Case Study : Why should businesses invest in cybersecurity?
Case Scenario:
A client company has asked your cybersecurity consulting firm to provide it with a 2 to 3 page white paper which discusses the business need for investments in cybersecurity.
The purpose of this white paper is to "fill in the gaps" in a business case that was already prepared by the company's Chief Information Officer.
The target audience for your paper is the company's C-suite executives. These executives will be meeting later this month to discuss budget requests from department heads.
The company has requested that your white paper use the sameinvestment categories as are already in use for the CIO's business case: people, processes, and technologies.
Research:
1. Read / Review the Week 1 readings.
2. Find three or more additional sources that provide information about ethics as applied to investments in cybersecurity. Suggested sources include:
a. The Power of Information and Business of Ethical Responsibility By: Veta T. Richardson, ACC.
b. Cyber Security and the Obligations of Companies by Margaret Steen.
c. Ethics and Cybersecurity: Obligations to Protect Client Data By Drew Simshaw.
3. Find three or more additional sources that provide information about best practice recommendations for investing in people, processes, and technologies related to cybersecurity.
These additional sources can include analyst reports (e.g. Gartner, Forrester, Price-Waterhouse, Booz-Allen) and/ornews stories about recent attacks / threats, data breaches, cybercrime, cyber terrorism, etc.
Write:
Write a two to three page summary of your research. At a minimum, your summary must include the following:
1. An introduction or overview of cybersecurity which provides definitions and addresses the business need for cybersecurity. This introduction should be suitable for an executive audience.
2. A separate section in which you address ethical considerations that drive the business needfor investments in cybersecurity.
3. Aseparate section in which you provide best-practicebased recommendations for additions to the client's business case. These recommendations should be designed to strengthen the justification forcybersecurity-focused investments and must separately address each of the three investment categories: people, processes, and technologies.
4. A closing section in which you summarize your recommendations for additions and changes to the business case.Your white paper should use standard terms and definitions for cybersecurity.