Good Morning: CMIT 421 Section Student Name July 6, 2020 ✓ Solved

CMIT 421 Section Student Name July 6, 2020 Good morning.

My name is . I work in the MERCURY USA Information Security and Technology Department as a cyber threat analyst. Today, I’ll be presenting our proposal to address the CEO’s mandate to protect the organization from dangerous ransomware attacks. Let’s get started.

AGENDA

Tell your audience what you intend to cover in your proposal. This is the purpose of your communication! You should cover three areas enumerated in the Project 3 instructions. Ensure you link your main points to your earlier work in Project #1 and Project #2.

Main Point #1

Main Point #2

Main Point #3

Main Point #: OUR BUSINESS CASE

What are the important factors about the business? What is the CEO’s intent and guidance? How do these items relate to the next slides?

• Example sub-bullet #1
• Example sub-bullet #2
• Example sub-bullet #3

This is main point #1. Provide no more than six bullets to expand on your topic. Limit each bullet to around six words.

This is known as the 6 x 6 rule of presenting. On this slide, you should cover the business case. Think of this as the value to the business that will result from your recommendations. How does your recommendation meet the CEO’s direction and intent? Tell your audience members the what, why, how, and who so that they can make an informed decision about your proposal.

If you do not cover these areas adequately, you may not get a decision, you may get a negative decision, or you may be told to come back after you’ve done your due diligence.

OUR SECURITY POSTURE

What are the most important vulnerabilities discovered? What is our exposure to known threats? How did you link the results to the business? Consider the transportation industry hit hard by ransomware attacks.

• Example #1: Use your findings and conduct research.
• Example #2: Use your findings and conduct research.

This is main point #2. What vulnerabilities did you find in your analysis? What are the vital aspects to tell the CEO about? Why are the vulnerabilities you selected important to the business? Ensure you explain in plain language, not technical jargon.

What are the threats that you see to the business given the scenario? Now consider the equation: risk = threat x vulnerability x impact. Use this to explain your findings effectively. Are there identified and specific threats to MERCURY USA? Avoid generic threats.

What is the potential impact of not addressing threats (e.g., cost, reputation, loss of jobs, damage to hardware and software)?

OUR VM PROCESS

This is main point #3. This slide includes an example graphic.

• Provide no more than six bullets to expand on your topic.

This is known as the 6 x 6 rule of presenting.

WE NEED A GOOD SCANNER

Reviewed scanners. The is recommended due to several factors.

• Sub-bullet #1
• Sub-bullet #2
• Sub-bullet #3
• Sub-bullet #4

This is main point #4. Provide your logic in recommending a scanning tool. What process did you use to evaluate the scanning tools? What tool are you recommending? Provide at least three sub-bullets to support your recommendation.

THE ASK

Lead-in bullet: What are you asking for? How much will it cost? Who will implement it, and will additional manpower be required? What about training? How will you measure success?

• Purchase : Cost
• Manpower
• Measures of success

SUMMARY

This is your summary and your last opportunity to connect with your audience. Do not merely repeat your agenda topics. Add important details about each main point to review for your audience.

Ensure you re-state why you are giving this pitch: What is the decision you want? What are the main takeaway(s)?

EXECUTIVE DISCUSSION & QUESTIONS

The obligatory questions slide. Open discussion is likely among executives and other stakeholders, and you will field questions. A narration for this slide is not required.

References

• [1] A. Greenberg, "The Untold Story of NotPetya, the Most Devastating Cyberattack in History", Wired, 2020. [Online]. Available: [Accessed: 19- May- 2020].
• [2] “Nessus Pro”, Tenable.com, 2020. [Online]. Available: [Accessed: 19- May- 2020].

Be clear about what action you are recommending. Executive management will want to understand what you discovered and your proposed solution. Give them the actionable information they need to decide. You will provide voice annotation for all slides in the following format: five to 10 slides maximum; limit bullets to no more than six per slide; voice annotation for every slide (excluding the reference slide); a reference slide with one to two quality sources.

If you haven’t already downloaded it last week, download the Presentation to Management Template now and follow the instructions in the document.

Paper For Above Instructions

In the contemporary digital landscape, organizations face an increasing array of cyber threats, with ransomware attacks emerging as one of the most pervasive challenges. In response to this imperative, this proposal outlines strategic recommendations that align with the CEO’s mandate to shield MERCURY USA from potential ransomware incidents. This document will delineate critical areas: our business case, our security posture, our vulnerability management process, and our proposed scanning tool that meets the organization's needs.

OUR BUSINESS CASE

Understanding the business case is integral to justifying our approach. MERCURY USA operates within a fiercely competitive landscape, where disruption from cyber threats can lead to dire consequences, including financial losses and reputational damage. Ransomware attacks specifically have the potential to cripple operations, hence the urgency in addressing this vulnerability.

Significant factors include:

• Enhanced customer trust through robust security.
• Compliance with industry-specific regulations.
• Mitigation of potential financial risks linked to ransomware.

The CEO’s intent focuses on proactive prevention and ensuring business continuity. This aligns with earlier projects that highlighted the need for a strategic approach to cybersecurity that integrates innovative technologies and a culture of security awareness within the organization.

OUR SECURITY POSTURE

Identifying vulnerabilities is crucial, and recent assessments reveal significant areas of exposure. According to a report by Greenberg (2020), the transportation sector is increasingly targeted for ransomware attacks, which emphasizes the need for a robust security posture.

Key vulnerabilities identified include:

• Outdated software systems.
• Lack of employee training in security protocols.
• Insufficient backup processes.

The impact of these vulnerabilities can potentially lead to operational disruptions, loss of sensitive data, and costly recovery processes. By articulating this risk using the formula risk = threat x vulnerability x impact, we underscore the need for immediate intervention.

OUR VULNERABILITY MANAGEMENT PROCESS

An effective vulnerability management process is essential for safeguarding our organizational assets. We propose integrating continuous monitoring to allow for timely identification and remediation of vulnerabilities. The following steps are essential:

• Regular vulnerability assessments.
• Prioritization of vulnerabilities based on impact.
• Implementation of corrective measures.

This proactive stance is not only strategic but also aligns with best practices in cybersecurity management (Nessus Pro, 2020). Our approach aims to cultivate a security-conscious environment that empowers employees to recognize and mitigate threats before they escalate.

RECOMMENDED SCANNER

To effectively manage vulnerabilities, we recommend utilizing due to its comprehensive scanning capabilities. Our evaluation process included:

• Assessment of scanning speed and accuracy.
• Integration capabilities with existing systems.
• Cost efficiency relative to functionality.

These factors collectively position as an ideal solution that aligns with MERCURY USA’s operational needs and budgetary constraints.

THE ASK

In conclusion, we are asking for an investment in , which will involve an estimated cost of [Insert Estimated Cost], along with a commitment from [Insert Team Responsible] for implementation and ongoing management. It is vital to also consider training for staff to ensure full utilization of the tool.

Measures of success will include:

• Reduction in identified vulnerabilities over time.
• Increased employee awareness and participation in security measures.
• Maintenance of business continuity with minimal disruption.

SUMMARY

This proposal highlights critical actions that need to be taken in response to increasing ransomware threats. By focusing on strategic business cases, enhancing our security posture, deploying effective vulnerability management processes, and implementing reliable scanning solutions, MERCURY USA can significantly improve its cybersecurity framework and align with executive expectations.

As we seek to move forward, your support is essential in making these recommendations a reality and fortifying our defenses against cyber threats.

References

• [1] A. Greenberg, "The Untold Story of NotPetya, the Most Devastating Cyberattack in History", Wired, 2020. [Online]. Available: [Accessed: 19- May- 2020].
• [2] “Nessus Pro”, Tenable.com, 2020. [Online]. Available: [Accessed: 19- May- 2020].