Security Framework for Digital Risk ManagmentSecurestorm
A cyber security governance framework and digital risk management process for OFFICIAL environments in UK Government. A pragmatic and proportional information risk management process which can be used at speed, and is compatible with Agile projects. This is released under a Creative Commons; Attribution-Non Commercial-Share Alike 4.0 International License.
Simplifying Security for Cloud Adoption - Defining your game planSecurestorm
An approach to cloud adoption is a secure way. As security is a major concern for many organisations adopting cloud services, this is a way of starting the cloud adoption security strategy in a cost effective way. Basically leveraging existing standards and approaches.
Security Framework for Digital Risk ManagmentSecurestorm
A cyber security governance framework and digital risk management process for OFFICIAL environments in UK Government. A pragmatic and proportional information risk management process which can be used at speed, and is compatible with Agile projects. This is released under a Creative Commons; Attribution-Non Commercial-Share Alike 4.0 International License.
Simplifying Security for Cloud Adoption - Defining your game planSecurestorm
An approach to cloud adoption is a secure way. As security is a major concern for many organisations adopting cloud services, this is a way of starting the cloud adoption security strategy in a cost effective way. Basically leveraging existing standards and approaches.
How to measure your cybersecurity performanceAbhishek Sood
In order for organizations to stay competitive, they must always be improving. This too is true for their cybersecurity.
Being able to properly harvest and digest cybersecurity benchmarking information is critical for today’s CIOs. If you realize that your cybersecurity is not at the level it should be, evaluating it properly can help you raise appropriate resources to fix the issues.
Discover how to get the full picture of your organization's security performance compared to your peers. Learn why benchmarking is so critical for today's CIOs and how to clearly communicate benchmarking data to your board.
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanTripwire
The new Payment Card Industry Data Security Standard version 3.0 is the global compliance standard for organizations processing credit card payments and it’s more security-centric than ever. Regardless of your PCI DSS compliance audit readiness, how will PCI 3.0 help protect against common cyber threats? How are cyber criminals able to routinely steal credit card and personal information, and what can you do now to protect your customer and transaction data?
Brian Honan (CISM,CGEIT, CRISC) is an information systems and cybersecurity specialist and a member of the Advisory Group on Internet Security to Europol’s Cyber Crime Centre (EC3) on breach investigations. Honan joins Joel Barnes (CISSP), Senior Systems Engineer for Tripwire, to share recent and likely breach scenarios that PCI compliant organizations face now.
You will learn:
•The top three things PCI compliant organizations overlook most frequently
•The most likely attacks scenarios targeting PCI compliant organizations and how to protect against them
•How to prepare for the inevitable breach: building an effective breach response plan
Session 2 (two) of the course Information Technology Security and Business Continuity . Objective if information security, attacking method, responsibilities, risk management and Security System Development Life Cycle are discussed
Presented at Bangladesh Institute of Management on 21 November 2015.
From Cave Man to Business Man, the Evolution of the CISO to CIROPriyanka Aash
The CISO is evolving to CIRO. Successful IT security leaders are transforming their skills to meet the demands for today and future needs of their organization. A CIRO understands how to prepare board presentations, information risk management, third-party risk and regulatory requirements, and how to balance those with the needs of the business. Earn your seat at the table by becoming a CIRO!
(Source: RSA USA 2016-San Francisco)
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
The EU Global Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) represent a landmark change in the global data protection space. While they originate in different countries and apply to different organizations, their primary message is the same:
Protect your data, or pay a steep price. More specifically, protect the sensitive data you collect from customers.
With deadlines looming, is your organization ready?
The time to act is now. Read more to learn:
--Key mandates and minimum requirements for compliance
--Why a comprehensive data-centric security strategy is invaluable to all data protection and data privacy efforts
--How you can gauge your organization’s incident response capabilities
--How to extend your focus beyond the organization’s figurative four walls to ensure requirements are met throughout your supply chain
The first New York requirements deadline has arrived. With the next deadline of mandates only 6 months away, you don't want to fall behind and leave your organization at risk for potential penalties and fines.
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
Building secure apps and systems requires upfront and close coordination among many groups.
In this slidecast, George Hulme discusses how enterprise architects can drive that coordination and effect the required change that depends on it.
Do you know what brings cyber security risks to your organization? Are you ready to deal with cyber threats and the consequences of a cyber attack?
Find out what you should watch out for, no matter the size of your company!
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
How close is your organization to being breached | Safe SecurityRahul Tyagi
Traditional methods are certainly limited in
their capabilities and this is easily proven by
the multitude of breaches businesses were a
victim of, across the globe. The 2020 Q3 Data
Breach QuickView Report revealed that the
number of records exposed in 2020 has
increased to 36 billion globally. The report
stated that there were 2,953 publicly
reported breaches in the first three quarters
of 2020 itself! 2020 is already named the
“worst year on record” by the end of Q2 in
terms of the total number of records
exposed. With the growing sophistication of
cyber-attacks and global damages related
to cybercrime reaching $6 trillion by 2021, we
need a solution that simplifies
cybersecurity.
To know more about breach probability visit : www.safe.security
Achieving Effective IT Security with Continuous ISO 27001 ComplianceTripwire
The Tripwire Enterprise solution provides organizations with powerful configuration control through its configuration assessment and change auditing capabilities. In this white paper, learn how with Tripwire Enterprise, organizations can quickly achieve IT configuration integrity by proactively assessing how their current configurations measure up to specifications as given in ISO 27001. This provides immediate visibility into the state of their systems, and through automating the process, saves time and effort over a manual efforts.
White Paper here: http://www.tripwire.com/register/effective-security-with-a-continuous-approach-to-iso-27001-compliance/
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
ISE 620 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a security posture and response analysis report.
With the explosion of the internet, we are living in a world with no boundaries. Organizations rely on e-commerce as a huge portion of their business models.
With a move to more internet-based commerce and banking, there has been an increase in security threats, network penetrations, and intrusions. Information
systems have inherent weaknesses and can be vulnerable to attacks from internal users, external customers, and anyone intending on malicious activity. This is
why security incident detection and response has become an integral component of information technology programs; businesses and organizations must be
able to handle security incidents effectively and efficiently. To this end, your final project will provide you with the opportunity to report on the detection of and
response to an information security incident of a potential client.
For the final project, imagine that you are a cybersecurity consultant working for Business Secure, a fictitious cybersecurity firm. Business Secure has been
approached by Health Network Inc. (HealthNet), a fictitious health services organization. HealthNet would like Business Secure to develop a request for proposal
(RFP) based on HealthNet’s security needs. To support the creation of this RFP, the practice director has gathered key details from HealthNet and has tasked you
with conducting a review of these materials and formulating your opinions and preliminary recommendations within a security posture and response analysis
report.
To develop this report, you will need to begin by conducting a comprehensive review and evaluation of the Project Plan Backgrounder document, which provides
an overview of the company and details its cyber policies and procedures. With preliminary security assessments already completed and provided to you by the
practice director, you will also review a Nessus scan and Snort report as well as HealthNet’s policies and procedures:
Incident Handling and Response Procedures
Incident Detection and Response Policy
Electronic Password and Authentication Policy
Some external regulatory research on HealthNet’s industry sector will also be needed for providing compliance and regulatory assessment analysis for the
organization. Keep in mind that while your report will evaluate all of HealthNet’s policies and security measures, you will only select one corporate office to
focus on for state legislation: California (HQ), Illinois, Nevada, Oregon, or Washington State. The larger RFP objective is to provide preliminary recommendations
to HealthNet on notification and escalation improvements, stakeholder identification, and recovery and general remediation for the network. Review the
provided Project Plan Backgrounder document for the expected final report design.
The project is divi.
How to measure your cybersecurity performanceAbhishek Sood
In order for organizations to stay competitive, they must always be improving. This too is true for their cybersecurity.
Being able to properly harvest and digest cybersecurity benchmarking information is critical for today’s CIOs. If you realize that your cybersecurity is not at the level it should be, evaluating it properly can help you raise appropriate resources to fix the issues.
Discover how to get the full picture of your organization's security performance compared to your peers. Learn why benchmarking is so critical for today's CIOs and how to clearly communicate benchmarking data to your board.
PCI Breach Scenarios and the Cyber Threat Landscape with Brian HonanTripwire
The new Payment Card Industry Data Security Standard version 3.0 is the global compliance standard for organizations processing credit card payments and it’s more security-centric than ever. Regardless of your PCI DSS compliance audit readiness, how will PCI 3.0 help protect against common cyber threats? How are cyber criminals able to routinely steal credit card and personal information, and what can you do now to protect your customer and transaction data?
Brian Honan (CISM,CGEIT, CRISC) is an information systems and cybersecurity specialist and a member of the Advisory Group on Internet Security to Europol’s Cyber Crime Centre (EC3) on breach investigations. Honan joins Joel Barnes (CISSP), Senior Systems Engineer for Tripwire, to share recent and likely breach scenarios that PCI compliant organizations face now.
You will learn:
•The top three things PCI compliant organizations overlook most frequently
•The most likely attacks scenarios targeting PCI compliant organizations and how to protect against them
•How to prepare for the inevitable breach: building an effective breach response plan
Session 2 (two) of the course Information Technology Security and Business Continuity . Objective if information security, attacking method, responsibilities, risk management and Security System Development Life Cycle are discussed
Presented at Bangladesh Institute of Management on 21 November 2015.
From Cave Man to Business Man, the Evolution of the CISO to CIROPriyanka Aash
The CISO is evolving to CIRO. Successful IT security leaders are transforming their skills to meet the demands for today and future needs of their organization. A CIRO understands how to prepare board presentations, information risk management, third-party risk and regulatory requirements, and how to balance those with the needs of the business. Earn your seat at the table by becoming a CIRO!
(Source: RSA USA 2016-San Francisco)
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
The EU Global Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) represent a landmark change in the global data protection space. While they originate in different countries and apply to different organizations, their primary message is the same:
Protect your data, or pay a steep price. More specifically, protect the sensitive data you collect from customers.
With deadlines looming, is your organization ready?
The time to act is now. Read more to learn:
--Key mandates and minimum requirements for compliance
--Why a comprehensive data-centric security strategy is invaluable to all data protection and data privacy efforts
--How you can gauge your organization’s incident response capabilities
--How to extend your focus beyond the organization’s figurative four walls to ensure requirements are met throughout your supply chain
The first New York requirements deadline has arrived. With the next deadline of mandates only 6 months away, you don't want to fall behind and leave your organization at risk for potential penalties and fines.
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
Building secure apps and systems requires upfront and close coordination among many groups.
In this slidecast, George Hulme discusses how enterprise architects can drive that coordination and effect the required change that depends on it.
Do you know what brings cyber security risks to your organization? Are you ready to deal with cyber threats and the consequences of a cyber attack?
Find out what you should watch out for, no matter the size of your company!
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
How close is your organization to being breached | Safe SecurityRahul Tyagi
Traditional methods are certainly limited in
their capabilities and this is easily proven by
the multitude of breaches businesses were a
victim of, across the globe. The 2020 Q3 Data
Breach QuickView Report revealed that the
number of records exposed in 2020 has
increased to 36 billion globally. The report
stated that there were 2,953 publicly
reported breaches in the first three quarters
of 2020 itself! 2020 is already named the
“worst year on record” by the end of Q2 in
terms of the total number of records
exposed. With the growing sophistication of
cyber-attacks and global damages related
to cybercrime reaching $6 trillion by 2021, we
need a solution that simplifies
cybersecurity.
To know more about breach probability visit : www.safe.security
Achieving Effective IT Security with Continuous ISO 27001 ComplianceTripwire
The Tripwire Enterprise solution provides organizations with powerful configuration control through its configuration assessment and change auditing capabilities. In this white paper, learn how with Tripwire Enterprise, organizations can quickly achieve IT configuration integrity by proactively assessing how their current configurations measure up to specifications as given in ISO 27001. This provides immediate visibility into the state of their systems, and through automating the process, saves time and effort over a manual efforts.
White Paper here: http://www.tripwire.com/register/effective-security-with-a-continuous-approach-to-iso-27001-compliance/
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
ISE 620 Final Project Guidelines and Rubric
Overview
The final project for this course is the creation of a security posture and response analysis report.
With the explosion of the internet, we are living in a world with no boundaries. Organizations rely on e-commerce as a huge portion of their business models.
With a move to more internet-based commerce and banking, there has been an increase in security threats, network penetrations, and intrusions. Information
systems have inherent weaknesses and can be vulnerable to attacks from internal users, external customers, and anyone intending on malicious activity. This is
why security incident detection and response has become an integral component of information technology programs; businesses and organizations must be
able to handle security incidents effectively and efficiently. To this end, your final project will provide you with the opportunity to report on the detection of and
response to an information security incident of a potential client.
For the final project, imagine that you are a cybersecurity consultant working for Business Secure, a fictitious cybersecurity firm. Business Secure has been
approached by Health Network Inc. (HealthNet), a fictitious health services organization. HealthNet would like Business Secure to develop a request for proposal
(RFP) based on HealthNet’s security needs. To support the creation of this RFP, the practice director has gathered key details from HealthNet and has tasked you
with conducting a review of these materials and formulating your opinions and preliminary recommendations within a security posture and response analysis
report.
To develop this report, you will need to begin by conducting a comprehensive review and evaluation of the Project Plan Backgrounder document, which provides
an overview of the company and details its cyber policies and procedures. With preliminary security assessments already completed and provided to you by the
practice director, you will also review a Nessus scan and Snort report as well as HealthNet’s policies and procedures:
Incident Handling and Response Procedures
Incident Detection and Response Policy
Electronic Password and Authentication Policy
Some external regulatory research on HealthNet’s industry sector will also be needed for providing compliance and regulatory assessment analysis for the
organization. Keep in mind that while your report will evaluate all of HealthNet’s policies and security measures, you will only select one corporate office to
focus on for state legislation: California (HQ), Illinois, Nevada, Oregon, or Washington State. The larger RFP objective is to provide preliminary recommendations
to HealthNet on notification and escalation improvements, stakeholder identification, and recovery and general remediation for the network. Review the
provided Project Plan Backgrounder document for the expected final report design.
The project is divi.
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
Businesses involved in mergers and acquisitions must exercise due diligence in ensuring that the technology environment of the future organization is robust and adequately protects their information assets and intellectual property.. Such an effort requires time and open sharing to understand the physical locations, computing environment, and any gaps to address. Lack of information sharing can lead to a problematic systems integration and hamper the building of a cohesive enterprise security posture for the merged organization.
Often the urgency of companies undergoing a merger and acquisition (M&A) impedes comprehensive due diligence, especially in cybersecurity. This creates greater challenges for the cybersecurity engineering architect, who typically leads the cybersecurity assessment effort and creates the roadmap for the new enterprise security solution for the future organization. However, the business interest and urgency in completing the merger can also represent an opportunity for CISOs to leverage additional resources and executive attention on strategic security matters.
In this project, you will create a report on system security issues during an M&A. The details of your report, which will also include an executive briefing and summary, can be found in the final step of the project.
There are nine steps to the project. The project as a whole should take two weeks to complete. Begin with the workplace scenario and then continue to Step 1.
Deliverable
Cybersecurity for a Successful Acquisition, Slides to Support Executive Briefing
Step 1: Conduct a Policy Gap Analysis
As you begin Step 1 of your system security report on cybersecurity for mergers and acquisitions, keep in mind that the networks of companies going through an M&A can be subject to cyberattack. As you work through this step and the others, keep these questions in mind:
Are companies going through an M&A prone to more attacks or more focused attacks?
If so, what is the appropriate course of action?
Should the M&A activities be kept confidential?
Now, look at the existing security policies in regard to the acquisition of the media streaming company. You have to explain to the executives that before any systems are integrated, their security policies will need to be reviewed.
Conduct a policy gap analysis to ensure the target company's security policies follow relevant industry standards as well as local, state, and national laws and regulations. In other words, you need to make sure the new company will not inherit any statutory or regulatory noncompliance from either of the two original companies. This step would also identify what, if any, laws and regulations the target company is subject to. If those are different from the laws and regulations the acquiring company is subject to, then this document should answer the following questions:
How would you identify the differences?
How would you learn about the relevant laws and regulations?
How would .
Cryptography is the application of algorithms to ensure the confiden.docxmydrynan
Cryptography is the application of algorithms to ensure the confidentiality, integrity, and availability of data, while it is at rest, in motion, or in use. Cryptography systems can include local encryptions at the file or disk level or databases. Cryptography systems can also extend to an enterprise-wide public key infrastructure for whole agencies or corporations.
The following are the deliverables for this project:
Deliverables
Enterprise Key Management Plan:
An eight- to 10-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Enterprise Key Management Policy:
A two- to three-page double-spaced Word document.
Lab Report:
A Word document sharing your lab experience along with screenshots.
There are seven steps to complete the project. Most steps of this project should take no more than two hours to complete. The entire project should take no more than one week to complete. Begin with the workplace scenario, and then continue to Step 1, “Identify Components of Key Management.”
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
Step 1: Identify Components of Key Management
Key management will be an important aspect of the new electronic protected health information (e-PHI). Key management is often considered the most difficult part of designing a cryptosystem.
Choose a fictitious or an actual organization. The idea is to provide an overview of the current state of enterprise key management for Superior Health Care.
Review these authentication resources to learn about
authentication
and the characteristics of key management.
Provide a high-level, top-layer network view (diagram) of the systems in Superior Health Care. The diagram can be a bubble chart or Visio drawing of a simple network diagram with servers. Conduct independent research to identify a suitable network diagram.
Read these resources on
data at rest
, data in use, and
data in motion
.
Identify data at rest, data in use, and data in motion as it could apply to your organization. Start by focusing on where data are stored and how data are accessed.
Review these resources on insecure handling, and identify areas where
insecure handling
may be a concern for your organization.
Incorporate this information in your key management plan.
In the next step, you will consider key management capabilities.
Step 3: Identify Key Management Gaps, Risks,
Solution
s, and Challenges
In the previous step, you identified the key components of an enterprise key management system. In this step, you will conduct independent research on key management issues in existing organizations. You will use this research to help identify gaps in key management, in each of the key management areas within Superior Health Care.
Conduct independent research to identify typical gaps in key manage.
This assignment consists of five (5) parts Part 1 Organi.docxgasciognecaren
This assignment consists of five (5) parts:
Part 1: Organization Chart
Part 2: Request for Proposal (RFP) Plan
Part 3: Physical Security Plan
Part 4: Enterprise Information Security Compliance Program
Part 5: Risk Management Plan
Imagine that you have been recently promoted to serve as Chief Information Security Officer (CISO) for a Fortune 500 organization. This organization has known brand products across the world and expects top-secret methods for safeguarding proprietary information on its recipes and product lines. The Board of Directors request that their information security strategy be upgraded to allow greater opportunities of secure cloud collaboration between suppliers and resellers of their products. Another concern they have is the recent number of hacktivist attacks that have caused the network to fail across the enterprise. Their concern extends to making sure that they have controlled methods for accessing secured physical areas within their various regional facilities.
For your new position, you will be responsible for developing standards, methods, roles, and recommendations that will set the new IT security path for the organization. The existing organization has limited experience in supporting an enhanced level of IT security; therefore, you may need to outsource certain security services.
Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.
Write a 14 page paper in which you provide the following deliverables:
Part 1: Organization Chart
1. Use Visio or an Open Source alternative, such as Dia, to:
a. Create an organization chart in which you:
i. Illustrate the roles that will be required to ensure design, evaluation, implementation, and management of security programs
for the organization.
ii. Within your organizational chart, clearly identify the reporting structure for roles such as IT Security Compliance Officer, Security Manager, CIO, CISO, IT Security Engineer, Privacy Security Professional, and IT Procurement Specialist.
iii. List the types of resources required to fulfill the each forensic duty of the organization below each of the roles you identified.
iv. Align your organization chart to reflect the Department of Homeland Security (DHS) Essential Body of Knowledge’s three (3) areas of information security: physical security professional, privacy professional, and procurement professional. Provide comments and comparisons on how your organizational chart fosters these three (3) values.
Part 2: Request for Proposal (RFP) Plan
2. Develop a Request for Proposal (RFP) plan to solicit qualified vendors that could partner with your internal team to deliver optimum IT service delivery. The RFP Plan should contain qualifying criteria of potential vendors and the responsibilities of the vendor once the ...
The Rookie Chief Information Security OfficerWorth 200 poijacvzpline
The Rookie Chief Information Security Officer
Worth 200 points
This assignment consists of five (5) parts:
Part 1: Organization Chart
Part 2: Request for Proposal (RFP) Plan
Part 3: Physical Security Plan
Part 4: Enterprise Information Security Compliance Program
Part 5: Risk Management Plan
Imagine that you have been recently promoted to serve as Chief Information Security Officer (CISO) for a Fortune 500 organization. This organization has known brand products across the world and expects top-secret methods for safeguarding proprietary information on its recipes and product lines. The Board of Directors request that their information security strategy be upgraded to allow greater opportunities of secure cloud collaboration between suppliers and resellers of their products. Another concern they have is the recent number of hacktivist attacks that have caused the network to fail across the enterprise. Their concern extends to making sure that they have controlled methods for accessing secured physical areas within their various regional facilities.
For your new position, you will be responsible for developing standards, methods, roles, and recommendations that will set the new IT security path for the organization. The existing organization has limited experience in supporting an enhanced level of IT security; therefore, you may need to outsource certain security services.
Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.
Write an eight to twelve (8-12) page paper in which you provide the following deliverables:
Part 1: Organization Chart
1. Use Visio or an Open Source alternative, such as Dia, to:
a. Create an organization chart in which you:
i. Illustrate the roles that will be required to ensure design, evaluation, implementation, and management of security programs
for the organization.
ii. Within your organizational chart, clearly identify the reporting structure for roles such as IT Security Compliance Officer, Security Manager, CIO, CISO, IT Security Engineer, Privacy Security Professional, and IT Procurement Specialist.
iii. List the types of resources required to fulfill the each forensic duty of the organization below each of the roles you identified.
iv. Align your organization chart to reflect the Department of Homeland Security (DHS) Essential Body of Knowledge’s three (3) areas of information security: physical security professional, privacy professional, and procurement professional. Provide comments and comparisons on how your organizational chart fosters these three (3) values.
Part 2: Request for Proposal (RFP) Plan
2. Develop a Request for Proposal (RFP) plan to solicit qualified vendors that could partner with your internal team to deliver optimum IT service delivery. The RFP Plan should contain q ...
Term Paper The Rookie Chief Information Security OfficerThis assi.docxjacqueliner9
Term Paper: The Rookie Chief Information Security Officer
This assignment consists of five (5) parts:
Part 1: Organization Chart
Part 2: Request for Proposal (RFP) Plan
Part 3: Physical Security Plan
Part 4: Enterprise Information Security Compliance Program
Part 5: Risk Management Plan
Imagine that you have been recently promoted to serve as Chief Information Security Officer (CISO) for a Fortune 500 organization. This organization has known brand products across the world and expects top-secret methods for safeguarding proprietary information on its recipes and product lines. The Board of Directors request that their information security strategy be upgraded to allow greater opportunities of secure cloud collaboration between suppliers and resellers of their products. Another concern they have is the recent number of hacktivist attacks that have caused the network to fail across the enterprise. Their concern extends to making sure that they have controlled methods for accessing secured physical areas within their various regional facilities.
For your new position, you will be responsible for developing standards, methods, roles, and recommendations that will set the new IT security path for the organization. The existing organization has limited experience in supporting an enhanced level of IT security; therefore, you may need to outsource certain security services.
Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.
Write an eight to twelve (8-12) page paper in which you provide the following deliverables:
Part 1: Organization Chart
1. Use Visio or an Open Source alternative, such as Dia, to:
a. Create an organization chart in which you:
i. Illustrate the roles that will be required to ensure design, evaluation, implementation, and management of security programs
for the organization.
ii. Within your organizational chart, clearly identify the reporting structure for roles such as IT Security Compliance Officer,
Security Manager, CIO, CISO, IT Security Engineer, Privacy Security Professional, and IT Procurement Specialist.
iii. List the types of resources required to fulfill the each forensic duty of the organization below each of the roles you identified.
iv. Align your organization chart to reflect the Department of Homeland Security (DHS) Essential Body of Knowledge’s three (3)
areas of information security: physical security professional, privacy professional, and procurement professional. Provide
comments and comparisons on how your organizational chart fosters these three (3) values.
Part 2: Request for Proposal (RFP) Plan
2. Develop a Request for Proposal (RFP) plan to solicit qualified vendors that could partner with your internal team to deliver optimum
IT service delivery. The RFP Plan should contain qualifying criteria of potential v.
The Rookie Chief Information Security OfficerThis assignment c.docxoreo10
The Rookie Chief Information Security Officer
This assignment consists of five (5) parts:
Part 1: Organization Chart
Part 2: Request for Proposal (RFP) Plan
Part 3: Physical Security Plan
Part 4: Enterprise Information Security Compliance Program
Part 5: Risk Management Plan
Imagine that you have been recently promoted to serve as Chief Information Security Officer (CISO) for a Fortune 500 organization. This organization has known brand products across the world and expects top-secret methods for safeguarding proprietary information on its recipes and product lines. The Board of Directors request that their information security strategy be upgraded to allow greater opportunities of secure cloud collaboration between suppliers and resellers of their products. Another concern they have is the recent number of hacktivist attacks that have caused the network to fail across the enterprise. Their concern extends to making sure that they have controlled methods for accessing secured physical areas within their various regional facilities.
For your new position, you will be responsible for developing standards, methods, roles, and recommendations that will set the new IT security path for the organization. The existing organization has limited experience in supporting an enhanced level of IT security; therefore, you may need to outsource certain security services.
Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.
Write a twelve to fifteen (12-15) page paper in which you provide the following deliverables:
Part 1: Organization Chart
1. Use Visio or an Open Source alternative, such as Dia, to:
a. Create an organization chart in which you:
i. Illustrate the roles that will be required to ensure design, evaluation, implementation, and management of security programs
for the organization.
ii. Within your organizational chart, clearly identify the reporting structure for roles such as IT Security Compliance Officer,
Security Manager, CIO, CISO, IT Security Engineer, Privacy Security Professional, and IT Procurement Specialist.
iii. List the types of resources required to fulfill the each forensic duty of the organization below each of the roles you identified.
iv. Align your organization chart to reflect the Department of Homeland Security (DHS) Essential Body of Knowledge’s three (3)
areas of information security: physical security professional, privacy professional, and procurement professional. Provide
comments and comparisons on how your organizational chart fosters these three (3) values.
Part 2: Request for Proposal (RFP) Plan
2. Develop a Request for Proposal (RFP) plan to solicit qualified vendors that could partner with your internal team to deliver optimum
IT service delivery. The RFP Plan should contain qualifying criteria of potential vendor ...
The Rookie Chief Information Security OfficerDue Week 10 and w.docxteresehearn
The Rookie Chief Information Security Officer
Due Week 10 and worth 200 points
This assignment consists of five (5) parts:
Part 1: Organization Chart
Part 2: Request for Proposal (RFP) Plan
Part 3: Physical Security Plan
Part 4: Enterprise Information Security Compliance Program
Part 5: Risk Management Plan
Imagine that you have been recently promoted to serve as Chief Information Security Officer (CISO) for a Fortune 500 organization. This organization has known brand products across the world and expects top-secret methods for safeguarding proprietary information on its recipes and product lines. The Board of Directors request that their information security strategy be upgraded to allow greater opportunities of secure cloud collaboration between suppliers and resellers of their products. Another concern they have is the recent number of hacktivist attacks that have caused the network to fail across the enterprise. Their concern extends to making sure that they have controlled methods for accessing secured physical areas within their various regional facilities.
For your new position, you will be responsible for developing standards, methods, roles, and recommendations that will set the new IT security path for the organization. The existing organization has limited experience in supporting an enhanced level of IT security; therefore, you may need to outsource certain security services.
Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.
Write an eight to twelve (8-12) page paper in which you provide the following deliverables:
Part 1: Organization Chart
1. Use Visio or an Open Source alternative, such as Dia, to:
a. Create an organization chart in which you:
i. Illustrate the roles that will be required to ensure design, evaluation, implementation, and management of security programs for the organization.
ii. Within your organizational chart, clearly identify the reporting structure for roles such as IT Security Compliance Officer, Security Manager, CIO, CISO, IT Security Engineer, Privacy Security Professional, and IT Procurement Specialist.
iii. List the types of resources required to fulfill the each forensic duty of the organization below each of the roles you identified.
iv. Align your organization chart to reflect the Department of Homeland Security (DHS) Essential Body of Knowledge’s three (3) areas of information security: physical security professional, privacy professional, and procurement professional. Provide comments and comparisons on how your organizational chart fosters these three (3) values.
Part 2: Request for Proposal (RFP) Plan
2. Develop a Request for Proposal (RFP) plan to solicit qualified vendors that could partner with your internal team to deliver optimum IT service delivery. The RFP Plan should ...
Term Paper The Rookie Chief Information Security OfficerDalehosickg3
Term Paper: The Rookie Chief Information Security Officer
Due Week 10 and worth 200 points
This assignment consists of five (5) parts:
Part 1: Organization Chart
Part 2: Request for Proposal (RFP) Plan
Part 3: Physical Security Plan
Part 4: Enterprise Information Security Compliance Program
Part 5: Risk Management Plan
Imagine that you have been recently promoted to serve as Chief Information Security Officer (CISO) for a Fortune 500 organization. This organization has known brand products across the world and expects top-secret methods for safeguarding proprietary information on its recipes and product lines. The Board of Directors request that their information security strategy be upgraded to allow greater opportunities of secure cloud collaboration between suppliers and resellers of their products. Another concern they have is the recent number of hacktivist attacks that have caused the network to fail across the enterprise. Their concern extends to making sure that they have controlled methods for accessing secured physical areas within their various regional facilities.
For your new position, you will be responsible for developing standards, methods, roles, and recommendations that will set the new IT security path for the organization. The existing organization has limited experience in supporting an enhanced level of IT security; therefore, you may need to outsource certain security services.
Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.
Write an eight to twelve (8-12) page paper in which you provide the following deliverables:
Part 1: Organization Chart
1. Use Visio or an Open Source alternative, such as Dia, to:
a. Create an organization chart in which you:
i. Illustrate the roles that will be required to ensure design, evaluation, implementation, and management of security programs
for the organization.
ii. Within your organizational chart, clearly identify the reporting structure for roles such as IT Security Compliance Officer, Security Manager, CIO, CISO, IT Security Engineer, Privacy Security Professional, and IT Procurement Specialist.
iii. List the types of resources required to fulfill the each forensic duty of the organization below each of the roles you identified.
iv. Align your organization chart to reflect the Department of Homeland Security (DHS) Essential Body of Knowledge’s three (3) areas of information security: physical security professional, privacy professional, and procurement professional. Provide comments and comparisons on how your organizational chart fosters these three (3) values.
Part 2: Request for Proposal (RFP) Plan
2. Develop a Request for Proposal (RFP) plan to solicit qualified vendors that could partner with your internal team to deliver optimum IT service delivery. T ...
Term Paper The Rookie Chief Information Security Officer.docxmanningchassidy
Term Paper: The Rookie Chief Information Security Officer
Due Week 10 and worth 200 points
This assignment consists of five (5) parts:
Part 1: Organization Chart
Part 2: Request for Proposal (RFP) Plan
Part 3: Physical Security Plan
Part 4: Enterprise Information Security Compliance Program
Part 5: Risk Management Plan
Imagine that you have been recently promoted to serve as Chief Information Security Officer (CISO) for a Fortune 500 organization. This organization has known brand products across the world and expects top-secret methods for safeguarding proprietary information on its recipes and product lines. The Board of Directors request that their information security strategy be upgraded to allow greater opportunities of secure cloud collaboration between suppliers and resellers of their products. Another concern they have is the recent number of hacktivist attacks that have caused the network to fail across the enterprise. Their concern extends to making sure that they have controlled methods for accessing secured physical areas within their various regional facilities.
For your new position, you will be responsible for developing standards, methods, roles, and recommendations that will set the new IT security path for the organization. The existing organization has limited experience in supporting an enhanced level of IT security; therefore, you may need to outsource certain security services.
Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.
Write an eight to twelve (8-12) page paper in which you provide the following deliverables:
Part 1: Organization Chart
1. Use Visio or an Open Source alternative, such as Dia, to:
a. Create an organization chart in which you:
i. Illustrate the roles that will be required to ensure design, evaluation, implementation, and management of security programs
for the organization.
ii. Within your organizational chart, clearly identify the reporting structure for roles such as IT Security Compliance Officer, Security Manager, CIO, CISO, IT Security Engineer, Privacy Security Professional, and IT Procurement Specialist.
iii. List the types of resources required to fulfill the each forensic duty of the organization below each of the roles you identified.
iv. Align your organization chart to reflect the Department of Homeland Security (DHS) Essential Body of Knowledge’s three (3) areas of information security: physical security professional, privacy professional, and procurement professional. Provide comments and comparisons on how your organizational chart fosters these three (3) values.
Part 2: Request for Proposal (RFP) Plan
2. Develop a Request for Proposal (RFP) plan to solicit qualified vendors that could partner with your internal team to deliver optimum IT service delivery. The RF ...
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
An accountant is a valuable asset to any organization. He or she is a professional who performs accounting functions. Accounting is not only confined to tax and financial matters as per what people generally think.
What is Cyber Security
What is Cyber Threat and Threat Landscape
Is Cybersecurity an IT Problem? It’s a human Problem
Role of a CFO
Well accepted Cybersecurity Frameworks and common Themes
SOC (Service Organization Control) and SOC for Cybersecurity
Recommended risk mitigation strategies for the weakest links of the Cybersecurity chain
Key Takeaways
Best Practices
Discussion that was held at RSA on the five steps CISO's can use to assess their enterprise security program and architect one that meets the organizations objectives and reduces its exposure to risk.
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
The CompTIA Cybersecurity Analyst (CySA+) certification is the industry standard for demonstrating that cybersecurity professionals can analyze data and interpret the results to detect vulnerabilities, threats, and risks to an organization.
Vendors, and Risk, and Tigers, and Bears, Oh My: How to Create a Vendor Revie...Wendy Knox Everette
ShmooCon 2020
You’ve just been tasked with creating a vendor review management process at your company, but what does that even mean, and how are you going to do this? Do you need to buy a lot of expensive GRC software and hire an army of compliance staffers? This talk will explain what a vendor review process is and walk through setting one up at your company, using nothing more complicated than email, text files, and maybe some Slack and Google Forms.
An organization’s security architecture is comprehensively guided by cybersecurity frameworks and they delineate a set of best practices to be followed in specific circumstances. Additionally, these documents carry response strategies for significant incidents like breaches, system failures, and compromises.
A framework is important because it helps standardize service delivery across various companies over time and familiarizes terminologies, procedures, and protocols within an organization or across the industry.
Similar to So you want to be a CISO - 5 steps to Success (20)
1. So you want to be a CISO – 5 steps for Success
The position as Chief Information Security Officer(CISO) is not for the faint of heart, it requires knowledge of disparate security
technologies, risk management frameworks, as well as network and security architectures. This position will also require you to interpret
the applicability of numerous Federal and State Laws, Regulations, and Compliance regimes against your standing Cyber Security strategy
and assess required changes to your organization’s security program. So with these daunting requirements in mind, I am writing this article
as a road map for the new CISO.
I have been in the Information Technology and Cyber Security fieldsfor over 25 years and have been a CISO for the last 7 years. As a CISO, I
rely heavilyon my experiencesas a Network and Security Architect and Security Auditor to provide context in evaluating the health of my
networks and security program. As CISO, I have used five steps to provide me with a foundation to improve my organization’s Cyber
Security strategy and protect my networks and other critical organizational assets. These steps are:
1. Meet & Greet - “Walk About”
2. Inventory
3. Assessments
4. Plan
5. Communicate
1. “Walk About”: It begins with the first meeting you have with your team and then continues with walking about the organization to meet
key stake holders and executive leadership.I findwhen meeting with your team this givesyou the first chance to start verbalizi ngyour
security strategy and assessing your team’s individual skillsetsand experience.This assessment will feed into how you implement your
strategy and future projects. If your team lacks experience, you may not be able to implement the security architecture changes as soon as
you planned and you may have to contract a 3rd
-party vendor to provide the services you require. In meeting key personnel in your
organization, you will need to be open to their issues, keeping in mind that as the CISO they are your customers. You provide a service to
them and you need to be cognizant that they may have had problems in the past with how your team has performed. In meeting with
executive leadership you will need to find out what are their key business concerns. Try to bring across to them that Cyber Security is a
business enabler; it provides a secure foundation for them to innovate and develop new services for the organization. The last part of this
step is to meet with your boss, whether it’s the CIO or another executive,and ensure you understand the scope of your responsibilities.Itis
very hard to lead your security team and manage an enterprise Cyber Security program if there is some ambiguity on what you are
responsible for as CISO. So now the organization knows who you are, it’s time for the second step…you need to find out more about your
organization and especiallythe security program you have inherited.
2. “Inventory”: In this stage it’s about visibility intopeople,reports, metrics, budgets, work processes and policies.Here you will look at
your team and assess their skill sets and experiences,you will look at contractors that fall under your purview and the services they provide
(reviewcontracts & SLA metrics). Here you will also look at your current budget and previous security budgets; I have used this exercise
2. here for trend analysis. If you want to understand how the organization views security, it’s in this budget analysis where you will gain some
perspective into whether Cyber Security is leveraged to grow the business or seen as a cost center. When you are reviewing your budget
you will also need to look at your departments and your organization’s budgets, again this viewpoint into the financial health of your
organization will aide you in your future plans for your program and projects for your team. One of the last things you will do in this step is
also one of the most time consuming. You will need to assess the current network and security architectures, work processes, and standing
policies.This is where you will assess the basic “Cyber Hygiene” of your organization; you will findpolicies and procedures that will needto
be improved upon and possible architectural changes to reduce the risk exposure of your organization. You will needto verifyyou have
updated network documentation such as network maps, subnet and VLAN lists, and asset management documentation. These documents
will provide you visibilityintohow your network and security suite is actually configured. I have found from my own experience that many
times the organization believesone thing, but when you actually delve into your networks and Cyber Security portfolio you find your
network architecture is quite different,data is being used by personnel in unique ways and work processes are being communicated
verbally and have never been properly documented. It is at the end of this step that I take a break and reviewmy notes on what I have
found and then I proceed to reviewmy predecessor’s notes, emails, and documents. I would suggest that you wait until now to review your
predecessor’s information; this allows you to approach his/her information with a more informed perspective as you compare their notes
with your findings.
3. “Assessment”: In the previous step you receivedvisibility as you conducted your inventory, but now it’s time to get dirty. You now need
to get a better understanding of how your network and your Cyber Security suite is put together, how data flows through your architecture
and how organizational personnel actually use corporate data. Here is where we will delve into the health of the Cyber Security suite; we
will look at installed firewalls,AV solutions, IDS/IPS sensors etc., and security procedures that are in place such as patch management and
incident response to name a few.The new upgraded network diagrams and documentation will be used in this step to build a roadmap for
follow-onassessment projects. In this stage, we will assess the effectivenessof the present Cyber Security program and annotate areas for
improvement. I tend to use the NIST and ISO frameworks as templates for the security controls that will be assessed and verify their
applicability to my present network and security architecture. It is in this step where you will want to break out previous vulnerability
assessments and penetration tests. You will want to review each of these report’s findingsand the recommendations for remediation and
verify the recommendations were implemented. This stage is the most technical of the five,you may want to ask for 3rd
-party vendor
assistance to conduct these assessments and provide recommendations. By the end of the assessment step, you will now have a list of
security gaps, these will become future projects that should be prioritized based on the risk exposure to your organization.
4. “Planning”: Here is where we begin to buildout the plan, we will start to draft the vision for upgrading the organization’s Cyber Security
strategy based on our findings. It’s here that we start analyzing issuesidentifiedduring the assessment phase, we will also look at the
security program as a whole, and any currently identifiedchallenges such as a lack of executive support, incomplete inventories (e.g.
organizational blind spots related to hardware, software, and systems), audit gaps, and incorrect security processes. By now we should
have a list that needs to be addressed, we will have prioritizedmany of our findings on this list based on risk exposure to the organization
or requirements for meeting compliance, and we should now look for “low hanging fruit”. We will want to identifysecurity gaps and issues
3. from our new list that can be addressed quickly and provide value to the organization once corrected. What matters here is that as a new
CISO, you want some wins under your belt to move your new security program forward. As you developthe updated strategic plan, it
should be used to create your new security budget based on projects that will provide value to the organization. This value can be
measured in new services you provide to your stakeholders or the reductions in exposure to your organization from existential ,
operational, legal and regulatory risks. It is this value I believe where you can drive home, in the next step, that your Cyber Security
program and team are core components of the organization and you enable them to meet their strategic goals.
5. “Communicate”: So now we come to the final step, we have collected all of our notes and findings and have developedour new budget
and strategic vision for upgrading the organization’s Cyber Security strategy. This strategy, with our prioritized listof security issues, will
now needto be socialized because we need support for implementing the changes that the organization should make. We will need to
communicate our assessment findings – “Where we are presently” from an overall cyber perspective,and then add our vision “Where we
want to be”. Our identifiedgaps and issues will be the difference betweenthese two pictures, it is these gaps we need to socialize so our
organization understands the business value in correcting these issues and reducing the risk and liability to the organization.
In the end, remember this will take time and you will be siftingthrough and collecting large amount of information as you assess your
Cyber Security program. I have found during this time to remember you can’t do it all immediately,use your team, and reach out to your
peers for help and advice. Remember it is crucial to develop your relationshipswith your stakeholders, they are your customers and there
will be times you will need their assistance. I have found being a CISO is an awesome job, I thoroughly enjoy the challenges it brings, and
hope this roadmap I have developedwill provide you with a plan to help you as you take on your new position.