I have received a few questions about selecting an organisation to profile for A2. You may not have much work experience (that you deem relevant) or

I have received a few questions about selecting an organisation to profile for A2. You may not have much work experience (that you deem relevant) or are tempted to select a flashy organisation like Google, Apple or Microsoft.

If youre suck, here are some ideas and points to consider:

Each of you have clearly spent several years within Higher Ed. with whatever UG course and now this Masters. You could profile a Uni (fictional Uni of XYZ or a real one or wherever you spent the most time). Unis have lots of interesting Cyber related challenges.

If you would like to profile a tech giant like Amazon. The answer is of course yes. However, I suggest you select an organisation a little smaller/more manageable; preferably where they had some experience. I would be concerned that, unless you have work experience there, that these organisations are so large it will be quite difficult to get your head wrapped around them. This will likely result in you producing a very generic strategy in A3.

Remember that big and flashy is not required, or necessarily desirable, the purpose of the profiling exercise is to get you familiar with all the considerations you need to make when embarking on a strategy development. If you have experience in any size organisation; perhaps a franchise, small gov dept., volunteer organisation, real estate agent, pharmacy etc. then they need to protect themselves just as much as the big organisations and might be a good choice for you.

A quick clarification of the A2 word count and division.

The word limit is 1000 words (+/- 10%), inclusive of all three components of A2.

I expect that the profile will take the bulk of the words (approx.. 800), with the driver for change and crown jewels being fairly short and to the point. Finding a balance is ultimately up to you 800/100/100 is just a suggestion not the rule

I just wanted post some additional advice or guidance regarding the crown jewels. We had a bit of a debate on Tuesday regarding the inclusion of systems on a crown jewels list. While Im open to it notionally, you would need a good justification that the system is central to the organisations purpose; not just that the system happens to be currently housing the critical information or enabling a critical capability.

If you are considering putting a system on your crown jewels list for A2. I would like to challenge you to think about what those systems do (or store); and consider that there may be something higher order that should be on the crown jewel; not the system itself.

For example, Take an ERP or CRM, there are plenty of off-the-shelf systems, and every organisation can buy one if they wish - as such the system is not a differentiator. That system is not what makes that company unique.

However, from a business perspective, the relationship and work history with clients might be the crown jewels, or perhaps some unique way of working, unique agreements with suppliers etc (one of these would be the crown jewel not the system itself). In the example of a technology manufacturer, their IP/designs/patents might be their crown jewel; considering that they could potentially outsource (or shift) manufacturing providers.

The crown jewels are whatever, if lost, will remove a competitive advantage, that can't practically be replaced, or once undermined (customer trust etc), would undermine the organisation core purpose.

If you can change vendors or migrate between systems and the org. remains unchanged, then it's not your crown jewel.

Assessment information

Overview

In this assessment you will develop a Cyber Strategy for the organisation you profiled in Assessment 2. The challenge here is to provide a strategy that is tailored, not only to the organisation, but also to the situation you described in your driver of change.

Your task is to bring together the strategy development approach discussed in our week 3 content, ensuring that you are paying close attention to the advice on what makes a good strategy (and avoid the pitfalls of a bad strategy).

Word limit:1500 Words (+/- 10% - excluding referencing)

Instructions

It is now time for you to develop a Cyber Strategy for your profiled organisation. We are expecting to see a strategy document blending two approaches; the strategy development approach and the quality measures discussed in the strategy kernel section (both covered in our week 3 content). The critical elements that you need to be across before attempting this assessment are listed below.

Strategy development approach:

What is the need? (the context)

What is the cyber vision? (the goal)

What constraints are there? (the challenge)

What are you protecting above all else? (the crown jewels)

What are the key elements? (your mind map)

What could a stepped approach look like? (your forward plan)

Our 'good strategy' quality measures

Diagnosisthat defines or explains the nature of the challenge. A good diagnosis simplifies the often-overwhelming complexity of reality by identifying certain aspects of the situation as critical.

Guiding principlesfor dealing with the challenge. This is an overall approach chosen to cope with or overcome the obstacles identified in the diagnosis.

Set of coherent actionsthat are designed to carry out the guiding policy. These are steps that are coordinated with one another to work together in accomplishing the guiding policy.

These two elements brought together would have resulted in a strategy document of varying style/inclusions but normally have a structure something like this:

Context/background

Vision statement

Challenges / diagnosis

Principles

Goals/objectives/actions

Roadmap

A few points to consider:

If youre using the Good Strategy/Bad Strategy text as reference, ensure you dont get confused between their use of the term guiding policy and a policy document. In our vernacular, Rumelts use of the term guiding policy is analogous to our use of the term guiding principle.

You must write your Cyber Strategy for the organisation you profiled in Assessment 2. If you do not, we will not be able to judge alignment/appropriateness and your grade will suffer greatly.

Remember that the vision statement has separate quality metrics, memorable, simple to understand, deliver a clear overarching goal.

If you profiled a real organisation, you should still write this strategy from scratch. You may not use, or adapt, any pre-existing strategy documents. If you are responsible for, or involved in, the current development of a Cyber Strategy at work, you may discuss with Tom how we may be able to blend you work goals with this coursework.

If you need to change something significant in your profile (as a result of feedback in for Assessment 2), please include a clarification or updated profile segment as an appendix for marking purposes. An appendix for this purpose can be excluded from your word count.

Presentation style/format

Your responses should be written using correct spelling, grammar and punctuation. Language should be free of bias (including but not limited to race, gender, sexual orientation or disability).

APA 7 referencing is required.

Quantitativeinformation should be clearly described and appropriately communicated (e.g.figures and tables are appropriately labelled).

How to submit

Submit via Turnitin using the button at the top of the page

Marking and feedback

Your final feedback and grade will be available at the conclusion of the course.

MARKING CRITERIA PASS (P) 50-64% CREDIT (CR) 65%-74% DISTINCTION (DN) 75%-84% HIGH DISTINCTION (HD) 85%-100%

Alignment

(10) Strategy generally aligned and consistent with the organisation and context presented in your organisational profile. Some inconsistencies may be evident. Strategy mostly aligned and consistent with the organisation and context presented in your organisational profile. Very minor inconsistencies may be evident. Strategy aligned and consistent with the organisation and context presented in your organisational profile. Strategy clearly aligned with the organisation and context presented in your organisational profile.

Vision

(20) Vision somewhat memorable but may demonstrate uneven clarity or inadequate simplicity. Generally, communicates a goal. Vision somewhat memorable but may demonstrate uneven clarity or inadequate simplicity. Generally, communicates a goal. Vision somewhat memorable but may demonstrate uneven clarity or inadequate simplicity. Generally, communicates a goal. Vision is distinctly memorable. Precise expression achieves simplicity and clarity and communicates a clear, appropriate goal.

Diagnosis

(20) Nature of challenge adequately explained, although clarity may be uneven. Reasoning can be followed but there may be some strain for non-specialists. Core implications for the organisation presented by fail to adequately indicate significance to the reader. Nature of challenge mostly clear and concise. Reasoning can be followed with minimal strain as a non-specialist. Core implications for the organisation evident but may not clearly indicate significance to reader. Nature of challenge clear and concisely explained. Reasoning easy to follow as a non-specialist and well-tailored to key stakeholder interests. Core implications for the organisation used somewhat persuasively. Nature of challenge clearly and concisely explained. Reasoning extremely easy to follow and precisely tailored to key stakeholder interests. Core implications for the organisation used persuasively.

Guiding principles

(20) Principles generally address the challenge and mostly reflect industry practice and standards. Clarity of rationale may be inconsistent. Rationale may lack adequate detail or fail to clearly demonstrate how it would resolve identified challenge(s). Principles address the challenge and reflect industry practice and standards. Rationale clear and demonstrates how it would resolve identified challenge(s). Principles address the challenge and clearly reflects industry best practice and adheres to current or appropriate standards for the organisation and context. Rationale clear and somewhat persuasively demonstrates how it would resolve identified challenge(s). Principles address the challenge and clearly reflects industry best practice and adheres to current or appropriate standards for the organisation and context. Rationale clear and persuasively demonstrates how it would resolve identified challenge(s).

Actions

(20) Proposed actions generally clear and somewhat demonstrate a logical approach to achieving the stated policy above although may be limited in terms of adaptability and resilience to change. Proposed actions mostly clear, actionable and demonstrate a logical approach to achieving the stated policy above. Actions provide some capacity for adaptability and resilience to change. Proposed actions are clear, actionable and demonstrate an effective approach to achieving the stated policy above. Actions demonstrate capacity for adaptability and resilience to change. Proposed actions clear, actionable and demonstrate an extremely effective approach to achieving the stated policy above. Actions clearly demonstrate capacity for adaptability and resilience to change.

Professionally written, word count adherence

(10) Adequate formatting, organisation, and grammar. There may be a number of noticeable errors. Communication is somewhat clear and demonstrates some control over appropriate communication.

Word count may be slightly outside of acceptable range. Good use of formatting, organisation, and grammar. There may be errors throughout. Demonstrates emerging control over appropriate communication for different audiences, contexts, and purposes.

Word count is within acceptable range. Effective use of formatting, organisation, and grammar. Demonstrates control over appropriate communication for different audiences, contexts, and purposes.

Word count is within acceptable range. Skilful use of formatting, organisation, and grammar to persuasive effect. Demonstrates nuanced control over appropriate communication for different audiences, contexts, and purposes.

Word count is within acceptable range.