INTE2584 Introduction to Cybersecurity Governance
Assessment 3: Cyber security Strategy and Program Development and Management
Due date: Sunday, Week 13 , 11:59pm (Melbourne Time)
Weighting: 30%
Word limit: 2000 words (+/-10%)
Assessment type: Report
Group or individual assessment: Individual
Overview
Building on the insights gained from the assessment 1 case study on MIHS, your task is to craft a comprehensive security strategy and program tailored to the organization's specific needs. This endeavour involves a meticulous analysis of the organizational context, including a deep understanding of MIHS's business objectives and an assessment of the prevailing threat landscape and associated risks. The culmination of your insights and strategic recommendations will be a meticulously documented and presented formal business report.
Purpose
The purpose of this assessment is multifaceted. It's designed to showcase your grasp of key cybersecurity governance outcomes, particularly strategic alignment in sculpting a cybersecurity strategy that resonates with the specific business context of MIHS. Your proficiency in understanding the nuances of cybersecurity governance outcomes, the application of structured frameworks, and the strategic aspects of cybersecurity will serve as essential building blocks for your future endeavours in the domain of cyber governance within the professional sphere.
Moreover, you'll demonstrate your understanding of how to convert a cybersecurity strategy into a tangible cybersecurity program for businesses undergoing digital transformation, preparing you to address security issues in a professional context. Furthermore, this task aims to refine your professional communication abilities, equipping you with the necessary skills to adeptly handle the diverse array of cybersecurity governance tasks encountered in various business settings.
What do you need to deliver?
• 1 report
Tools
• Microsoft Word
Course learning outcomes
This assessment is linked to the following course learning outcomes:
|
CLO 4
|
Evaluate cybersecurity asset management, risk management strategies and security program management used in business organisations.
|
|
CLO 5
|
Apply the usage of performance metrics, KPIs and reporting in cybersecurity governance.
|
Marking criteria
1. Introduction (3 pts)
• Organizational Context: Evaluates your ability to clearly articulate the organization's context, mission, and strategic goals.
2. 3. Development of a Comprehensive Cybersecurity Strategy (10 pts)
• Cybersecurity Strategy: Evaluates your ability to craft a clear, robust, and context-specific cybersecurity strategy. It should encompass well-defined goals, objectives, and initiatives, showcasing a deep understanding of cybersecurity governance outcomes and alignment with the business environment.
4. Cybersecurity Program Management (12 pts)
• Program Development: Assesses your ability to translate strategic initiatives into practical cybersecurity projects and initiatives within a program management framework.
5. Performance Metrics and Reporting (5 pts)
• Metrics Development: Evaluates your ability to develop meaningful performance metrics to track and measure the success of the cybersecurity program.
• Reporting Structure: Assesses your ability to design a clear and effective reporting scheme to communicate cybersecurity performance and progress to stakeholders.
Assessment Details
Case study overview
Consider that you have been hired by the company you considered in assessment 1 as a security professional to help them address the cybersecurity strategy and program management challenges that come with such initiatives.
Target Audience
Executive level staff at the organisation.
Recommended Length and Structure
Your report will be approximately 2000 words long (+/-10%), excluding references, appendices , footnotes, bibliography and graphs. It should include the following sections:
You can use the following structure for preparing your report. Suggested word counts are included.
• introduction
• Cybersecurity Strategy
o Maturity Assessment using NIST CSF
o Strategic Security Objectives ( based on maturity assessment and business needs)
o Strategic Security Initiatives
• Cybersecurity program development
o Derive projects from initiatives
o Project management
• Performance metrics and KPI, and Reporting
o Success criteria in your program and project
Please note that the above-mentioned structure is a basic structure for preparing the report and you are expected and encouraged to add further sections, sub-sections, and components to enhance the overall structure, design, and presentation of your report.
Required references
You should aim to cite at least 10 references from reputable sources (e.g., academic, industry body publications, white papers).
Referencing Guidelines
Use RMIT Harvard referencing style. for this assessment. If you are using secondary sources, include these as a reference list in your report.
You must acknowledge all the sources of information you have used in your assessments.
Refer to the RMIT Easy Cite referencing tool to see examples and tips on how to reference in the appropriate style. You can also refer to the Library referencing page for other tools such as
EndNote, referencing tutorials and referencing guides for printing.
Submission instructions
The assessment will be submitted in Canvas as a Word document or PDF file (doc, docx, pdf).
Academic integrity and plagiarism information
Academic integrity is about honest presentation of your academic work. It means acknowledging the work of others while developing your own insights, knowledge, and ideas.
You should take extreme care that you have:
• Acknowledged words, data, diagrams, models, frameworks and/or ideas of others you have quoted (i.e., directly copied), summarised, paraphrased, discussed, or mentioned in your
assessment through the appropriate referencing methods
• Provided a reference list and /or bibliography of the publication details so your reader can locate the source if necessary. This includes material used from Internet sites.
If you do not acknowledge the sources of your material, you may be accused of plagiarism because you have passed off the work and ideas of another person without appropriate referencing, as if they were your own.
RMIT University treats plagiarism as a very serious offence constituting misconduct.
Plagiarism covers a variety of inappropriate behaviours, including:
• Failure to properly document a source
• Copyright material from the internet or databases
• Collusion between students
For further information on our policies and procedures, please refer to the University website.