Brief
This module focused on the importance of risk mitigation and the value companies can derive from implementing a risk mitigation strategy to improve organizational resilience and manage risks effectively. This assignment requires you to complete a cyber risk mitigation strategy for your organization.
As the notes made clear, a risk mitigation strategy helps an organization prioritize its risks so it can allocate resources efficiently. This final submission is an opportunity for you to reflect and condense all the knowledge you have gained over the duration of the course by incorporating feedback from your previous ongoing project submissions into a consolidated cyber risk mitigation strategy.
If you are completing your ongoing project on Sony, you are required to create a risk mitigation strategy that the organization should have followed in light of the 2014 hack.
Note:
All ongoing project submissions throughout the course need to focus on the same organization. Or, if you choose to focus on the case study of Sony, you will need to complete all your submissions on Sony.
It is highly recommended that you avoid disclosing any confidential information in your assignments. Although you are encouraged to draw on real-world experience during the course, you are urged to use pseudonyms (false names) and alter any sensitive details or data where necessary. You are responsible for ensuring that you do not disclose any information that is protected by confidentiality undertakings; all information is treated in accordance with our privacy policy.
Please read Section 4 of the Honor Code in the Orientation Module course handbook for more guidance.
Note:
· The published word count in each assignment is for satisfactory work – it is the amount of detail, analysis and nuance needed for a satisfactory score according to the rubric. If you exceed the published word count, you will not be penalized. The extra work can improve your grade – up to and including an exceptional score. Your grade is not dependent on the number of words you write. The word count is simply a benchmark for an average level of detail, analysis and nuance, and additional detail and nuance is needed to surpass a Satisfactory grade.
· You must not only include overall organizational context, but per-question context as well. This context allows the reader to understand what the organization does and which sector it is part of, as well as why each question is important to the organization.
3. Risk mitigation strategy
Introduction
Write a brief paragraph in which you provide a high-level overview of your organization’s need for a risk mitigation strategy.
(Write approximately 150 words)
Start writing here:
Vision
Outline your organization’s vision of what implementing a risk mitigation strategy will ideally achieve.
(Write approximately 150 words)
Start writing here:
Strategic goals and objectives
List at least four strategic goals your organization must achieve to reduce its risks to an acceptable level. List at least two objectives under each strategic goal that explain what must be done to achieve the strategic goal.
Note: A thorough risk mitigation strategy should include associated action plans and milestones, but you are not required to detail these for the purposes of this submission.
(Write approximately 450 words)
Start writing here:
Metrics
List at least three metrics your organization will use to analyze the achievement of its goals/objectives. These metrics should be specific to the goals/objectives listed in the previous question.
(Write approximately 150 words)
Start writing here:
Note:
Include refined versions of your previous submissions in the sections below. Where relevant, incorporate any feedback from your Tutor, as well as additional knowledge gained during the course to improve on your previous submissions.
Threat actors and methods of attack
Integrate your submission from Module 2, in which you identified at least two threat actors to your organization, and described methods of attack these actors could use.
If you are using the Sony case, integrate the submission in which you identified the threat actor Sony faced in the 2014 hack and their method of attack, as well as at least one other threat actor Sony could face in the future and what method of attack they might use.
(Write approximately 550 words)
Start writing here:
Business critical assets
Integrate your submission from Module 3, in which you identified the assets that are most essential to your organization or Sony’s ability to accomplish its mission. Describe what vulnerabilities there may be in the organization’s systems, networks, and data that may put these assets at risk.
(Write approximately 550 words)
Start writing here:
Cybersecurity governance
Integrate the three questions from your submission in Module 4, in which you recommended a cybersecurity leadership plan, improvements to management processes, and a cybersecurity awareness training program.
(Write approximately 1,200 words)
Start writing here:
Protective technologies
In Module 5, you compiled a list of questions you would ask to understand the technologies implemented to protect your organization’s critical systems, networks, and data. In this section, based on the questions you asked and by conducting any other additional research, identify technologies your organization can employ to protect its critical systems, networks, and data.
If you are using the Sony case, recommend protective technologies that could have addressed Sony’s shortcomings in protecting their critical networks, systems, and data.
Note:
This question requires you to submit a paragraph consolidating the information you learned, and is not a resubmission of the questions you submitted in Module 5.
(Write approximately 650 words)
Start writing here:
Legal considerations
In Module 6, you compiled a list of questions you would direct towards an organization’s senior management and general counsel in order to gauge the organization’s legal risk mitigation strategy and the adequacy of their preparations. In this section, based on the questions you asked, and by conducting any other additional research, discuss the legal considerations your organization should take into account when compiling its risk mitigation strategy.
If you are using the Sony case, recommend steps that could have addressed Sony’s shortcomings in protecting themselves from legal action.
Note:
This question requires you to submit a paragraph consolidating the information you learned, and is not a resubmission of the questions you submitted in Module 6.
(Write approximately 550 words)
Start writing here:
Incident response plan (not required)
Note:
The incident response plan is a central part of an organization’s cyber risk mitigation strategy. However, as you will not have an opportunity to revise your plan based on your Tutor’s feedback in time for Module 8, you are not required to integrate it into your final risk mitigation strategy. Please consult the grading breakdown in the Orientation Module course handbook for more information.