Developing a Cyber Strategy: Organisational Profile for Effective Security

Assessment information

Overview

In this assessment you will develop an organisational profile that will form a foundation for the remaining assessments. This organisation (real or fictional) will be who you will be working for when you develop your Cyber Strategy (A3), Cyber Policy (A4) and deliver the Executive Presentation (A5).

Word limit:1000 Words (+/- 10% - excluding referencing)

Instructions

Imagine that you have been asked to lead the development of a new Cyber Strategy and related Policies for your organisation. Regardless, if you have been there a decade or a day, your first step should be to invest time into understanding the organisation in a holistic manner (in this case, as it relates to Cyber).

Your task is to develop a profile for your organisation. This profile will form the foundation of your remaining assessments in this course. The organisation you profile can be modelled against a real or fictional organisation. Your choice.

So, you can choose:

To 'invent' a fictional organisation that you have created for the purpose of this course.

If take this path, think carefully about modelling it on an organisation you have known or one that is easily researched.

If you create something too far outside your area of familiarity (or something too strange) it ay be difficult top create a coherent strategy and policy for them.

OR

Use a real organisation that you work for (or have worked for).

If you model your organisational profile against a real organisation:

reference any relevant strategies or policy in the public domain (shareable) and reference as you would any other citation using appropriate APA style for document type.

note, sharing any private or commercial-in-confidence information from your workplace isnot expected or required. However, you may NOT use them in your subsequent assessment (i.e. for the policy update option in A4).

Your assessment will comprise ofthree components

1.Organisational profile.This will be the most significant aspect and should include:

A brief overview of the organisation.

A description of the core business (including sector, size, competition, jurisdiction, outsourcing arrangements and customers etc).

Emerging threats.

How the organisation traditionally handles technology transition

Any relevant independent research on the state of cyber in your organisational sector.

Address cultural elements, such as executive and workforce culture, risk appetite, usual speed of change.

Capture any relevant recommendations from recent audits and /or an overview of prior incidents.

2.Driver for change. A brief summary ofwhyyour organisation needs a new cyber strategy. Think of this as the briefing you might have gotten when asked to commence this work.

3.Crown Jewels.This will need to be supported by your description of the core business in the profile section. This is a short list of most critical assets to the organisation, it could be anything ranging from IP, to customer data or manufacturing capabilities etc.

A few points to consider:

Please be strategic in how you address these points. Dont spend words telling me about something that doesnt relate to your organisation. Different organisations will have different considerations and as such, the amount you write for each element of the profile might vary.

Remember not to share any private or commercially sensitive information; even if you are profiling a real organisation, its ok to tailor the profile for this course. We will be judging your strategy, policy, and executive presentation (in part), against if it is appropriate for the organisation you have described here.

The term crown jewels, is simply jargon for the most important thing to a company if you can only protect one or two things what would they be? As such, make sure you dont provide a long list of data assets or systems.If you prioritise everything, youll prioritise nothing.

For the driver of change, think about how you will be impacted for assessment 3. You can read more about the three classes of change driver at the beginning of week 3 (top-down, bottom-up, or incident driven).

The list of elements you have been asked to profile here bears a striking resemblance to the questions you will need to answer during the strategy development assessment. Before submitting A2, consider reading ahead for both A3, and the strategy development framework covered in week 3. You may wish to reconsider some elements of your profile.

Presentation style/format

Your responses should be written using correct spelling, grammar and punctuation. Language should be free of bias (including but not limited to race, gender, sexual orientation or disability).

APA 7 referencing is required.

Quantitativeinformation should be clearly described and appropriately communicated (e.g.figures and tables are appropriately labelled).

How to submit

Submit via Turnitin using the button at the top of this page

Marking and feedback

Your final feedback and grade will be available at the conclusion of the course.

MARKING CRITERIA PASS (P) 50-64% CREDIT (CR) 65%-74% DISTINCTION (DN) 75%-84% HIGH DISTINCTION (HD) 85%-100%

Profile

(45) Profile addresses all elements of internal and external constraints. There may be some instances of elements that are not relevant to the profile or poorly described. Profile addresses all relevant elements of internal and external constraints. Minimal instances of elements that are not relevant to the profile with each being clearly described. Awareness of any irrelevant elements with justification provided. Profile addresses all relevant elements of internal and external constraints. Each element in the profile is well integrated and clearly described, with no instances of elements that are not relevant to the profile. Awareness of any irrelevant elements with justification provided. Profile addresses all relevant elements of internal and external constraints in a nuanced and clear manner. Awareness of any irrelevant elements with justification provided.

Driver for change

(20) Explanation of event or scenario generally clear, realistic, and somewhat likely to satisfy executive leadership of the need for change. Explanation of event or scenario mostly clear, realistic, and likely to satisfy executive leadership of the need for change. Explanation of event or scenario clear, concise, realistic, and likely to persuade executive leadership of the need for change. Explanation of event or scenario clear, concise, realistic, and highly likely to persuade executive leadership of the need for change.

Crown Jewels

(20) Articulation of crown jewels generally clear and consistent with information provided elsewhere in the profile. Articulation of crown jewels mostly clear and consistent with information provided elsewhere in the profile. Articulation of crown jewels clear and consistent with information provided elsewhere in the profile. Articulation of crown jewels extremely clear and consistent with information provided elsewhere in the profile.

Quality of writing and word count adherence

(15) Adequate formatting, organisation, and grammar. There may be a number of noticeable errors. Communication is somewhat clear and demonstrates some control over appropriate communication.

Submission may be slightly outside of accepted word range. Good use of formatting, organisation, and grammar. There may be errors throughout. Demonstrates emerging control over appropriate communication for different audiences, contexts, and purposes.

Submission is within acceptable word range. Effective use of formatting, organisation, and grammar. Demonstrates control over appropriate communication for different audiences, contexts, and purposes.

Submission is within acceptable word range. Skilful use of formatting, organisation, and grammar to persuasive effect. Demonstrates nuanced control over appropriate communication for different audiences, contexts, and purposes.

Submission is within acceptable word range.