- Write an executive report that includes the following requirements:
- the security problem under investigation
- background information about the problem
- a root cause analysis of the problem
- a description of the stakeholders
- an analysis of systems, processes, or both
- a description of the project requirements
- the data available or the data that needs to be collected to support the project
- the industry-standard methodology you used to guide and support the solution’s design and development
- deliverables associated with the design and development of the technology solution
- the strategy for implementing the solution and anticipated outcomes from the project, including phases of the rollout, details of project launch, and training plan for users
- the quality assurance plan for the solution, including formative and summative evaluation plans and plans for revision
- assessment of risks associated with the implementation
- the technology environments, tools, and any related costs, as well as the human resources, that are necessary to execute eachproject phase
- a projected timeline, including milestones, start and end dates, duration for each milestone, dependencies, and resources assigned to eachtask
- the framework that will be used to assess the success of the project and assess if the security solution meets stakeholder’s needs, including test cases and acceptance criteria
- Design and develop a technology-supported security solution that addresses your identified business problem or organizational need.
- Your solution must contribute to at leastoneof the following major security areas:
Cyberlaw, Regulations, and Compliance
Leadership and Professionalism
Security Planning and Management
Systems Security
- Provide a summary that explains how your solution meets the following criteria:
- facilitates the development of consensus-based codes of conduct
- promotes the adoption of standards and practices
- promotes automation in cybersecurity
- improves and modernizes security assurance
- implements industry-standard security tools and infrastructure or environment
- collects digital evidence, including data for analysis or forensics
- provides cybersecurity plans, strategies, and policies
- implements confidentiality, integrity, and availability
- mitigates cybersecurity threats
- investigates cybersecurity incidents or crimes
- includes decision-support functionality
- provides a training plan for users
- Create eachof the following forms of documentation for the solution you have developed:
- a subset of comprehensive elements of cybersecurity plans, policies, standards, or procedures
- analysis of the alignment of the solution with organizational cybersecurity initiative or regulatory compliance
- assessment of the solution’s implementation, including testing results and implemented revisions
- applications, tools, installation, and user guides for any other environment used
- WGU Cyber Range artifacts (if applicable)
- assessment of the efficiency of the solution
- post-implementation systems and process analysis, including diagrams or descriptions of the environment
- post-implementation risk assessment
- analysis of collected data
- analysis of the final output
- stakeholder impact analysis
- post-implementation and maintenance plans for the solution, including supporting resources
- the results from the solution testing and revisions
- training plan for users
- control deficiencies analysis that includes a plan of action and milestones
- source code and executable files, with installation and user guides, if applicable
- applications, tools, installation, and user guides for the WGU Cyber Range or any other cyber security testing environment used
- artifacts from the domain your solution addresses (listed below)
Domain: Cyber Risk Management and Oversight
– organization chart
– cybersecurity-related policies and procedures
– strategic plans
– cybersecurity job descriptions
– cybersecurity personnel qualifications
– risk assessments
– data loss prevention analysis
– IT audit schedule
– IT audit reports and correspondence
– audit exception tracking
– risk management reports
– cybersecurity training policies and procedures
– cybersecurity training and awareness materials
Domain: Cybersecurity Controls
– list of physical access controls (e.g., key cards, biometric controls, video cameras)
– baseline security configuration standards
– vulnerability or patch management policies and procedures
– patch management reports
– penetration test results and reports
– vulnerability assessments
– continuous monitoring strategy
Domain: External Dependency Management
– list of third parties and subcontractors
– contracts governing all third-party relationships
– inventory of all third-party connections
– network topology/diagram
– independent reports on the service provider’s security controls
– remote access logs
– third-party employee access reviews
– vendor management policies and procedures
Domain: Threat Intelligence and Collaboration
– list of threat intelligence resources (e.g., industry groups, consortiums, threat and vulnerability reporting services)
– management reports on cyber intelligence
Domain: Cyber Resilience
– cybersecurity event log and reports on cyber incidents
– business impact analysis
– business or corporate continuity plan
– results of resilience testing
– resilience testing reports
– cyber incident response plans
– crisis management plans
– data loss prevention analysis
– continuous monitoring strategy
- Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
- Demonstrate professional communication in the content and presentation of your submission.