CSEC610 – INDIVIDUAL ASSIGNMENT DUE
Description: Write a research paper (about 8-10 double spaced pages) based on your research and analysis of an organization of your choice.
- It is best to choose an organization for which you have ability to do research – through interviews, publicly available information, audit reports, personal knowledge, reports and analyses done by other scholars. It is okay to use a generic name for an organization if you need to maintain confidentiality of the organization.
- You may also choose a company or government agency that has suffered a data breach. Talk about breach and the cybersecurity issues before and after. How did they handle and protect data. Make recommendations. Think of OPM, Target, Neiman Marcus, Home Depot, Anthem, Community Health Systems, or almost any bank or Wall Street organization which has had data breaches for which a lot of information is readily available.
- Identify the mission of the organization. As a cybersecurity professional you need to think of the business mission. Your primary role is to ensure success of the organization through a risk optimized digital strategy. In this section inform the reader what you feel is relevant for your story.
- Identify the Risks of the most critical systems for the organization – this helps you to narrow down. For example the Point of Sale (POS) or the Patient Health Information Management system could be the most critical systems for some company. This will allow you to limit the scope of your analysis to the most critical systems. Otherwise the scope can become too large for a paper of this size.
- Think of risks to data in all three states: Transmission, Processing, Storage
- While identifying risks, discuss cybersecurity risks using Confidentiality, Integrity, and Availability terms. However tie it to overall business risks, which could be financial, market share, reputation loss, damages, legal fees, and other similar issues.
- While identifying risks, while it is okay to concentrate on technical risks, do not ignore policy and people related risks.
- Organizational structure and governance have been glaring weaknesses for many organizations such as OPM, Anthem, or Target. This is why looking at the cybersecurity leadership and overall organization structure of the organization may be very important to your analysis. For example are they missing key executives such as Chief Information Officer or Chief Information Security Officer. If these people are present, are they empowered to do their job or are some unqualified or inappropriate people such as a Chief Financial Officer overruling them at all times? Do they report to the CEO or board? When incidents happen who makes decisions? Who declares a disaster? Who informs law enforcement, media? Do they even have an Incident Response or Disaster Recovery Plan?
- Your primary reading sources should be authoritative. NIST guidance is authoritative. Citable sources can be a judgment call – a couple of weaker sources for minor points when a whole bunch of other strong sources have been used for major points are frequently acceptable. CSO magazine would be a weak source – but may be usable to make a minor point. google.comand university library collections with IEEE/ACM papers and other research pieces are frequently good sources for scholarly pieces.
- Include illustrations (figures) with APA compliant headings and citations to explain and support your arguments. Experiments data should be included while possible.
- Prepare your paper in Word. Include a cover page, an abstract, and table of contents, introduction, main text with section headings and subheadings, conclusions, and a minimumof 7 references. Include in-text citations and a reference list at the end in APA compliant format.