The written portion of the Enterprise Cybersecurity Program Report should be in a formal and descriptive format and include supplemental items to unify it for the board for directors. The items listed below should be included, and any supporting documentation that helped you to reach your conclusions can be included as addendums.

The written portion of the Enterprise Cybersecurity Program Report should be in a formal and descriptive format and include supplemental items to unify it for the board for directors. The items listed below should be included, and any supporting documentation that helped you to reach your conclusions can be included as addendums.

  • Executive Overview (introduction and purpose) (1 Page)
  • Framework Enhancement Proposal (2 Pages)
    • The first order of business in designing an enterprise cybersecurity program is to make a list of what you need to know, an inventory of the key elements to a cybersecurity framework. You will have to assess the cybersecurity posture currently taken at your financial institution. Select the framework you feel your organization is currently using.
    • Make notes, a paragraph or two, on the specifics of the framework to use in the next step of identifying any vulnerabilities.
    • The cybersecurity framework selected in the previous step is only a structure or blueprint of possible solutions. Specific solutions, application, and implementation within a given framework are industry-driven. For example, in response to the credit card fraud in the retail industry, the bank card industry adopted the chip-and-PIN standard for credit cards.
    • Based on your knowledge of the current state of vectors of cyberattacks and the notes made in the previous step, create a list of vulnerabilities and how to address them within the chosen framework. Identify both technical and policy options to improve the defense posture of the institution. Add this list to your notes from the previous step. You will use this work in the next step of the project.
    • Using the framework evaluation from the previous step, identify potential improvements or solutions to missing elements for your financial services organization. The improvements or solutions you identify in this step will be used to design your organization’s framework in a future step.
  • Cybersecurity Framework Report (3 Pages)
    • Using notes from previous steps, design and describe an enterprise cybersecurity framework specific to your organization. Create a comprehensive framework covering all aspects of the previous steps in both technology and policy. Fully explain the baseline framework and why it was selected, demonstrate a thorough knowledge of cybersecurity vulnerability that the framework addresses, and use the rankings to explain recommended enhancements to the framework. Explain the enhanced cybersecurity framework that will serve as the foundation for the final Enterprise Cybersecurity Program Report. Include your proposal for framework improvements and solutions in this step.
  • Simulation Program Design (3 Pages)
    • It’s time to begin to develop the specific elements needed for the enterprise cybersecurity program. The best plan is one that can reveal points of possible failure, providing an opportunity for adjustment ahead of time. It is also beneficial for the enterprise to practice implementation of the framework in such a way that the response is timely and with minimal error. Using the Cybersecurity Framework Report and feedback received, design a cybersecurity simulation program for key employees to hone their responses to potential cyberattacks. Compile your ideas from this step to create a simulation program design, the design of any training program will consider the following elements: training objectives, audience, scenario types, simulation types, timeframe, cost, evaluation.
    • See the “Simulation Design Template” attachment to assist you in molding your ideas from the last step into a Simulation Program Design.
  • Cybersecurity Policy Report (3 Pages)
    • The previous steps dealt with the element of practice in an enterprise cybersecurity program. In this step, turn your attention to policy. Using notes taken in earlier steps as well as the Defense Framework Enhancement Proposal and the Cybersecurity Framework Report, compile a list of the policies that will best support the cybersecurity framework.
    • As the CISO, you will be expected to consider both strategic foresight leadership and strategic alignment to core business functions when reviewing cybersecurity policies. Include potential policy improvements or solutions to missing elements for your financial services organization. Note positives and negatives of aspects of each policy.
    • Using the evaluation of policy improvements in the previous step, as well as the Defense Framework Enhancement Proposal and the Cybersecurity Framework Report, create a description of how these policy solutions should be incorporated into the given framework. The description should thoroughly analyze the positives and negatives of all policy aspects of the foundational framework.
  • Cybersecurity Technology Report (3 Pages)
    • You have incorporated both simulation and policy into the design of the enhanced enterprise cybersecurity program. The final element is to consider current cybersecurity technology. Using the Defense Framework Enhancement Proposal and the Defense Framework Report, compile a list of cybersecurity technologies suggested for various cyberattacks. Look at whether these technologies are appropriate and current.
    • Using the evaluation of current technologies in the previous step, as well as the Defense Framework Enhancement Proposal and the Cybersecurity Framework Report, create a brief description of how these technologies should be incorporated into the given defense framework.
    • Begin with the enhanced defense framework as a foundation to your cybersecurity program design. Included in the design should be the three program components of simulation, policy, and technology. Finally, the program design should incorporate strategic foresight leadership and strategic alignment to core business functions.
    • In order to thoroughly explain why each concept is important, you may need to support your statements with scholarly references. A large part of the final result should be a focus on policies and procedures that should be implemented to leverage the technology, not just depend on the technology to provide maximum cybersecurity defense capabilities. Scan and make note of resources to support your statements in your report
  • Presentation (5 Pages)
    • Use the Enterprise Cybersecurity Program Report completed in the previous step to prepare your oral presentation to the board of directors. Write the presentation by first outlining the key points to be covered during the presentation. Remember that there will be nontechnical executives in the audience to whom you will have to sell your program. You will have five to 10 minutes to present your findings, help the executive leaders understand why the program will work, and why it is a good investment for the institution.