Business Context: Analysis and strategy clearly, concisely, and accurately incorporated information about the designated business context and scenario information as presented in the course readings. No evidence present indicating use of previous course scenarios.
Intro for Security Strategy: Provided an excellent overview of the security strategy. The introduction was clear, concise, and accurate. Writer appropriately used information from 3 or more authoritative sources
Gap Analysis (Steps 1 & 2): Provided an excellent gap analysis that included a discussion of the identified gaps and a risk register for 10 or more significant cybersecurity issues / challenges / risks impacting the designated company. Used all 6 categories listed in the assignment (CIA and PPT) and assigned an appropriate impact level. Appropriately used information from 3 or more authoritative sources.
Legal & Regulatory Analysis (Steps 3 & 4): Provided an excellent analysis of the legal and regulatory guidance for (a) the designated industry and (b) companies in general. Incorporated relevant information into 10 or more risk register entries by mapping laws / regulations the the individual risk entries. Appropriately used information from 3 or more authoritative sources.
Risk Management Strategy (Step 5): Provided an excellent risk management strategy. Mapped relevant risk mitigation strategies to at least 10 risk register entries (accept, avoid, control, transfer). For control strategies, included identifiers and titles of controls from the NIST CSF or other approved source of IT security controls. Appropriately used information from 3 or more authoritative sources.
Cybersecurity Strategy (Step 6): Presented a Cybersecurity Strategy containing five or more specific actions (strategies) that the company should take mitigate cybersecurity risks. Included information from the gap analysis, legal and regulatory analysis, risk analysis. Each strategy included information about how the strategy will affect or leverage 3 or more of the following: people, policies, processes, and technologies. Included at least one technology related strategy which included an updated Network Diagram showing the to-be state of the IT infrastructure including recommended mitigating or “control” technologies. Appropriately used information from 3 or more authoritative sources.
Plan of Action and Timeline (Step 7): Presented an excellent (clear and concise) “proposed” plan of action and implementation timeline that addressed actions required to implement each element of the cybersecurity strategy. Provided time, effort, and cost estimates for implementing the recommended actions (included appropriate explanations of your reasoning). Included the resources (people, money, etc.) necessary for completing each task in the timeline.
Cover Letter/Recommendations Memo (Step 8): Provided an excellent cover letter / memorandum addressed to the Merger & Acquisition Team which summarizes why this package is being forwarded to the M&A team for “review and action.” The memo identified and briefly summarized 5 or more “action” recommendations which logically flow from the Cybersecurity Strategy and Plan of Action.
Professionalism: Work contains a reference list containing entries for all cited resources. Sufficient information is provided to allow a reader to find and retrieve the cited sources. Reference list entries and in-text citations are consistently and correctly formatted using an appropriate citation style (APA, MLA, etc.). Submitted work shows outstanding organization and the use of color, fonts, titles, headings and sub-headings, etc. is appropriate to the assignment type. No formatting, grammar, spelling, or punctuation errors