1. Moral and ethical requirements should serve as drivers which encourage a business to invest in orspend money on cybersecurity products, services, and programs.
You have been invited to participate in a “lightening round” panel on the above topic at a conference on Best Practices for IT Security Management. For this activity you must prepare a 3 to 5 paragraph briefing statement which answers the following questions. Use information from the weekly readings and Case Study #1.
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
2. Case Study #1: Why should businesses invest in cybersecurity?
Case Scenario:
A client company has asked your cybersecurity consulting firm to provide it with a 2 to 3 page white paper which discusses the business need for investments in cybersecurity. The purpose of this white paper is to “fill in the gaps” in a business case that was already prepared by the company’s Chief Information Officer.
The target audience for your paper is the company’s C-suite executives. These executives will be meeting later this month to discuss budget requests from department heads. The company has requested that your white paper use the same investment categories as are already in use for the CIO’s business case: people, processes, and technologies.
Research:
1. Read / Review the Week 1 readings.
2. Find three or more additional sources which provide information about best practice recommendations for cybersecurity and other reasons why businesses should invest in people, processes, and technologies related to cybersecurity. These additional sources can include analyst reports (e.g. Gartner, Forrester, Price-Waterhouse, Booz-Allen) and/or news stories about recent attacks /threats, data breaches, cybercrime, cyber terrorism, etc.
Write:
Write a two to three pagesummary of your research. At a minimum, your summary must include thefollowing:
1. Anintroduction or overview of cybersecuritywhich provides definitions and addresses the business need forcybersecurity. This introduction should be suitable for an executive audience.
2. Aseparate section which addresses ethical considerations which drive the business need for investments incybersecurity.
3. A review of best practices and recommendations whichcan be added to the existing businesscase to provide justification for cybersecurity-focused investments in thethree investment categories identified by the company: people, processes, andtechnologies.
Your whitepaper should use standard terms and definitions for cybersecurity. See Course Content > Cybersecurity Concepts Review for recommended resources.
me: Case Study #1 RubricCriteriaExcellentOutstandingAcceptableNeeds ImprovementNeeds Significant ImprovementMissing or UnacceptableIntroduction or Overview for the Case Study20 points
Provided an excellent overview of the case study which provided definitions for key terms and addressed the business need for cybersecurity. The overview appropriately used information from 3 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites.18 points
Provided an outstanding overview of the case study which provided definitions for key terms and addressed the business need for cybersecurity. The overview appropriately used information from 2 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites.16 points
Provided an overview of the case study which addressed the business need for cybersecurity. The overview appropriately used information from authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites.14 points
Provided an overview but the section lacked important details about the case. Information from authoritative sources was cited and used in the overview.10 points
Attempted to provide an introduction to the case study but this section lacked detail and/or was not well supported by information drawn from authoritative sources. 0 points
The introduction and/or overview sections of the paper were off topic. Identified and Explained Ethical Considerations Impacting Cybersecurity Investment Decisions20 points
Provided an excellent discussion of 3 or more ethical considerations which drive the business need for investments in cybersecurity. Discussion included: duty, social contract, and utilitarianism. Appropriately used information from 3 or more authoritative sources.18 points
Provided an outstanding discussion of 3 or more ethical considerations which drive the business need for investments in cybersecurity. Discussion included: duty, social contract, and utilitarianism. Appropriately used information from 3 or more authoritative sources.16 points
Provided a discussion of at least 3 ethical considerations which drive the business needfor investments in cybersecurity. Discussion included: duty, social contract, and utilitarianism. Appropriately used information from authoritative sources.14 points
Provided a discussion of ethical considerations in the context of cybersecurity investments by a business. Information from authoritative sources was cited and used.9 points
Provided a discussion of ethics in the context of business decisions or cybersecurity. The discussion lacked detail and/or was not well supported by information drawn from authoritative sources.0 points
This section was missing, off topic, or failed to provide information about ethical considerations for business investment decisions.Best Practices and Recommendations for Business Case for Cybersecurity Investments20 points
Provided an excellent discussion of 3 or more best practices (with recommendations) which could be added to an existing business case. Recommendations provided an excellent justification of thebusiness need for investments in cybersecurity. Appropriately used information from 3 or more authoritative sources.18 points
Provided an outstandingdiscussion of 3 or more best practices (with recommendations) which could be added to an existing business case. Recommendations provided an outstanding justification of thebusiness need for investments in cybersecurity. Appropriately used information from 3 or more authoritative sources.16 points
Provided a discussion best practices and recommendations which could be added to an existing business case. Recommendations provided a justification of the business need for investments in cybersecurity. The discussion was supported by information drawn from authoritative sources.14 points
Discussion provided some information about best practices and included recommendations for investments in cybersecurity. Mentioned information obtained from authoritative sources.9 points
Included recommendations for cybersecurity investments but the discussion lacked detail and/or was not supported by information from authoritative sources.0 points
This section was missing, off topic, or failed to address best practices and/or recommendations for investments in cybersecurity.Investment Categories: People, Processes, & Technologies10 points
Provided an excellent discussion of investments which was organized in 3 investment categories: people, processes, and technologies. Appropriately used information from 3 or more authoritative sources.8.5 points
Provided an outstanding discussion of investments which was organized in 3 investment categories: people, processes, and technologies. Appropriately used information from 3 or more authoritative sources7 points
Provided a discussion of investments which was organized in 3 investment categories: people, processes, and technologies. The discussion was supported by information drawn from authoritative sources.6 points
Provided a discussion of investments which mentioned people, processes, and technologies.Mentioned information obtained from authoritative sources.4 points
Provided a discussion of investments which mentioned at least one of the required investment categories: people, processes, and technologies OR, investments discussionwas not supported by information from authoritative sources..0 points
Did not mention the three required investment categories.Addressed security issues using standard cybersecurity terminology5 points
Demonstrated excellence in the integration of standard cybersecurity terminology into the case study.4 points
Provided an outstanding integration of standard cybersecurity terminology into the case study.3 points
Integrated standard cybersecurity terminology into the into the case study2 points
Used standard cybersecurity terminology but this usage was not well integrated with the discussion.1 point
Misused standard cybersecurity terminology.0 points
Did not integrate standard cybersecurity terminology into the discussion.APA Formatting for Citations and Reference List5 points
Work contains a reference list containing entries for all cited resources. Reference list entries and in-text citations are correctly formatted using the appropriate APA style for each type of resource.4 points
Work contains a reference list containing entries for all cited resources. One or two minor errors in APA format for in-text citations and/or reference list entries.3 points
Work contains a reference list containing entries for all cited resources. No more than 3 minor errors in APA format for in-text citations and/or reference list entries.2 points
Work has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 5 minor errors in APA format for in-text citations and/or reference list entries.1 point
Work attempts to credit sources but demonstrates a fundamental failure to understand and apply the APA formatting standard as defined in the Publication Manual of the American Psychological Association (6th ed.).0 points
Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper.Professionalism Part I: Organization & Appearance5 points
Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.4 points
Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings (per the assignment’s directions).3 points
Organization and/or appearance of submitted work could be improved through better use of fonts, color, titles, headings, etc. OR Submitted work has multiple style or formatting errors. Professional appearance could be improved.2 points
Submitted work has multiple style or formatting errors. Organization and professional appearance need substantial improvement.1 point
Submitted work meets minimum requirements but has major style and formatting errors. Work is disorganized and needs to be rewritten for readability and professional appearance.0 points
No work submitted.Professionalism Part II: Execution15 points
No formatting, grammar, spelling, or punctuation errors.14 points
Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance.13 points
Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work.11 points
Submitted work has numerous errors in formatting, spelling, grammar, or punctuation. Work is unprofessional in appearance.4 points
Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage.0 points
No work submitted.Overall ScoreExcellent
90 or moreOutstanding
80 or moreAcceptable
70 or moreNeeds Improvement
56 or moreNeeds Significant Improvement
36 or moreMissing or Unacceptable
0 or moreClose
