1. Moral and ethical requirements should serve as drivers which encourage a business to invest in orspend money on cybersecurity products, services, and programs.
You have been invited to participate in a “lightening round” panel on the above topic at a conference on Best Practices for IT Security Management. For this activity you must prepare a 3 to 5 paragraph briefing statement which answers the following questions. Use information from the weekly readings and Case Study #1.
- What is stakeholder theory? How does it drive requirements to spend money on cybersecurity products & services?
- How does social contract theory apply to purchasing requirements for cybersecurity products & services?
- Name and briefly describe 3 ethics issues that IT Security managers and staff may encounter when selecting and evaluating cybersecurity products & services. (Use examples to drive home your points.)
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
2. Case Study #1: Why should businesses invest in cybersecurity?
Case Scenario:
A client company has asked your cybersecurityconsulting firm to provide it with a 2 to 3 page white paper which discussesthe business need for investments incybersecurity. The purpose of this white paper is to “fill in the gaps” in a business case that was already preparedby the company’s Chief Information Officer. The target audience for your paperis the company’s C-suite executives. These executives will be meeting laterthis month to discuss budget requests from department heads. The company hasrequested that your white paper use the same investment categories as arealready in use for the CIO’s business case: people, processes, andtechnologies.
Research:
1. Read / Review the Week 1 readings.
2. Findthree or more additional sources which provide information about best practicerecommendations for cybersecurity and other reasons why businesses shouldinvest in people, processes, and technologies related to cybersecurity. Theseadditional sources can include analyst reports (e.g. Gartner, Forrester,Price-Waterhouse, Booz-Allen) and/or news stories about recent attacks /threats, data breaches, cybercrime, cyber terrorism, etc.
Write:
Write a two to three pagesummary of your research. At a minimum, your summary must include thefollowing:
1. Anintroduction or overview of cybersecuritywhich provides definitions and addresses the business need forcybersecurity. This introduction should be suitable for an executive audience.
2. Aseparate section which addresses ethical considerations which drive the business need for investments incybersecurity.
3. A review of best practices and recommendations whichcan be added to the existing businesscase to provide justification for cybersecurity-focused investments in thethree investment categories identified by the company: people, processes, andtechnologies.
Your whitepaper should use standard terms and definitions for cybersecurity. See CourseContent > Cybersecurity Concepts Review for recommended resources.
me: Case Study #1 Rubric
CriteriaExcellentOutstandingAcceptableNeeds ImprovementNeeds Significant ImprovementMissing or UnacceptableIntroduction or Overview for the Case Study20 points
Provided an excellent overview of the case study which provided definitions for key terms and addressed the business need for cybersecurity. The overview appropriately used information from 3 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites.
18 points
Provided an outstanding overview of the case study which provided definitions for key terms and addressed the business need for cybersecurity. The overview appropriately used information from 2 or more authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites.
16 points
Provided an overview of the case study which addressed the business need for cybersecurity. The overview appropriately used information from authoritative sources, i.e. journal articles, industry or trade publications, news articles, industry or government white papers and authoritative Web sites.
14 points
Provided an overview but the section lacked important details about the case. Information from authoritative sources was cited and used in the overview.
10 points
Attempted to provide an introduction to the case study but this section lacked detail and/or was not well supported by information drawn from authoritative sources.
0 points
The introduction and/or overview sections of the paper were off topic.
Identified and Explained Ethical Considerations Impacting Cybersecurity Investment Decisions20 points
Provided an excellent discussion of 3 or more ethical considerations which drive the business need for investments in cybersecurity. Discussion included: duty, social contract, and utilitarianism. Appropriately used information from 3 or more authoritative sources.
18 points
Provided an outstanding discussion of 3 or more ethical considerations which drive the business need for investments in cybersecurity. Discussion included: duty, social contract, and utilitarianism. Appropriately used information from 3 or more authoritative sources.
16 points
Provided a discussion of at least 3 ethical considerations which drive the business needfor investments in cybersecurity. Discussion included: duty, social contract, and utilitarianism. Appropriately used information from authoritative sources.
14 points
Provided a discussion of ethical considerations in the context of cybersecurity investments by a business. Information from authoritative sources was cited and used.
9 points
Provided a discussion of ethics in the context of business decisions or cybersecurity. The discussion lacked detail and/or was not well supported by information drawn from authoritative sources.
0 points
This section was missing, off topic, or failed to provide information about ethical considerations for business investment decisions.
Best Practices and Recommendations for Business Case for Cybersecurity Investments20 points
Provided an excellent discussion of 3 or more best practices (with recommendations) which could be added to an existing business case. Recommendations provided an excellent justification of thebusiness need for investments in cybersecurity. Appropriately used information from 3 or more authoritative sources.
18 points
Provided an outstandingdiscussion of 3 or more best practices (with recommendations) which could be added to an existing business case. Recommendations provided an outstanding justification of thebusiness need for investments in cybersecurity. Appropriately used information from 3 or more authoritative sources.
16 points
Provided a discussion best practices and recommendations which could be added to an existing business case. Recommendations provided a justification of the business need for investments in cybersecurity. The discussion was supported by information drawn from authoritative sources.
14 points
Discussion provided some information about best practices and included recommendations for investments in cybersecurity. Mentioned information obtained from authoritative sources.
9 points
Included recommendations for cybersecurity investments but the discussion lacked detail and/or was not supported by information from authoritative sources.
0 points
This section was missing, off topic, or failed to address best practices and/or recommendations for investments in cybersecurity.
Investment Categories: People, Processes, & Technologies10 points
Provided an excellent discussion of investments which was organized in 3 investment categories: people, processes, and technologies. Appropriately used information from 3 or more authoritative sources.
8.5 points
Provided an outstanding discussion of investments which was organized in 3 investment categories: people, processes, and technologies. Appropriately used information from 3 or more authoritative sources
7 points
Provided a discussion of investments which was organized in 3 investment categories: people, processes, and technologies. The discussion was supported by information drawn from authoritative sources.
6 points
Provided a discussion of investments which mentioned people, processes, and technologies.Mentioned information obtained from authoritative sources.
4 points
Provided a discussion of investments which mentioned at least one of the required investment categories: people, processes, and technologies OR, investments discussionwas not supported by information from authoritative sources..
0 points
Did not mention the three required investment categories.
Addressed security issues using standard cybersecurity terminology5 points
Demonstrated excellence in the integration of standard cybersecurity terminology into the case study.
4 points
Provided an outstanding integration of standard cybersecurity terminology into the case study.
3 points
Integrated standard cybersecurity terminology into the into the case study
2 points
Used standard cybersecurity terminology but this usage was not well integrated with the discussion.
1 point
Misused standard cybersecurity terminology.
0 points
Did not integrate standard cybersecurity terminology into the discussion.
APA Formatting for Citations and Reference List5 points
Work contains a reference list containing entries for all cited resources. Reference list entries and in-text citations are correctly formatted using the appropriate APA style for each type of resource.
4 points
Work contains a reference list containing entries for all cited resources. One or two minor errors in APA format for in-text citations and/or reference list entries.
3 points
Work contains a reference list containing entries for all cited resources. No more than 3 minor errors in APA format for in-text citations and/or reference list entries.
2 points
Work has no more than three paragraphs with omissions of citations crediting sources for facts and information. Work contains a reference list containing entries for cited resources. Work contains no more than 5 minor errors in APA format for in-text citations and/or reference list entries.
1 point
Work attempts to credit sources but demonstrates a fundamental failure to understand and apply the APA formatting standard as defined in the Publication Manual of the American Psychological Association (6th ed.).
0 points
Reference list is missing. Work demonstrates an overall failure to incorporate and/or credit authoritative sources for information used in the paper.
Professionalism Part I: Organization & Appearance5 points
Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type.
4 points
Submitted work has minor style or formatting flaws but still presents a professional appearance. Submitted work is well organized and appropriately uses color, fonts, and section headings (per the assignment’s directions).
3 points
Organization and/or appearance of submitted work could be improved through better use of fonts, color, titles, headings, etc. OR Submitted work has multiple style or formatting errors. Professional appearance could be improved.
2 points
Submitted work has multiple style or formatting errors. Organization and professional appearance need substantial improvement.
1 point
Submitted work meets minimum requirements but has major style and formatting errors. Work is disorganized and needs to be rewritten for readability and professional appearance.
0 points
No work submitted.
Professionalism Part II: Execution15 points
No formatting, grammar, spelling, or punctuation errors.
14 points
Work contains minor errors in formatting, grammar, spelling or punctuation which do not significantly impact professional appearance.
13 points
Errors in formatting, spelling, grammar, or punctuation which detract from professional appearance of the submitted work.
11 points
Submitted work has numerous errors in formatting, spelling, grammar, or punctuation. Work is unprofessional in appearance.
4 points
Submitted work is difficult to read / understand and has significant errors in formatting, spelling, grammar, punctuation, or word usage.
0 points
No work submitted.
Overall ScoreExcellent
90 or more
Outstanding
80 or more
Acceptable
70 or more
Needs Improvement
56 or more
Needs Significant Improvement
36 or more
Missing or Unacceptable
0 or more