What is vulnerability assessment?Who is generally involved in a vulnerability assessment?

Week 8 Discusssion

Assignment: Submit one initial post addressing the topics below, and respond to two classmate’s posts.

1. What is vulnerability assessment?

2. Who is generally involved in a vulnerability assessment?

3.If you were the CISO, what would you like to see in the vulnerability assessment report?
Guidelines:

Provide one post of no less than 300 words. Cite sources when applicable.

Sources and citations should be in APA format.

Describe the problem you are fixing by proposing this new cybersecurity program. This would include potential threat, financial loss, etc, that the organization faces due to lack of cybersecurity.

Week 8 Program White Paper

Describe the problem you are fixing by proposing this new cybersecurity program. This would include potential threat, financial loss, etc, that the organization faces due to lack of cybersecurity.

Write a security policy for your organization. The purpose of a security policy is to safeguard the confidentiality, integrity, and availability, of the organization’s systems and information. Be sure to include objectives, scope, specific goals, and consequences in the event of noncompliance.
Create a team.

Define roles and responsibilities of all stakeholders, including those of the CISO.

Describe the access control methods you would implement for your building and network.

What are the limitations of this metric?How can this metric be used to evaluate one or more of the technologies selected for study? (refer back to Week 6)Post your three to five paragraph short paper as a response to this discussion topic.

Return on Security Investment

This discussion item is part of the Analysis of Alternatives exercise.

Your CISO has asked you to lead a Brown Bag lunch discussion about the costs and benefits of investments in security technologies.

The reading assignment for this discussion is: Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security.

You have been asked to prepare a short discussion paper to be used to spark discussion amongst the attendees. Your paper must address the following:

What is the ROSI calculation?

How is it used to evaluate cybersecurity technologies?

What are the limitations of this metric?

How can this metric be used to evaluate one or more of the technologies selected for study? (refer back to Week 6)Post your three to five paragraph short paper as a response to this discussion topic.

Include APA format citations and references as appropriate to the information used and the sources from which you obtained that information.

Reference

European Network and Information Security Agency. (2012). Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security. Heraklion, Crete, Greece: Author. Retrieved from https://www.enisa.europa.eu/activities/cert/other-work/introduction-to-return-on-security-investment/at_download/fullReport
Hide full description