Prepare a two-page briefing paper (5 to 7 paragraphs) for the senior leadership and corporate board of the case study “company” which addresses planning (what do we need to do?), programming (how will we do it?), and budgeting (how will we pay for it?) processes for IT security program management.
1. Use the case study and enterprise architecture diagrams to identify five or more risks which require a financial investment. Financial investments should be categorized as: people investments, process investments, and/or technology investments.
2. Choose one of the four strategies for reducing the costs associated with responding to cyberattacks from the Rand report (A Framework for Programming and Budgeting for Cybersecurity):
- Minimize Exposure
- Neutralize Attacks
- Increase Resilience
- Accelerate Recovery
3. Discuss how your selected strategy (make it clear which strategy you selected) can be used in the planning (what do we need to do?) and programming (how will we do it?) phases of budget preparation to identify less costly solutions for implementing technical, operational, and management controls.