the need for cybersecurity awareness training

MODULE 4 UNIT 3
Ongoing project

HAR CYB Module 4 Unit 3 Ongoing project

Learning outcomes:

LO4: Investigate the need for cybersecurity awareness training.

LO5: Recommend a cybersecurity leadership plan for an organization.

Name:

1. Instructions and guidelines (Read carefully)

Instructions

1.      Insert your name and surname in the space provided above, as well as in the file name. Save the file as: First name Surname M4 U3 Ongoing projecte.g. Zadie Smith M4 U3 Ongoing project. NB: Please ensure that you use the name that appears in your student profile on the Online Campus.

2.      Write all your answers in this document. There is an instruction that says, “Start writing here” under each question. Please type your answer there.

3.      Submit your assignment in Microsoft Word only. No other file types will be accepted.

4.      Do not delete the plagiarism declaration or the assignment instructions and guidelines. They must remain in your assignment when you submit.

PLEASE NOTE: Plagiarism cases will be investigated in line with the Terms and Conditions for Students.

IMPORTANT NOTICE: Please ensure that you have checked your course calendar for the due date for this assignment.

Guidelines

1.      Make sure that you have carefully read and fully understood the questions before answering them. Answer the questions fully but concisely and as directly as possible. Follow all specific instructions for individual questions (e. g. “list”, “in point form”).

2.      Answer all questions in your own words. Do not copy any text from the notes, readings or other sources. The assignment must be your own work only.

Plagiarism declaration:
1. I know that plagiarism is wrong. Plagiarism is to use another’s work and pretend that it is one’s own. 2. This assignment is my own work. 3. I have not allowed, and will not allow, anyone to copy my work with the intention of passing it off as his or her own work. 4. I acknowledge that copying someone else’s assignment (or part of it) is wrong, and declare that my assignments are my own work.

2. Questions

In this module, you were introduced to the importance of cybersecurity governance as a fundamental aspect of protecting an organization’s information systems. Each unit in this module explores one of the three crucial areas of cybersecurity governance that need to be considered when developing a risk mitigation strategy. This ongoing project is broken down into three separate questions that deal with the content from the three units.

Note:

All ongoing project submissions throughout the course need to focus on the same organization. Or, if you choose to focus on the case study of Sony, you will need to complete all your submissions on Sony.

It is highly recommended that you avoid disclosing any confidential information in your assignments. Although you are encouraged to draw on real-world experience during the course, you are urged to use pseudonyms (false names) and alter any sensitive details or data where necessary. You are responsible for ensuring that you do not disclose any information that is protected by confidentiality undertakings; all information is treated in accordance with our privacy policy.

Please read Section 4 of the Honor Code in the Orientation Module course handbook for more guidance. 

2.1. Question 1 (from unit1 video transcripts and Sony case study)

Unit 1 focused on various leadership roles and their respective responsibilities in implementing an effective cybersecurity governance plan. Consider the leadership roles in Sony and their responsibilities in implementing the organization’s cybersecurity strategy:

  • Drawing on your learnings from this module, explain the organization’s governing structure, and its approach to cybersecurity (as detailed in its policies and, where possible, observed in practice). If you are focusing on Sony, you may extrapolate the formal roles from the data available (in the case study and from your own research) and contrast this with what was observed.
  • Based on your substantiation above, recommend changes that should be implemented and, if applicable, propose a new cybersecurity leadership plan that addresses its shortcomings.

                                                                                                        (Approx. 300 words)

Start writing here:

2.2. Question 2 (from unit 2 notes and Sony case study)

Unit 2 of this module described the management processes organizations should consider when developing a cybersecurity governance plan. Identify the steps Sony is taking to implement the management processes discussed in the Unit 2 notes, and address the following:

  • Evaluate why the management processes utilized by Sony were insufficient to ensure good cybersecurity governance; and
  • Based on your substantiation above, recommend management processes that would have addressed Sony’s shortcomings in implementing a cybersecurity governance plan and should be adhered to going forward.

(Approx. 250 words)

Start writing here:

2.3. Question 3 (from unit 3 notes and Sony case study)

Unit 3 focuses on the importance of keeping an organization’s cybersecurity awareness updated. To do so, the notes described the types of security awareness training that are available and the topics that should ideally be included in training programs. In your answer, address the following:

  • If relevant, identify any cybersecurity awareness programs or practices utilized by Sony, and evaluate whether they sufficiently cover the recommended topics mentioned in the Unit 3 notes.  
  • Based on your substantiation above, provide an outline of a cybersecurity awareness program you would suggest for Sony.

Your outline of the training program should cover the following four aspects:

  1. The type of security awareness training (classroom or online);
  2. The topics included in the training program;
  3. The target audience; and
  4. The roles and responsibilities of those responsible for executing the training program.

Each aspect should be accompanied by reasons for your choices based on the organization’s context and needs.

                                                                                                                (Approx. 300 words)

Start writing here:

Your ongoing project submission will be graded according to the following rubric:

 Very poorPoorSatisfactoryVery goodExceptional
Adherence to brief Student answers all the three questions, which include: a cybersecurity leadership plan;  cybersecurity management processes; and an outline of a cybersecurity awareness program.  No submission. OR Student fails to address any element of the brief. (0)  Some key elements are not addressed. Most information provided is irrelevant. (5.5)Student adheres to most of the brief. Sufficient information is provided and is mostly relevant. (7)Student adheres to almost all elements of the brief. Almost all information is provided and is relevant. (8.5)Student fully adheres to the brief. All information provided is comprehensive and relevant. (10)
Question 1: Insight into an organization’s leadership roles and their associated responsibilities in implementing cybersecurity governance Student demonstrates their understanding by identifying the roles organizational leaders play in implementing cybersecurity governance strategies, evaluating the effectiveness of an organization’s leadership structure in relation to cybersecurity governance, and recommending changes to improve how an organization’s leadership executes cybersecurity strategies.No submission. OR Student fails to demonstrate even basic understanding of the responsibilities of organizational leaders, and does not evaluate the leadership structure’s effectiveness or proposed recommended changes. (0)  Student shows an incomplete understanding of the responsibilities of organizational leaders and does not evaluate the leadership structure’s effectiveness or proposed recommended changes. (5.5)Student demonstrates a satisfactory understanding of the responsibilities of organizational leaders and evaluates the leadership structure’s effectiveness and proposed recommended changes. (7)Student demonstrates a strong understanding of the responsibilities of organizational leaders, and their evaluation of the leadership structure’s effectiveness. Recommended changes illustrate a degree of insight. (8.5)Student demonstrates a thorough and an incisive understanding of the responsibilities of organizational leaders, and their evaluation of the leadership structure’s effectiveness. Recommended changes illustrate great depth of insight. (10)
Question 2: Insight into an organization’s cybersecurity management processes Student demonstrates their understanding by accurately describing management processes that are essential to an organization’s cybersecurity, evaluating whether an organization’s management processes are sufficient to ensure good cybersecurity governance, and providing recommendations for management processes that would improve an organization’s cybersecurity governance.   No submission. OR Student fails to demonstrate even basic understanding of the management processes that are essential to an organization’s cybersecurity and does not evaluate the organization’s management processes or recommended changes.    (0)  Student shows an incomplete understanding of the management processes that are essential to an organization’s cybersecurity, and did not provide a satisfactory evaluation of the organization’s management processes, and does not provide satisfactory recommended changes. (5.5)Student demonstrates a satisfactory understanding of the management processes that are essential to an organization’s cybersecurity and evaluates the organization’s management processes and recommended changes. (7)Student demonstrates a strong understanding of the management processes that are essential to an organization’s cybersecurity, and their evaluation of the management processes. Recommended changes illustrate a degree of insight. (8.5)Student demonstrates a thorough and an incisive understanding of the management processes that are essential to an organization’s cybersecurity, and their evaluation of the management processes. Recommended changes illustrate a great deal of insight. (10)
Question 3: Insight into cybersecurity awareness and training Student demonstrates their understanding by providing a substantial description of the types of cybersecurity awareness training, the topics that should be covered in cybersecurity awareness training, and the roles and responsibilities of those who need to execute the training program.No submission. OR Student fails to demonstrate even basic understanding of cybersecurity awareness training and does not evaluate the organization’s training program or recommended changes. (0)  Student shows an incomplete understanding of cybersecurity awareness training and does not provide a satisfactory evaluation the organization’s training program, and does not provide satisfactory recommended changes. (5.5)Student demonstrates a satisfactory understanding of cybersecurity awareness training and evaluates the organization’s training program and recommended changes.   (7)Student demonstrates a strong understanding of cybersecurity awareness training and evaluates the organization’s training program. Recommended changes  convey a degree of insight. (8.5)Student demonstrates a thorough and an incisive understanding of cybersecurity awareness training and evaluates the organization’s training program. Recommended changes illustrate a great deal of insight. (10)
Organization of writing Answers are structured clearly and logically.  No submission. OR Complete lack of logical structure. (0)Answers have some logical structure, but not enough to justify a passing grade. (5.5)Answers are structured fairly well in terms of logic and clarity. (7)Answers are structured very well in terms of logic and clarity. (8.5)Answers are structured exceptionally well in terms of logic and clarity. (10)

Total: 50 marks