CISO organizations

Topic #1
Division chiefs, program managers, and other senior staff members working in CISO organizations frequently find themselves needing to stay current on technologies while, at the same time, leading and managing segments of the IT security program and assigned staff. Attending conferences is one way that these senior level personnel can learn about new technologies, tactics, techniques, and practices which can be adopted by an enterprise. Over the course of two or three days, a busy manager or executive can attend a large number of briefings while also developing business relationships by networking with others in the field.
Find an IT Security or Cybersecurity conference that will be offered in the next six months and research the types of presentations and workshops which will be offered. Research the costs associated with attendance (conference fees, meals, lodging, travel). The conference venue must be within the continental United States. The conference itself should be one that you are interested in and would attend if the funding were made available.
Write up a travel request which includes a summary of the conference, a justification which explains the benefits of attendance (many conferences will provide a template), and an estimate for the costs that includes the following categories: conference or workshop fees, meals, lodging, travel. Format your travel request as a 1 - 1/2 page business memorandum (no more than 7 paragraphs) addressed to the Padgett-Beale CISO.
Your travel request should include links (URLs) for the conference and venue (including the hotel where you would stay). If meals are included in the conference fee then you should state that and not include those meals in your estimate. Use this GSA website to obtain estimates for meals that are not included in the conference fees: https://www.gsa.gov/travel/plan-book/per-diem-rates

TOPIC #2
Using the readings presented in Week 2 and additional research on your own, prepare a list of 3 to 5 recommendations for how block chain technologies can be used to reduce risk in financial transactions. Your analysis should include the use of blockchains to uncover (detect) money laundering and other crime related financial transactions similar to those which were discovered at Island Banking Services. Remember to use the 4 risk treatment strategies as discussed in CCISO Domain 1 Section 6.
Format your recommendations as a briefing paper that includes an introduction, your analysis of the benefits of blockchain technologies in reducing risk, your recommendations (with explanations), and a closing or summary paragraph. You should have at least 5 strong paragraphs in your briefing paper. Include citations and references (3 or more) to support your written work.

TOPIC #3
As part of its due diligence efforts, the M&A team has determined that the following events contributed substantially to the bankruptcy of Island Banking services.

1. Company officers and managers were able to conduct criminal activities using company IT assets without detection.
2. The company did not have a disaster recovery / business continuity plan in place. It could not restart operations due to the loss of servers and workstations (seized by law enforcement agents).
3. Storage media for servers and workstations had not been backed up to an off premises location leaving the company with no way to recover from the law enforcement seizure of storage media as evidence.
   The root cause for each event listed above was determined to be: ineffective and/or missing IT security controls.
   You have been asked to perform a gap analysis to assist in the identification and selection of IT security controls which could be implemented to remediate the situation ("close the gaps"). The CCISO has requested that you use the NIST Cybersecurity Framework and the NIST Security and Privacy Controls Catalog (NIST SP 800-53) as your source for IT security controls.
   Choose 3 to 5 families or categories of controls ("framework functions") which should be implemented to remediate the above deficiencies (at least one family, e.g. AU Audit and Accountability, or category, e.g. Recovery Planning, for each event). Describe how the selected controls will prevent or deter such events in the future ("close the gaps").
   Format your response as a business memorandum. For each control family or category, you should provide the following information (see Domain 2 Section 1.1.2 in CCISO):
   What it is
   What it does
   How the control performs its objective
   You should have at least 5 strong paragraphs in your memo. Include citations and references (3 or more) to support your written work.

Topic #4
The Merger & Acquisition team hired a team of external consultants to assist with identification of cultural issues which could result in barriers to the successful acquisition of Island Banking Services by Padgett-Beale. The consultants conducted interviews with Padgett-Beale executives and senior staff. They also used a standardized survey to measure attitudes and beliefs about culture and conflict management styles at Padgett-Beale. A survey of islanders was conducted as well. The results from both surveys have not yet been validated but, the early results show substantial similarities to existing national culture survey results for U.S. populations and residents of Fiji. You can learn more about the national culture surveys here: https://www.hofstede-insights.com/models/national-culture/ and here https://www.hofstede-insights.com/country-comparison/fiji,the-usa/

An additional survey was conducted among Padgett-Beale managers who will transfer to PBI-FS and island residents who have applied for jobs at PBI-FS. This survey focused primarily on the influence of context upon inter-cultural communications. This survey found that Padgett-Beale's corporate communications culture was "low context" while the job applicants expected a "high context" culture. For definitions and examples see http://www.culture-at-work.com/highlow.html
After reviewing the consultants' reports, the M&A team has decided to focus on differences in two factors which could present immediate barriers to success: (a) communications context and (b) power-distance.
Cultural Dimension Padgett Beale Managers & Employees PBI-FS Job Applicants (Islanders)
Communications Context Low Context High Context
Power-Distance Medium Power Distance High Power Distance

To answer questions and allay concerns, you've been asked to prepare a briefing about these factors to be given at the next senior leadership meeting. For that briefing you must research and answer the following questions:

1. What is "communications context" and how could it influence expectations of managers and employees and their relationships with each other at PBI-FS?
2. What is "power-distance" and how could it influence expectations of managers and employees and their relationships with each other at PBI-FS?
3. How might differences in communications context (low/high) and power-distance contribute to conflicts within the new organization (PBI-FS), e.g. between transferred PBI personnel and newly hired islanders?
4. What best practices should managers and executives follow when conflicts arise between the company (Padgett-Beale) and its new subsidiary (PBI-FS)?
   Organize your talking points around the four sets of questions. Then write your responses as a 5 to 7 paragraph briefing paper (you may use some bullet points but the majority of the content should be organized as paragraphs). This paper will be sent to the VP's and other senior leaders to read prior to the senior leadership meeting.

TOPIC #5
Before you begin read: https://www.energy.gov/sites/prod/files/2014/03/f13/C2M2-v1-1_cor.pdf
Our class focuses on integrating many different aspects of cybersecurity, information security, and information assurance. Recent developments in the field of cybersecurity have resulted in a number of "maturity models" which can be used by external assessors to evaluate the maturity level of an organization's cybersecurity management program.
For this discussion paper, you will need to research the Department of Energy's Cybersecurity Maturity Model and then compare it to the NIST Cybersecurity Framework and other frameworks listed in the course readings. After you have done so, write a position paper in which you recommend a cybersecurity framework or maturity model as the basis for assessing the cybersecurity program for Padgett-Beale Financial Services. Assessments will be performed on an annual basis beginning one year after the company launches its new operations.
Your 5-7 paragraph position paper must answer the following questions (at a minimum). (You will need to write clearly and concisely to fit all required information into this restricted length.)

1. What approach should the organization take in developing the Cybersecurity Management program? (What standards or frameworks should be used?)
   2.What laws and regulations must be addressed by the Cybersecurity Management Program in a financial services firm?
   3.What are the best practices that should be put into place to assess the maturity of PBI-FS's cybersecurity management program?

TOPIC #6
Policy development is a core competency required of Chief Information Security Officers. In order to develop policy, however, it is necessary that the CISO and other business leaders understand the underlying issues and, where technology is involved, they must also understand those issues as well.
Read this article: https://www.bigcommerce.com/blog/social-media-advertising/#the-6-best-social-networks-for-ecommerce-advertising
Choose one of the social media platforms listed in the article above and research its privacy policy. Then prepare an "expert opinion" paper for the senior leaders in your organization. (If you cannot find the privacy policy for a given social media platform, choose a different platform.)

For your opinion paper, you must
perform additional research and then write your informed opinion as to the privacy issues that exist or may exist for that platform
identify specific privacy issues which could adversely affect Padgett-Beale
identify any additional issues with that platform which could adversely affect Padgett-Beale's cybersecurity posture
answer the following questions in your paper
What do you think about your selected platform's approach to privacy?
How would the platform's privacy policy impact an organization that is contemplating using the platform for advertising and marketing?
Which of the social media services provided by the platform would you allow Padgett-Beale's marketing department to use?
Should Padgett-Beale's employees in general be permitted to use the platform during the work day (using company networks and/or IT resources). What risks are involved with permitting such usage?
what type of policy would you recommend that Padgett-Beale adopt to govern the organization's use of social media platforms for marketing and other forms of internal and external communications?

TOPIC #7
The senior leadership of your organization is preparing for its annual three day meeting. During these meetings, one day is devoted to current events / issues which the company finds itself needing to address. For this year's meeting, you have been asked to give a presentation on Cybercrime as a strategic threat to the organization.
To prepare for your presentation, you should find a recent news report or law enforcement press release about a specific instance of a cybercrime which impacted the financial services industry (or customers). Analyze the report / press release and then write a background paper containing your analysis and findings.
In your background paper, include a summary of the report or press release that addresses the crime, the perpetrator, motive (if known), methods, the victim(s), the object of the crime (systems, data, networks, etc.), and the outcome of the investigation / prosecution. (Who did what to whom? What happened?)
Should the company take actions or develop strategies to protect itself from similar crimes? What are your recommendations in this regard?
Require 5 to 7 paragraph background paper as a reply to this topic.

Sample Solution