Unit 1 Assignment: Project 1 Part A: Planning a Security Assessment

Exercise 1: Organize a comprehensive applied project that embodies current best practices in cybersecurity.

1. Identify the areas where IT security has failed, leading to successful intrusions and violations of city assets and user data.
2. Research and analyze current best practices in cybersecurity, considering emerging threats, industry standards, and successful case studies.
3. Identify relevant frameworks and methodologies, such as the NIST Cybersecurity Framework or CIS Controls, to guide the implementation of a solid Cybersecurity Operation Center (SOC) for the City of Gotham.
4. Develop a project scope that encompasses the identified needs and aligns with the best practices in the field.
5. Add your work in the Comprehensive Assessment and Proposal template, found in the submission instructions.

Exercise 2: Apply deep understanding and application of cybersecurity concepts and adherence to national standards.

In this second exercise, you deepen your understanding of cybersecurity concepts, including threat intelligence, incident response, vulnerability management, network security, and identity and access management.

1. Analyze how each concept (threat intelligence, incident response, vulnerability management, network security, and identity and access management) applies to the specific context of the City of Gotham’s cybersecurity project.
2. Review and select 3-5 associated skills from this Industry and Associated Skills Master List that are representative in your project. Throughout your studies in cybersecurity, your courses outlined these various skills illustrating in which courses and content these skills are present. You should be familiar with these skills by now in your journey.
3. Ensure adherence to national cybersecurity standards and regulations mandated by the government, such as NIST Cybersecurity Framework, ISO 27001, and relevant privacy laws.
4. Evaluate the city’s current adherence to these standards based on the business specifications you identified in Unit 1, and identify any gaps or areas for improvement.
5. Develop strategies to align the city’s cybersecurity practices with the relevant national standards and regulations.

Exercise 3: Design a detailed plan for immersive and hands-on cybersecurity learning experiences.

In this third exercise, you will create a detailed plan for immersive and hands-on cybersecurity learning experiences.

1. Identify key areas of focus, such as incident detection and response, vulnerability assessment, secure network design, or secure coding practices.
2. Develop practical exercises, simulations, or virtual labs that allow the IT security team to apply cybersecurity concepts in a controlled environment.
3. Incorporate real-life scenarios and case studies to enhance the relevance and effectiveness of the learning experiences.
4. Establish appropriate metrics and evaluation criteria to measure the success and impact of the hands-on learning activities.

Exercise 4: Establish clear, measurable goals and blueprints for executing the applied cybersecurity project effectively.

In this fourth exercise, you will establish clear and measurable goals for the implementation of the Cybersecurity Operation Center, addressing the identified needs and aligning with best practices.

1. Define goals such as reducing the number of successful intrusions, enhancing incident response capabilities, improving network security, and ensuring regulatory compliance.
2. Review and select 3-7 main competencies that your project is achieving based on the goals you defined. Use the CTCH Cybersecurity Technology Competencies Master List. You should already be familiar with many of these competencies as your projects in previous courses were assessed against them. The SMART goals you develop for your project should be based on these competencies. These competencies are directly reflective of the CAE / KUs (Center for Academic Excellence / Knowledge Units), which is the national center for security administration for cyber-affiliated schools. Any future employer in cybersecurity will be familiar with this center and the knowledge units; therefore, aligning the correct competencies to your project is critical.
3. Develop a detailed execution plan, including timelines, milestones, and resource allocation to guide the implementation of the cybersecurity project.
4. Create blueprints for the deployment of security technologies, such as firewalls, intrusion detection systems, or security information and event management (SIEM) solutions.
5. Define roles and responsibilities for team members involved in the project and establish a communication and reporting framework to ensure effective coordination.
6. Add your plan in the Project Charter template, which will be included as an appendix in your Comprehensive Assessment and Proposal.

Conclusion

By addressing the exercises outlined in the previous section, you will organize a comprehensive applied project that embodies current best practices in cybersecurity. You will apply a deep understanding of cybersecurity concepts, ensure adherence to national standards, design immersive, hands-on learning experiences, and establish clear, measurable goals and blueprints for effectively executing the applied cybersecurity project. Through your expertise and guidance, the City of Gotham will be equipped with a solid Cybersecurity Operation Center, effectively protecting its assets and user data, ensuring compliance with government regulations, and restoring trust in its security capabilities.

Tutorial for Planning a Security Assessment