[Solved] Question 3 Unit 3

  

2.1. Question 1

Unit 1 focused on various leadership roles and their respective responsibilities in implementing an effective cybersecurity governance plan. Consider the leadership roles in your chosen organization (your own organization) and their responsibilities in implementing the organization’s cybersecurity strategy: 

· Drawing on your learnings from this module, explain the organization’s governing structure, and its approach to cybersecurity (as detailed in its policies and, where possible, observed in practice). If you are focusing on Sony, you may extrapolate the formal roles from the data available (in the case study and from your own research) and contrast this with what was observed. 

· Based on your substantiation above, recommend changes that should be implemented and, if applicable, propose a new cybersecurity leadership plan that addresses its shortcomings. 

(Write approximately 400 words)

 

2.2. Question 2

Unit 2 of this module described the management processes organizations should consider when developing a cybersecurity governance plan. Identify the steps your organization is taking to implement the management processes discussed in the Unit 2 notes, and address the following: 

· Evaluate whether the management processes utilized by your organization are sufficient to ensure good cybersecurity governance; and

· Based on your substantiation above, recommend management processes for implementing a cybersecurity governance plan. 

If you are using Sony as your chosen organization:

· Evaluate why the management processes utilized by Sony were insufficient to ensure good cybersecurity governance; and 

· Based on your substantiation above, recommend management processes that would have addressed Sony’s shortcomings in implementing a cybersecurity governance plan and should be adhered to going forward.  

(Write approximately 400 words)

2.3. Question 3

Unit 3 focuses on the importance of keeping an organization’s cybersecurity awareness updated. To do so, the notes described the types of security awareness training that are available and the topics that should ideally be included in training programs. In your answer, address the following:

· If relevant, identify any cybersecurity awareness programs or practices utilized by your organization or Sony, and evaluate whether they sufficiently cover the recommended topics mentioned in the Unit 3 notes. 

· Based on your substantiation above, provide an outline of a cybersecurity awareness program you would suggest for your chosen organization or Sony. 

· Your outline of the training program should cover the following four aspects:

1. The type of security awareness training (classroom or online);

2. The topics included in the training program; 

3. The target audience; and

4. The roles and responsibilities of those responsible for executing the training program.

Each aspect should be accompanied by reasons for your choices based on the organization’s context and needs. 

(Write approximately 400 words)