You are the first Chief Informmation Sccurity O1licer (CISO) for your organi2aDon, and on your
irst day, you realize there are no impacthul cybersecurity pracices established or impiementeo
and decide to submit a white paper to the CEO, calling for action. Develop a project plan to stand
up a brand.nese cybersecurity progranm in the fom of a l0-13 page White Paper, industry best
practces and Nisl guidance.
Guldelines:
AFomat 10-15 pages of content. In lieu of an abstract, write an executive summary
cuSnmarY de pagc, and references page, are not included in the total
a minlmum, 10 reterences should be used. All.cited articles iounals books and
SCarch, should be from credible sources and current within the last five years. Note:
pedia or personal blogs are not credible.
ables and graphiCs, if used, will count for no more than I page in the total. Anything
more 1s welcome, but the space used will be deducted from the total page count
Remember that tables and graphics require in-text citations.
Content Tips:
Undestand the scope and value of your project.
ribe the problem you are fixing by proposing this new cybersecurity program.
would include potential threat, financial loss, stso that the organization faces due
kof cybersecurity.
nce the NST Cybersecurity Framework (vl.) to build the structure of your
cam. this irameworK details cach vital Tunction ot cybersecurity-1dentity,
Protect, Detect, Respond, and Recover and will guide your research
Specifically, incorporate the steps detailed in section 3.2: Establishing o
Improving a cybersecurity program.
Keep in mind NIST1s a starung pOint, but other resources are recquired (see
Guidelines below).
Be sure to include the following details:
o Include methods and best practices that satisfy each fünction in the framework. The
categories and sub-categories offer more details for ensurin8 your program is robust.
You do not have to list out and talk to every single sub-category; view them as data
pon to dnve your vision.
Write a security policy for your organization. The purpose of a security policy 1s to
safeguard the contidenialntY, 1ntegniy, and avllablily, O1 the ofganizauonS5ystem
and information. Be sure to include objectives, scope, specific goals, and
conscquences in the cvent ot noncompltance.
o Create a team. Define roles and responsibilities of all stakeholders, including those of
the CISO,
Describe the access control methods you would implement for your building and
network
Develop a method to track performance and report metrics.