Report to the Executives
Once data collection is complete you will now develop your report to the Executives.
Consider what executives want to know and anticipate any questions they will be asking you
to respond to in this report. It is your responsibility to assure them the Cybersecurity
organization is current on the most recent cyber issues and has fully planned and
implemented the necessary controls to enable the organization to be successful and secure.
Organize your report by breach category, at a high level discuss the actual breach that
occurred using your Exhibit 2 and then fully discuss how to reduce or prevent the breach
from occurring again. It should be evident that you have learned from the course materials
including the lectures, labs, course book and other research you have completed.
Some of the controls that I will be looking for include the following:
(1) Relate how an access control policy framework is used to define authorization and
access to the IT infrastructure
(2) NIST Cybersecurity Framework
(3) Relate how your organization will mitigate risks and utilize risk management to
defend the infrastructure’s confidentiality, integrity and availability with sound access
controls and defense in depth
(4) Discuss the importance of data classification, implementation of data classification
and how it will be used to secure the data
(5) Explain and recommend appropriate access controls for each case category including
appropriate solutions, controls (tools) and policies (see categories below)
(6) Utilize appropriate network and configuration diagrams to help explain and justify
your recommendations and show the defense in depth strategy
Cyber cases report will be on:
1. SolarWinds Orion: Hack-Data Breach
2. DriveSure: Hack-Data Breach
3. Microsoft: Unintended-Data Leak
4. General Electric: Insider-Stole Trade secrets (2 Employees)
5. CVS Health: Unintended-Misconfiguration of Cloud Services caused a data leak.