Cybersecurity Risk Mitigation Plan

Risk mitigation strategy Introduction Write a brief paragraph in which you provide a high-level overview of your organization’s need for a risk mitigation strategy. (150 words) Start writing here: Vision Outline your organization’s vision of what implementing a risk mitigation strategy will ideally achieve. (150 words) Start writing here: Strategic goals and objectives List at least four strategic goals your organization must achieve to reduce its risks to an acceptable level. List at least two objectives under each strategic goal that explain what must be done to achieve the strategic goal. Note: A thorough risk mitigation strategy should include associated action plans and milestones, but you are not required to detail these for the purposes of this submission. (450 words) Start writing here: Metrics List at least three metrics your organization will use to analyze the achievement of its goals/objectives. These metrics should be specific to the goals/objectives listed in the previous question. (150 words) Start writing here: Note: Include refined versions of your previous submissions in the sections below. Where relevant, incorporate any feedback from your Tutor, as well as additional knowledge gained during the course to improve on your previous submissions. Threat actors and methods of attack Integrate your submission from Module 2, in which you identified at least two threat actors to your organization, and described methods of attack these actors could use. If you are using the Sony case, integrate the submission in which you identified the threat actor Sony faced in the 2014 hack and their method of attack, as well as at least one other threat actor Sony could face in the future and what method of attack they might use. (550 words) Start writing here: Business critical assets Integrate your submission from Module 3, in which you identified the assets that are most essential to your organization or Sony’s ability to accomplish its mission. Describe what vulnerabilities there may be in the organization’s systems, networks, and data that may put these assets at risk. (550 words) Start writing here: Cybersecurity governance Integrate the three questions from your submission in Module 4, in which you recommended a cybersecurity leadership plan, improvements to management processes, and a cybersecurity awareness training program. (1,200 words) Start writing here: Protective technologies In Module 5, you compiled a list of questions you would ask to understand the technologies implemented to protect your organization’s critical systems, networks, and data. In this section, based on the questions you asked and by conducting any other additional research, identify technologies your organization can employ to protect its critical systems, networks, and data. If you are using the Sony case, recommend protective technologies that could have addressed Sony’s shortcomings in protecting their critical networks, systems, and data. Note: This question requires you to submit a paragraph consolidating the information you learned, and is not a resubmission of the questions you submitted in Module 5. (650 words) Start writing here: Legal considerations In Module 6, you compiled a list of questions you would direct towards an organization’s senior management and general counsel in order to gauge the organization’s legal risk mitigation strategy and the adequacy of their preparations. In this section, based on the questions you asked, and by conducting any other additional research, discuss the legal considerations your organization should take into account when compiling its risk mitigation strategy. If you are using the Sony case, recommend steps that could have addressed Sony’s shortcomings in protecting themselves from legal action.