You are the CISO of a large, international corporation. You have offices all throughout the United States, Europe, and Asia. Your company is a social networking platform that offers a new model. One that protects user data.
When you are hired, you call a meeting of all of your IT managers. You need to get a state of their security and compliance posture. During the meeting you find out the following:
The corporate offices are not physically secure.
There is no company security checklist for your IT managers to use.
There is no consistency in compliance policies and procedures.
Most of your IT managers are not up to date on compliance regulations.
Less than 40% of the offices have a DRP and BCP and even fewer have tested the ones they do have.
There is no consistent method to track and manage change.
Your networks are on-premise, however; there is no consistent network monitoring policy.
You need to address these issues soon in order to support the company’s vision of social media that protects user data.
This meeting has given you cause for major concern. You need to address each of these issues with the CEO. The solution will be expensive. You must get the CEO to “buy” in to the needed changes. The dollar amounts are not important at this point. You have a responsibility to present the CEO with solutions to these problems.
Write up a plan of action for the CEO. You need the C Suite to understand the urgency but also what the solutions are. Be thorough in your explanation of why these issues are problematic, and how your solutions will mitigate the exposure to the company. Use the knowledge gained during this course to create this plan.
If your plan is less than 1000 words it not going to be sufficient (hint, hint).
Write your plan on a word doc and then paste it into the exam text area.