CYB-690 Cybersecurity Program: Business Strategies and Risks Analysis

Verified

Added on 2022/11/28

AI Summary

This report presents a cybersecurity program designed to align with business needs, regulations, and compliance standards. It explores three key domains: business functions, IT assets, and data, emphasizing the importance of regular updates. The report delves into business strategies to ensure sustainability, availability, and reliability, highlighting the significance of understanding sustainability, partnering with employees, and fostering transparent communication. It also analyzes risk assessments, gap analysis, and current cybersecurity trends to formulate a governance strategy, including a vision and strategies centered around business enablement, operational excellence, and risk management. The program aims to protect against cyber threats through robust security controls and incident response mechanisms, with a focus on continuous improvement through training and program maintenance.

Running head: CYBER-SECURITY PROGRAM
Cyber-security Program
Name of the Student:
Name of the University:
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1CYBERSECURITY PROGRAM
4.1: Develop cyber-security program aligned with business needs, regulations, and
compliance standards to enhance an organization's security posture.
No single tactics or strategy can guarantee the success of a security program aligned
with the business goals, regulations and compliance. Hence, to enhance the security of the
organization, the cyber-security program needs to be regularly updated (Cherdantseva et al.,
2016). However, the organization can shed light upon three domains to improve the cyber-
security program aligned with the business needs.
Business functions: These are normal operations or functions that are being carried by the
employees of an organization. These include purchasing, marketing, R&D, HR, sales,
manufacturing. The ABC software Inc. need to implement such security controls to protect
the business functions mentioned above. The security control should include governance,
planning and management.
IT assets: IT assets includes all the hardware and software that the company use to perform
daily activities such as routers, mobile devices, computers, servers. Security of these items is
the utmost priority for the company.
Data: Like other organization, ABC software also has a large amount of data to store and
protect (Cherdantseva et al., 2016). These data includes employee’s personal details, login
credentials and other sensitive information. The security program should be able to protect
everything inside the organization.
4.2: Determine appropriate business strategies to ensure business sustainability,
availability, and reliability and articulate these needs to relevant stakeholders.
The customers of this decade are educated and with high moral values. They only
chose businesses that share the same moral values as them. The organizations need to have an

2CYBERSECURITY PROGRAM
efficient business strategy to ensure that their business is sustainable, available and reliable to
the customers.
Understand and recognize importance of sustainability: At first, the company need to
understand the sustainability and the use of the same in various area of the company (Carroll
& Buchholtz, 2014). The company should value the importance and identify the benefits.
Partner with employees: The Company should take feedback from employees time to time.
Thus, the Company can look at the problems inside the organizations, as employees are the
most valuable assets of the Company.
Flow of information in both ways: A reliable organization has the feature of flowing the
information in both ways. Communication is the key to have an organization with more
reliability; thus, everyone should be kept with up-to-date news and information about the
company.
Availability: The service of the company towards its customers should be available all the
time. Hence, customer service needs to be efficient (Hare & Guetterman, 2014).
4.4: Interpret risk assessments, gap analysis, and current cyber-security trends to
formulate a cyber-security governance strategy that establishes mitigation plans for
future challenges to achieve security objectives.
Cyber threats are the most emerging risks for an organization like ABC software Inc.
that deals with the production of software. The threats can come from anywhere such as
terminals, applications, network and tools used by the employees to interconnectivity among
different organizations (De Bruin & Von Solms, 2016). A well-defined program regarding
cyber-security is a necessity for any organization.

3CYBERSECURITY PROGRAM
Purpose: The purpose of the program is to protect the business form threats by implementing
innovation in the information security.
Vision: The program should be business centric and innovative. This should protect all kind
of customer and company data at any cost.
Strategies: The strategy of the security program should include Business enablement,
operational excellence, technical control & services, talent management and risk management
to mitigate the potential risks (De Bruin & Von Solms, 2016). Some people need to control
the whole program to ensure that governance is being done properly.
Service: The security program should be able to identify, protect, detect and respond to any
kind of threats. If necessary recovery should be done too.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4CYBERSECURITY PROGRAM
References
Carroll, A. B., & Buchholtz, A. K. (2014). Business and society: Ethics, sustainability, and
stakeholder management. Nelson Education.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA systems.
Computers & security, 56, 1-27.
De Bruin, R., & Von Solms, S. H. (2016, May). Cybersecurity Governance: How can we
measure it?. In 2016 IST-Africa Week Conference (pp. 1-9). IEEE.
Hare, J., & Guetterman, T. (2014). Evaluability assessment: Clarifying organizational support
and data availability. Journal of MultiDisciplinary Evaluation, 10(23), 9-25.