Case Study #1: Why should businesses invest in cybersecurity?

Case Scenario:

A client company has asked your cybersecurity consulting firm to provide it with a 2 to 3 page white paper which discusses the business

need for investments in cybersecurity. The purpose of this white paper is to “fill in the gaps” in a business case that was already

prepared by the company’s Chief Information Officer. The target audience for your paper is the company’s C-suite executives. These

executives will be meeting later this month to discuss budget requests from department heads. The company has requested that your white

paper use the same investment categories as are already in use for the CIO’s business case: people, processes, and technologies.
Research:

1. Read / Review the Week 1 readings.

a. Cyberspace and the Need for Cybersecurity(Course Module)

b. Preparing a Business Case (p. 1 only) http://www.ctg.albany.edu/publications/guides/smartit2?chapter=5&PrintVersion=2

c. An Introduction to the Business Model for Information Security http://www.isaca.org/knowledge-

center/research/documents/introduction-to-the-business-model-for-information-security_res_eng_0109.pdf

d. http://philosophy.lander.edu/ethics/kant.html (Duty Ethics)

e. The social contract, social enterprise, and business model innovation http://ezproxy.umuc.edu/login?

url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=102369404&site=ehost-live&scope=site

f. http://philosophy.lander.edu/ethics/calculus.html (Utilitarianism)

g. Definition of Cybersecurity at http://niccs.us-cert.gov/glossary

h. What is cybersecurity? http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm

2. Find three or more additional sources which provide information about best practice recommendations for cybersecurity and

other reasons why businesses should invest in people, processes, and technologies related to cybersecurity. These additional sources

can include analyst reports (e.g. Gartner, Forrester, Price-Waterhouse, Booz-Allen) and/or news stories about recent attacks / threats,

data breaches, cybercrime, cyber terrorism, etc.
Write:

Write a two to three page summary of your research. At a minimum, your summary must include the following:

1. An introduction or overview of cybersecurity which provides definitions and addresses the business need for cybersecurity.

This introduction should be suitable for an executive audience.

2. A separate section which addresses ethical considerations which drive the business need for investments in cybersecurity.

3. A review of best practices and recommendations which can be added to the existing business case to provide justification for

cybersecurity-focused investments in the three investment categories identified by the company: people, processes, and technologies.

Your white paper should use standard terms and definitions for cybersecurity. The following sources are recommended:

· NICCS Glossary http://niccs.us-cert.gov/glossary

· The Five Pillars of Information Security: protection, detection, reaction, documentation, prevention (Ameri, 2004).

http://cf.rims.org/Magazine/PrintTemplate.cfm?AID=2409
Submit For Grading

1. Submit your case study in MS Word format (.docx or .doc file) using the Case Study #1 Assignment in your assignment folder.

(Attach the file.)
Formatting Instructions

Use standard APA formatting for the MS Word document that you submit to your assignment folder.
Additional Information

1. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any

work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work

for correct word usage and correctly structured sentences and paragraphs. These items are graded under Professionalism and constitute

20% of the assignment grade.

2. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your

reference list entries must comply with APA 6th edition Style requirements. Failure to credit your sources will result in penalties as

provided for under the university’s Academic Integrity policy.