Risk mitigation strategy
Introduction
Write a brief paragraph in which you provide a high-level overview of your organization’s need for a risk mitigation strategy.
(Write approximately 150 words)
Start writing here:
Vision
Outline your organization’s vision of what implementing a risk mitigation strategy will ideally achieve.
(Write approximately 150 words)
Start writing here:
Strategic goals and objectives
List at least four strategic goals your organization must achieve to reduce its risks to an acceptable level. List at least two objectives under each strategic goal that explain what must be done to achieve the strategic goal.
Note: A thorough risk mitigation strategy should include associated action plans and milestones, but you are not required to detail these for the purposes of this submission.
(Write approximately 450 words)
Start writing here:
Metrics
List at least three metrics your organization will use to analyze the achievement of its goals/objectives. These metrics should be specific to the goals/objectives listed in the previous question.
(Write approximately 150 words)
Start writing here:
Note:
Include refined versions of your previous submissions in the sections below. Where relevant, incorporate any feedback from your Tutor, as well as additional knowledge gained during the course to improve on your previous submissions.
Threat actors and methods of attack
Integrate your submission from Module 2, in which you identified at least two threat actors to your organization, and described methods of attack these actors could use.
If you are using the Sony case, integrate the submission in which you identified the threat actor Sony faced in the 2014 hack and their method of attack, as well as at least one other threat actor Sony could face in the future and what method of attack they might use.
(Write approximately 550 words)
Start writing here:
Business critical assets
Integrate your submission from Module 3, in which you identified the assets that are most essential to your organization or Sony’s ability to accomplish its mission. Describe what vulnerabilities there may be in the organization’s systems, networks, and data that may put these assets at risk.
(Write approximately 550 words)
Start writing here:
Cybersecurity governance
Integrate the three questions from your submission in Module 4, in which you recommended a cybersecurity leadership plan, improvements to management processes, and a cybersecurity awareness training program.
(Write approximately 1,200 words)
Start writing here:
Protective technologies
In Module 5, you compiled a list of questions you would ask to understand the technologies implemented to protect your organization’s critical systems, networks, and data. In this section, based on the questions you asked and by conducting any other additional research, identify technologies your organization can employ to protect its critical systems, networks, and data.
If you are using the Sony case, recommend protective technologies that could have addressed Sony’s shortcomings in protecting their critical networks, systems, and data.
Note:
This question requires you to submit a paragraph consolidating the information you learned, and is not a resubmission of the questions you submitted in Module 5.
(Write approximately 650 words)
Start writing here:
Legal considerations
In Module 6, you compiled a list of questions you would direct towards an organization’s senior management and general counsel in order to gauge the organization’s legal risk mitigation strategy and the adequacy of their preparations. In this section, based on the questions you asked, and by conducting any other additional research, discuss the legal considerations your organization should take into account when compiling its risk mitigation strategy.
If you are using the Sony case, recommend steps that could have addressed Sony’s shortcomings in protecting themselves from legal action.
Note:
This question requires you to submit a paragraph consolidating the information you learned, and is not a resubmission of the questions you submitted in Module 6.
(Write approximately 550 words)
Start writing here:
Incident response plan (not required)
Note:
The incident response plan is a central part of an organization’s cyber risk mitigation strategy. However, as you will not have an opportunity to revise your plan based on your Tutor’s feedback in time for Module 8, you are not required to integrate it into your final risk mitigation strategy. Please consult the grading breakdown in the Orientation Module course handbook for more information.