Unit 8 Assignment Directions: Project 3: Paper for Cybersecurity Conference
Read the scenario and then write a white paper that follows all the steps listed below. For more information on writing
white papers, visit the
UMGC Library Writing Center.
Scenario
Your company requires you to present a white paper at a cybersecurity conference. The conference can be local, national, or international (e.g., InfoSec World, IEEEs Symposium on Security and Policy, or National Cyber Summit).
The following outlines the steps necessary to create a white paper focusing on ransomware security planning and risk management for a specific company that has been attacked.
Steps
- Research:
- Review recent ransomware incidents, responses, and outcomes.
- Choose one company within an industry (e.g., healthcare, finance, education, technology, services, or retail) that has been attacked (e.g., the ICBC Bank attack in 2023).
- Paper Structure:
- Abstract (100-150 words): Briefly summarize the paper’s purpose and key points.
- Current State/Risk Analysis:
- Discuss your chosen company by providing details about the company including its mission statement, status as a private or public entity, its size, and any global considerations.
- Discuss the growing threat of ransomware with statistics.
- Analyze the vulnerabilities to ransomware of your chosen company’s industry.
- Explain the specific ransomware attack on your chosen company.
- Security Requirements:
- Describe, if possible, the security mechanisms the company had before the attack.
- Recommend three significant security goals for the company based on industry standards.
- Address the CIA triad (Confidentiality, Integrity, Availability) for the company.
- Recommended Controls:
- Explain specific controls to implement for each security goal you listed.
- Accountability:
- Assign security plan responsibilities to specific company departmental or team titles (for example, the incident response team).
- Discuss employee roles and responsibilities within the security plan.
- Timetable:
- Provide a general timeline for implementing the security plan.
- Maintenance:
- Discuss how often to review the plan and update equipment/software.
- Briefly mention any employee training and management support required for the security plan.
- Legal Considerations:
- Discuss intellectual property and employee/employer rights related to the security plan.
- Identify a relevant law (e.g., HIPAA) the company should consider.
- Ethical Concerns:
- Discuss the use of AI and its impact on the plan.
- Address ethical concerns with employee monitoring, whistleblowing, and privacy.
- Policy Examples:
- Generate at least three security policies and provide justifications for each.
- Briefly discuss policy-enforcement methods.
- Conclusion:
- Summarize your proposed security plan for the chosen company.
Requirements
- Your paper should be 10—12 pages in length not including the title page or references.
- Include:
- A Title page, with your name
- An Abstract on the second page
- A References section
- Ensure you have used professional wording and have written with clarity for the client in mind.
- Use in-text citations in the paper to support your points.
- Follow APA 7 format for the entire paper, including references and citations.
Submission
- Review the Unit 8 Project 3 Grading Rubric to understand how you will be assessed on this assignment.
Due Tuesday by 11:59 PM ET.
© 2025
University of Maryland Global Campus
All links to external sites were verified at the time of
publication. UMGC is not responsible for the validity or integrity of
information located at external sites.
