Evaluate why the management processes utilized by Sony were insufficient to ensure good cybersecurity governance;
2.1. Question 1 (from unit1 video transcripts and Sony case study)
Unit 1 focused on various leadership roles and their respective responsibilities in implementing an effective cybersecurity governance plan. Consider the leadership roles in Sony and their responsibilities in implementing the organization’s cybersecurity strategy:
- Drawing on your learnings from this module, explain the organization’s governing structure, and its approach to cybersecurity (as detailed in its policies and, where possible, observed in practice). If you are focusing on Sony, you may extrapolate the formal roles from the data available (in the case study and from your own research) and contrast this with what was observed.
- Based on your substantiation above, recommend changes that should be implemented and, if applicable, propose a new cybersecurity leadership plan that addresses its shortcomings.
(Approx. 300 words)
Start writing here:
2.2. Question 2 (from unit 2 notes and Sony case study)
Unit 2 of this module described the management processes organizations should consider when developing a cybersecurity governance plan. Identify the steps Sony is taking to implement the management processes discussed in the Unit 2 notes, and address the following:
- Evaluate why the management processes utilized by Sony were insufficient to ensure good cybersecurity governance; and
- Based on your substantiation above, recommend management processes that would have addressed Sony’s shortcomings in implementing a cybersecurity governance plan and should be adhered to going forward.
(Approx. 250 words)
Start writing here:
2.3. Question 3 (from unit 3 notes and Sony case study)
Unit 3 focuses on the importance of keeping an organization’s cybersecurity awareness updated. To do so, the notes described the types of security awareness training that are available and the topics that should ideally be included in training programs. In your answer, address the following:
- If relevant, identify any cybersecurity awareness programs or practices utilized by Sony, and evaluate whether they sufficiently cover the recommended topics mentioned in the Unit 3 notes.
- Based on your substantiation above, provide an outline of a cybersecurity awareness program you would suggest for Sony.
Your outline of the training program should cover the following four aspects:
- The type of security awareness training (classroom or online);
- The topics included in the training program;
- The target audience; and
- The roles and responsibilities of those responsible for executing the training program.
Each aspect should be accompanied by reasons for your choices based on the organization’s context and needs.