You must develop a new and more comprehensive communications strategy which responds to an audit finding that the previous Communications Strategy was not sufficient and had contributed to a controls failure.
A recent internal audit uncovered a lack of knowledge on the part of employees and included a finding that this lack of knowledge contributed to a compliance failure for IT security controls related to privacy and data security. The auditors recommended that the company needed to improve its communication of policy changes and revisions to both employees and managers. The auditors also noted that Red Clay Renovations has been experiencing a great deal of change especially with respect to how the company protects information from unauthorized disclosures, including theft of data by cyber criminals. The company agreed with the finding and in its response noted that it has developed a substantial number of new and revised policies, plans, and guidance procedures to help manage the associated risks but that it could improve internal communications about those changes. Now, the company needs to fix the “communications” problem. The CISO has asked you to help develop a communication strategy that can be used to explain the cybersecurity and privacy related policies to a non-technical workforce.
Your Task: Prepare a briefing that identifies your top 5 strategies and explains why you chose each one. Provide examples of the types of policies which need to be communicated to the workforce (use your work for Projects 1, 2, & 3 and your weekly discussion papers). To get started, review the communications strategy that you developed for the Week 4 discussion. Then consult the resources (listed below) which were provided by the company’s Human Resources office.
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting. Make sure you use the discussion rubric as well as the above instructions to ensure you include all the required elements in your response.
Reading List provided by the Human Resources Office:
· Provided an excellent introduction to the deliverable which clearly, concisely, and accurately addressed the topic of the short paper. Appropriately paraphrased information from authoritative sources.
· Provided an excellent analysis of the issues for the required topic. Addressed at least three separate issues and provided appropriate examples for each. Appropriately used and cited information from authoritative sources.
· Included an excellent summary section for the short paper which was on topic, well organized, and covered at least 3 key points. The summary contained at least one full paragraph.
Choose one of the following strategies for reducing the costs associated with responding to cyberattacks from the Rand Report* (A Framework for Programming and Budgeting for Cybersecurity):
· Minimize Exposure
· Neutralize Attacks
· Increase Resilience
· Accelerate Recovery
Then, prepare a two-page briefing paper (5 to 7 paragraphs) for the Red Clay senior leadership and Red Clay corporate board that addresses planning, programming, and budgeting processes for your strategy. Your audience is the company’s IT Security Working group and includes both technical and non-technical managers and senior staff members responsible for budgeting. The general questions that this audience is interested in are:
· Planning: What will we do? (your chosen cybersecurity strategy)
· Programming: How and when will we do it?
· Budgeting: How much will it cost and how will we pay for it?
Remember to keep your focus on the processes related to planning, programming, and budgeting not the actual hardware, software, etc. that needs to be acquired and paid for. You may, however, provide examples of hardware or software.
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the end of your posting.
*Rand Report: Davis, J. S., Libicki, M. C., Johnson, S. E., Kumar, J., Watson, M., & Karode, A. (2016). A framework for programming and budgeting for cybersecurity (Rand TL-168). Retrieved from https://www.rand.org/content/dam/rand/pubs/tools/TL100/TL186