity Framework, initiated by President Obama ‘s Executive Order 13636, Improving Critical Infrastructure in Cybersecurity, dated February 12, 2013. Knowing that the employees will include accounting, auditing, and new staff members, you feel excited to be responsible for preparing the training materials. Given the diversity of the group, the training materials must be basic enough to teach the new hires, yet complex enough to challenge the existing accounting and auditing personnel. You recall from your graduate program at UMUC, that the NIST framework was the first attempt by the federal government and private sector to develop mutually acceptable voluntary best practices that all organizations could use to protect their assets. Development of the NIST framework was a monumental task given that it was designed to be implemented in organizations of any size and in any industry. Furthermore, the federal government and private sector organizations fully understood that U.S. critical infrastructure sectors (there are 16 sectors) supporting the interests of business owners also needed protection for the good of the country. The cost benefit constraint was central to the development of the NIST Cybersecurity Framework 1.0, which was published on February 12, 2014. This first iteration was developed through consensus to be a voluntary benchmarking tool. A few years later, in May 2017, President Trump issued his first executive order on cybersecurity by requiring all government agencies and their information systems contractors to manage using the NIST Cybersecurity Framework. NIST published its first update to its framework by releasing the NIST Cybersecurity Framework 1.1 in April 2018. This 2018 version includes a new section on supply chain management issues. Further, the framework is now referred to as a maturity model. III. Steps to Completion

1. Review the NIST Cybersecurity Framework on the NIST Website. Updates to the NIST Cybersecurity Framework are made regularly. Thus, do not assume the Framework hasn’t changed since you last read it.

2

2. Research NIST Cybersecurity Framework to determine why it is referred to as the maturity model.

3. Create a timeline of the evolution of the NIST Cybersecurity Framework.

4. Discuss the five core functions and categories, which is referred to as the Core.

5. Distinguish between the four implementation tiers of organizational competence and the criteria for measuring levels of organizational cybersecurity maturity.

6. Create a Power Point presentation file a. Between 15 and 20 slides. Be sure to include a cover page,

reference list, and your timeline.

b. Each slide must have notes written below the slide. You will read these notes when performing the presentation. The notes will also be available for your colleagues to read in case they do not have computer speakers and or have hearing challenges.

c. Practice making the presentation in front of a mirror or to your family before recording it.

d. Record your presentation. If you do not know how to create an audio-enhanced presentation, there are many YouTube videos that explain the process. The audio must be clear, audible, and without background noise. You have the option of either: 1. Creating an audio-enhanced presentation file, or 2. Making a video of yourself presenting the slides.

e. Upload the audio-enhanced Power Point slide file, a link to your

video, which you have uploaded to YouTube or other free site, or a video embed code.

IV. Deliverables

1. Audio-enhanced Power Point presentation file with speaker’s notes under the slides, or a video of you presenting the Power Point file.

V. Frequently asked questions & Helpful Hints

3

 If needed, review APA style formatting again to prepare for writing Project 4.

 Prepare a draft version of your report before it is due.  Ask a classmate, friend, or family member to read your report before

submitting it to the Graduate Writing Center.  Submit your draft to the Graduate Writing Center before this project is due.  Make edits to your report after reviewing feedback from the writing center

tutors.  Submit Project 4 on or before the due date.  Ask your supervisor (professor) questions as needed.  The following Web pages may be helpful

o www.nist.gov/cyberframework/new-framework. o https://www.nist.gov/cyberframework. (Background) o https://www.nist.gov. (Informational Videos) (Framework Basics). o https://www.nist.gov/cyberframework/frequently-asked-questions-

answers#checklist o https://www.nist.gov/cyberframework/frequently-asked-questions-

answers#org

VI. Rubric

 Please use the rubric in your LEO classroom for Project 4.