Follow the attached instructions to complete this work.
In Unit 1, you analyzed the NIST 2.0 Framework and then compared it to the administration’s approach to cybersecurity. In Unit 2, you will look more specifically at what it means to establish a risk-assessment approach for an organization and how that fits into your overall governance structure.
Directions
1. Submit your initial post: Write 400–600 words that details the specific actions you would take to look at risk in your organization. You may choose a specific organization, such as Target or United Health Care, or use the company you work for. It may be easier to respond with a specific industry or named organization in mind. Also, depending on the industry that the organization is a part of, there are likely additional cybersecurity requirements that you may need to research. Being specific also may help you understand the issues and respond more succinctly to the questions being asked.
The following list provides exemplar topics you may develop to establish a program, training, or policy to show that your organization is actively reducing risk. Choose only one of these, or you may choose another relevant topic for the discussion post. Create your response with citations and detail.
· Work with stakeholders to develop comprehensive policies and procedures that address data privacy, cybersecurity, and regulatory compliance requirements.
· Establish clear guidelines for data handling, access controls, incident response, risk management, and third-party vendor management.
· Conduct periodic risk evaluations to identify, evaluate, and prioritize cybersecurity and privacy risks to the organization’s assets, data, and operations.
· Ensure that governance mechanisms facilitate cross-functional collaboration and communication among departments, including IT, legal, compliance, human resources, and business units.
· Deploy appropriate security controls, technologies, and tools to protect sensitive data, systems, and networks from unauthorized access, breaches, and cyber threats.
· Establish measurements to assess the effectiveness of governance efforts, including data privacy compliance, cybersecurity posture, incident-response times, and training completion rates.
After you choose a topic, write your initial post. Address each of the following prompts:
· Describe the organization or industry you represent (for example, a federal office, a hospital, a company, or the utility industry).
· State the topic you will be developing from the list above or one of your own.
· Briefly discuss what specific actions you would take to accomplish your objective, and explain how you would measure success. Refer to a NIST or other guideline.
· For the topic you have chosen, describe how you would apply the activity to the operations of the organization or industry you represent.
· Rather than submit a list of activities, provide detail on what exactly you would do, answering the following questions:
· How will you implement your plan?
· How will you know that your plan is being followed?
· How will you verify and communicate that your plan is effective?
To remind yourself how to cite references, visit the UMGC Library’s
APA Document Formatting (7th Edition) and
APA 7th Edition Citation Examples.
