Week 5: Assessing Maturity for Cybersecurity Program Management

Must post first.

Before you begin read: https://www.energy.gov/sites/prod/files/2014/03/f13/C2M2-v1-1_cor.pdf

Our class focuses on integrating many different aspects of cybersecurity, information security, and information assurance.  Recent developments in the field of cybersecurity have resulted in a number of “maturity models” which can be used by external assessors to evaluate the maturity level of an organization’s cybersecurity management program.

For this discussion paper, you will need to research the Department of Energy’s Cybersecurity Maturity Model and then compare it to the NIST Cybersecurity Framework and other frameworks listed in the course readings. After you have done so, write a position paper in which you recommend a cybersecurity framework or maturity model as the basis for assessing the cybersecurity program for Padgett-Beale Financial Services. Assessments will be performed on an annual basis beginning one year after the company launches its new operations.

Your 5-7 paragraph position paper must answer the following questions (at a minimum). (You will need to write clearly and concisely to fit all required information into this restricted length.)

• What approach should the organization take in developing the Cybersecurity Management program? (What standards or frameworks should be used?)
• What laws and regulations must be addressed by the Cybersecurity Management Program in a financial services firm?
• What are the best practices that should be put into place to assess the maturity of PBI-FS’s cybersecurity management program?

Your task: You have been asked to give a presentation at an online training session for employees who are now working from home. The subject of this training session is: Access Controls and Why They Matter.

Background: Access controls are security features that are usually considered the first line of defense in asset protection. They are used to dictate how subjects access objects, and their main goal is to protect the objects from unauthorized access. Access control models are frameworks that use access controls to enforce the rules and objectives of the model (e.g. MAC, DAC, RBAC).

For this training, you should focus on the need to use Access Controls to protect corporate assets and data which are accessible via equipment and networks within the Work From Home setting. In your talking points you should also consider and address the frustrations that employees may feel when they encounter access controls that are not set up to allow the same type of “inside” access as employees had when working on company equipment inside company networks. (Explain why “turning off” access controls is not an acceptable solution to remote access to internal networks and resources.) Finally, address some potential “insider threats” which may exist in the Work From Home environment that need the countermeasures provided by access controls. Such threats could include the actions of others residing in the home who have access to the employee’s laptops or who use the same networks and network connections.

Format: This week, the format for your deliverable (posting) will be “Talking Points.” Talking points are presented in outline format and contain the content that you would put on slides in a slide deck. Your outline should include 5 to 7 major points (“slide titles”) followed by 3 to 5 supporting points for each. Remember to put enough information into the talking points that your peer reviewers can understand what you intend to cover in each section of your briefing. Remember to introduce the topic at the beginning, present your analysis, and then close your briefing with an appropriate summary. Include a list of sources (3 or more) which attendees could refer to if they wish to fact check your work.

Week 5 Discussion

The discussion assignment provides a forum for discussing relevant topics for this week on the basis of the course competencies covered. For this assignment, make sure you post your initial response to the Discussion Area by the due date assigned and complete your participation for this assignment by Day 7.

To support your work, use your course and text readings and also use resources from the South University Online Library. As in all assignments, cite your sources in your work and provide references for the citations in APA format. You may use this APA Citation Helper as a convenient reference for properly citing resources.

TASK
Clinical Practice Guidelines
Post your initial response to the topic below

Clinical practice guidelines use available evidence to develop recommendations that guide practice to improve patient care.

Select a clinical practice guideline, based on your area of interest, from one of the web sites below or another site. Describe the following information from the guideline you selected.

Identify the name of the clinical guideline and date developed
Identify the population
Identify 3 recommendations found in the guideline
Identify the grade or level of recommendation for the three recomendations identified and describe what the assigned grade or level means.
How can you use the information from the guideline in your practice?
Suggested Clinical Practice Guideline sites:

https://www.guidelinecentral.com/summaries/specialties/nursing/

https://www.ena.org/practice-resources/resource-library/clinical-practice-guidelines

https://www.uspreventiveservicestaskforce.org/BrowseRec/Index

https://guidelines.ecri.org/