Case Scenario:

A client company has asked your cybersecurity consulting firm to provide it with a 2 to 3 page white paper which discusses the business need for investments in cybersecurity. The purpose of this white paper is to “fill in the gaps” in a business case that was already prepared by the company’s Chief Information Officer. The target audience for your paper is the company’s C-suite executives. These executives will be meeting later this month to discuss budget requests from department heads. The company has requested that your white paper use the same investment categories as are already in use for the CIO’s business case: people, processes, and technologies.

Research:
1.       Read / Review the Week 1 readings.

a.       Cyberspace and the Need for Cybersecurity(Course Module)

b.      Preparing a Business Case (p. 1 only) http://www.ctg.albany.edu/publications/guides/smartit2?chapter=5&PrintVersion=2

c.       An Introduction to the Business Model for Information Security http://www.isaca.org/knowledge-center/research/documents/introduction-to-the-business-model-for-information-security_res_eng_0109.pdf

d.      http://philosophy.lander.edu/ethics/kant.html  (Duty Ethics)

e.      The social contract, social enterprise, and business model innovation http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=102369404&site=ehost-live&scope=site

f.        http://philosophy.lander.edu/ethics/calculus.html (Utilitarianism)

g.       Definition of Cybersecurity at http://niccs.us-cert.gov/glossary

h.      What is cybersecurity? http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm

2.       Find three or more additional sources which provide information about best practice recommendations for cybersecurity and other reasons why businesses should invest in people, processes, and technologies related to cybersecurity. These additional sources can include analyst reports (e.g. Gartner, Forrester, Price-Waterhouse, Booz-Allen) and/or news stories about recent attacks / threats, data breaches, cybercrime, cyber terrorism, etc.

Write:
Write a two to three page summary of your research. At a minimum, your summary must include the following:

1.       An introduction or overview of cybersecurity which provides definitions and addresses the business need for cybersecurity. This introduction should be suitable for an executive audience.

2.       A separate section which addresses ethical considerations which drive the business need for investments in cybersecurity.

3.       A review of best practices and recommendations which can be added to the existing business case to provide justification for cybersecurity-focused investments in the three investment categories identified by the company: people, processes, and technologies.

Your white paper should use standard terms and definitions for cybersecurity. The following sources are recommended:
·         NICCS Glossary http://niccs.us-cert.gov/glossary

·         The Five Pillars of Information Security: protection, detection, reaction, documentation, prevention (Ameri, 2004). http://cf.rims.org/Magazine/PrintTemplate.cfm?AID=2409

Submit For Grading
1.       Submit your case study in MS Word format (.docx or .doc file) using the Case Study #1 Assignment in your assignment folder. (Attach the file.)

Formatting Instructions
Use standard APA formatting for the MS Word document that you submit to your assignment folder.

[end]