Problem 1:
(A) How do you know that your Cybersecurity risk management program is working as planned? How do you measure, what do you measure, what kind of data, tools, and best practices can you utilize? Come up with a plan to convince the top management that the success of the plan you laid out for risk management is measurable. This is not about risk assessment but measuring the success of your overall risk management plan once you implement all the controls you found to be necessary.
(B) What would be your final recommendations for the top management to make your risk management plan more effective - consider issues related to governance, privacy, fit, culture, supply chain, etc.
Problem 2: Use the MITRE ATT&CK navigator and suggest two mitigation methods that are focused on credential access. Create a layer that shows which techniques each one covers and which techniques both cover together (a joint layer of two mitigation methods). The goal is to cover as many techniques as possible where there is only minimum overlap between each mitigation method.
Problem 3: Compare and contrast public (criminal) vs. private (civil) investigation. Discuss unique challenges of each.