Heat maps
DEN1 — DEN1 TASK 1: CYBERSECURITY MANAGEMENT
PLAN
CYBERSECURITY MANAGEMENT — D489
PRFA — DEN1
Task Overview Submissions Evaluation Report
COMPETENCIES
4116.1.1: Describes Security Risks, Standards, and Roles
The learner describes the risks, standards, and roles that inform a company’s information security policy.
4116.1.2 : Develops Security Policies and Guidelines
The learner develops security policy, standards, procedures, and guidelines to strategically secure an
organization’s assets.
INTRODUCTION
Throughout your career in cybersecurity management, you will be expected to be able to develop and
improve an IT department to support a company’s strategic goals and mission. To accomplish this,
assessments of the organization’s cybersecurity posture will need to be conducted to secure the company’s
information and systems. The organization’s leadership may decide to hire external consultants to do this
assessment. The consultants will review the security policies, standards, procedures, and guidelines that are
used to secure the company’s assets. Additionally, they will look at compliance issues, personnel roles and
assignments, continuity plans, and overall risk management.
In this task, you will analyze an independent assessment and respond to it in a detailed written report. You
will need to read the attached “Company Overview” and “Independent Security Report” that correspond with
the following scenario.
SCENARIO
SAGE Books is a retail bookseller that provides customers with a one-stop-shopping experience for books,
magazines, and multimedia (music, DVDs, and Blu-ray). During a recent board meeting, the discussion
centered on how the company can improve its operations and secure its information and information
systems. Board members focused on enhancing SAGE'’s e-commerce website, keeping cybersecurity at the
forefront of its new website design and marketing plan. As a result of this meeting, the board decided to have
an independent assessment of the cybersecurity posture of the company. The assessment was completed by
Secure Tech Solutions. This organization uncovered a number of issues with SAGE Books's security program
and sent a security report detailing what was found. (See the “Independent Security Report” supporting
document.)
, As SAGE Books's chief information security officer (CISO), you act as the leader of the cybersecurity
department. You are required to review the report and write SAGE Books's response to the proposed
security improvements. You must determine the appropriate actions to take, resulting in a plan for fixing the
revealed issues. Your response must be provided in a written report outlining the ways SAGE Books will
improve security. This report will be given to the board of directors and upper management, including the
chief executive officer (CEO).
REQUIREMENTS
Your submission must be your original work. No more than a combined total of 30% of the submission and no
more than a 10% match to any one individual source can be directly quoted or closely paraphrased from
sources, even if cited correctly. The similarity report that is provided when you submit your task can be used
as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that
will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric
aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless
specified in the task requirements. All other submissions must be file types that are uploaded and submitted
as attachments (e.g., .docx, .pdf, .ppt).
A. Summarize the gaps that exist currently in the company’s security framework as described in the attached
“Independent Security Report.”
B. Develop mitigation strategies to address the gaps identified in the “Independent Security Report,’
ensuring compliance with PCI DSS and GDPR.
C. Identify three critical security staff positions and the responsibilities for each position, which must be
hired to meet compliance, risk, and governance requirements using the NICE Framework discussed in the
“Independent Security Report.”
D. Describe at leastthree physical vulnerabilities and/or threats and at /east three logical vulnerabilities
and/or threats and how eachimpacts the security posture of the company based on the attached
“Company Overview” document and “Independent Security Report.”
E. Develop a cybersecurity awareness training program in alignment with NIST standards, including the
following:
e annual training requirements
¢ specialized training requirements
¢ continued awareness
F. Summarize the standards required for securing organizational assets regarding policies for acceptable use,
mobile devices, passwords, and personally identifiable information (PIl), using regulatory or contractual
sources to support your claims.
G. Develop anincident response plan for the company in alignment with the attached “Independent Security
Report,” following the four incident handling phases according to NIST standards.
DEN1 — DEN1 TASK 1: CYBERSECURITY MANAGEMENT
PLAN
CYBERSECURITY MANAGEMENT — D489
PRFA — DEN1
Task Overview Submissions Evaluation Report
COMPETENCIES
4116.1.1: Describes Security Risks, Standards, and Roles
The learner describes the risks, standards, and roles that inform a company’s information security policy.
4116.1.2 : Develops Security Policies and Guidelines
The learner develops security policy, standards, procedures, and guidelines to strategically secure an
organization’s assets.
INTRODUCTION
Throughout your career in cybersecurity management, you will be expected to be able to develop and
improve an IT department to support a company’s strategic goals and mission. To accomplish this,
assessments of the organization’s cybersecurity posture will need to be conducted to secure the company’s
information and systems. The organization’s leadership may decide to hire external consultants to do this
assessment. The consultants will review the security policies, standards, procedures, and guidelines that are
used to secure the company’s assets. Additionally, they will look at compliance issues, personnel roles and
assignments, continuity plans, and overall risk management.
In this task, you will analyze an independent assessment and respond to it in a detailed written report. You
will need to read the attached “Company Overview” and “Independent Security Report” that correspond with
the following scenario.
SCENARIO
SAGE Books is a retail bookseller that provides customers with a one-stop-shopping experience for books,
magazines, and multimedia (music, DVDs, and Blu-ray). During a recent board meeting, the discussion
centered on how the company can improve its operations and secure its information and information
systems. Board members focused on enhancing SAGE'’s e-commerce website, keeping cybersecurity at the
forefront of its new website design and marketing plan. As a result of this meeting, the board decided to have
an independent assessment of the cybersecurity posture of the company. The assessment was completed by
Secure Tech Solutions. This organization uncovered a number of issues with SAGE Books's security program
and sent a security report detailing what was found. (See the “Independent Security Report” supporting
document.)
, As SAGE Books's chief information security officer (CISO), you act as the leader of the cybersecurity
department. You are required to review the report and write SAGE Books's response to the proposed
security improvements. You must determine the appropriate actions to take, resulting in a plan for fixing the
revealed issues. Your response must be provided in a written report outlining the ways SAGE Books will
improve security. This report will be given to the board of directors and upper management, including the
chief executive officer (CEO).
REQUIREMENTS
Your submission must be your original work. No more than a combined total of 30% of the submission and no
more than a 10% match to any one individual source can be directly quoted or closely paraphrased from
sources, even if cited correctly. The similarity report that is provided when you submit your task can be used
as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that
will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric
aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Tasks may not be submitted as cloud links, such as links to Google Docs, Google Slides, OneDrive, etc., unless
specified in the task requirements. All other submissions must be file types that are uploaded and submitted
as attachments (e.g., .docx, .pdf, .ppt).
A. Summarize the gaps that exist currently in the company’s security framework as described in the attached
“Independent Security Report.”
B. Develop mitigation strategies to address the gaps identified in the “Independent Security Report,’
ensuring compliance with PCI DSS and GDPR.
C. Identify three critical security staff positions and the responsibilities for each position, which must be
hired to meet compliance, risk, and governance requirements using the NICE Framework discussed in the
“Independent Security Report.”
D. Describe at leastthree physical vulnerabilities and/or threats and at /east three logical vulnerabilities
and/or threats and how eachimpacts the security posture of the company based on the attached
“Company Overview” document and “Independent Security Report.”
E. Develop a cybersecurity awareness training program in alignment with NIST standards, including the
following:
e annual training requirements
¢ specialized training requirements
¢ continued awareness
F. Summarize the standards required for securing organizational assets regarding policies for acceptable use,
mobile devices, passwords, and personally identifiable information (PIl), using regulatory or contractual
sources to support your claims.
G. Develop anincident response plan for the company in alignment with the attached “Independent Security
Report,” following the four incident handling phases according to NIST standards.
