The importance of cybersecurity governance as a fundamental aspect of protecting an organization’s information systems

Question 1

Unit 1 focused on various leadership roles and their respective responsibilities in implementing an effective cybersecurity governance plan. Consider the leadership roles (CEO, CSO/CIO, and Program Managers) in Sony organization and their responsibilities in implementing the organization’s cybersecurity strategy: 

· Explain the Sony’s organization’s governing structure, and its approach to cybersecurity. you may extrapolate the formal roles from the data available and contrast this with what was observed. 

· Based on your substantiation above, recommend changes that should be implemented and, if applicable, propose a new cybersecurity leadership plan that addresses it Sony’s shortcomings. 

·  (Approx. 300–400 words)

Question 2

Unit 2 of this module described the management processes organizations should consider when developing a cybersecurity governance plan. 

● Evaluate why the management processes utilized by Sony were insufficient to ensure good cybersecurity governance; and 

● Based on your substantiation above, recommend management processes that would have addressed Sony’s shortcomings in implementing a cybersecurity governance plan and should be adhered to going forward. 

(Approx. 300–400 words)

Question 3

Unit 3 focuses on the importance of keeping an organization’s cybersecurity awareness updated. To do so, think of types of Cybersecurity awareness training that are available and the topics that should ideally be included in training programs. In your answer, address the following:

· If relevant, identify any cybersecurity awareness programs or practices utilized by Sony. 

· Based on your substantiation above, provide an outline of a cybersecurity awareness program you would suggest for Sony. 

Your outline of the training program should cover the following three aspects:

1. The type of security awareness training (classroom or online);

2. The topics included in the training program; 

3. The target audience; and

4. The roles and responsibilities of those responsible for executing the training program.

Each aspect should be accompanied by reasons for your choices based on the organization’s context and needs. 

(Approx. 300–400 words)

Note: 

The word counts for each question serve as a guide; your submission should not exceed 1,200 words in its entirety. 

submission will be graded according to the following rubric:

Very   poor

Poor

Satisfactory

Very   good

Exceptional

Adherence   to brief 

Student   answers all the three questions, which include: a cybersecurity leadership   plan;  cybersecurity management   processes; and an outline of a cybersecurity awareness program.

Answer   falls within the prescribed word count (1,200 words). 

No submission.

OR

Student fails to address any element   of the brief. (0)

Some key elements are not addressed.   Most information provided is irrelevant.

OR 

Answer does not fall within the prescribed word   count (100 words over word count). (5.5)

Student adheres to most of the brief. Sufficient   information is provided and is mostly relevant. (7)

Student adheres to almost all elements of the   brief. Almost all information is provided and is relevant. (8.5)

Student fully adheres to the brief. All   information provided is comprehensive and relevant. (10)

Question 1: 

Insight   into an organization’s leadership roles and their associated responsibilities   in implementing cybersecurity governance 

Student   demonstrates their understanding by identifying the roles organizational   leaders play in implementing cybersecurity governance strategies, evaluating   the effectiveness of an organization’s leadership structure in relation to   cybersecurity governance, and recommending changes to improve how an   organization’s leadership executes cybersecurity strategies.

No submission.

OR 

Student fails to demonstrate even   basic understanding of the responsibilities of organizational leaders, and   does not evaluate the leadership structure’s effectiveness or proposed   recommended changes. (0)

Student shows an incomplete understanding of the   responsibilities of organizational leaders and does not evaluate the   leadership structure’s effectiveness or proposed recommended changes. (5.5)

Student demonstrates a satisfactory understanding   of the responsibilities of organizational leaders and evaluates the   leadership structure’s effectiveness and proposed recommended changes. (7)

Student demonstrates a strong understanding of   the responsibilities of organizational leaders, and their evaluation of the   leadership structure’s effectiveness. Recommended changes illustrate a degree   of insight. (8.5)

Student demonstrates a thorough and an incisive   understanding of the responsibilities of organizational leaders, and their   evaluation of the leadership structure’s effectiveness. Recommended changes   illustrate great depth of insight. (10)

Question   2:

Insight   into an organization’s cybersecurity management processes

Student   demonstrates their understanding by accurately describing management   processes that are essential to an organization’s cybersecurity, evaluating whether   an organization’s management processes are sufficient to ensure good   cybersecurity governance, and providing recommendations for management   processes that would improve an organization’s cybersecurity governance. 

No submission. 

OR 

Student fails to demonstrate even basic   understanding of the management processes that are essential to an   organization’s cybersecurity and does not evaluate the organization’s   management processes or recommended changes. (0)

Student shows an incomplete understanding of the   management processes that are essential to an organization’s cybersecurity, and   did not provide a satisfactory evaluation of the organization’s management   processes, and does not provide satisfactory recommended changes. (5.5)

Student demonstrates a satisfactory understanding   of the management processes that are essential to an organization’s   cybersecurity and evaluates the organization’s management processes and   recommended changes. (7)

Student demonstrates a strong understanding of the   management processes that are essential to an organization’s cybersecurity, and   their evaluation of the management processes. Recommended changes illustrate   a degree of insight. (8.5)

Student demonstrates a thorough and an incisive   understanding of the management processes that are essential to an   organization’s cybersecurity, and their evaluation of the management   processes. Recommended changes illustrate a great deal of insight. (10)

Question   3: 

Insight   into cybersecurity awareness and training 

Student   demonstrates their understanding by providing a substantial description of   the types of cybersecurity awareness training, the topics that should be   covered in cybersecurity awareness training, and the roles and   responsibilities of those who need to execute the training program.

No submission.

OR 

Student fails to demonstrate even   basic understanding of cybersecurity awareness training and does not evaluate   the organization’s training program or recommended changes. (0)

Student shows an incomplete understanding of   cybersecurity awareness training and does not provide a satisfactory   evaluation the organization’s training program, and does not provide   satisfactory recommended changes. (5.5)

Student demonstrates a satisfactory understanding   of cybersecurity awareness training and evaluates the organization’s training   program and recommended changes. (7)

Student demonstrates a strong understanding of   cybersecurity awareness training and evaluates the organization’s training   program. Recommended changes convey a   degree of insight. (8.5)

Student demonstrates a thorough and an incisive   understanding of cybersecurity awareness training and evaluates the   organization’s training program. Recommended changes illustrate a great deal   of insight. (10)

Organization   of writing

Answers   are structured clearly and logically.

No submission.

OR 

Complete lack of logical structure.   (0)

Answers have some logical structure, but not   enough to justify a passing grade. (5.5) 

Answers are structured fairly well in terms of   logic and clarity. (7)

Answers are structured very well in terms of   logic and clarity. (8.5) 

Answers are structured exceptionally well in   terms of logic and clarity. (10)

Total: 50 marks