Question Description

Part 1:

Submit your individual write up on the last day of the intersession (in the Inter-session Activities Assignment Area of the Bb course), prior to arriving in class.

Your paper and all citations/references should be in APA format. The Purdue OWL website is an excellent resource for APA formatting and reference examples: https://owl.english.purdue.edu/owl/resource/560/05…

You should include the following sections in your paper:

Mission and vision statement for the CSIRT

Identify key stakeholders that the CSIRT will serve

Determine the scope and levels of service the CSIRT would provide

Staffing Recommendations – identifying and procuring personnel, equipment, and infrastructure requirements for the CSIRT

Identify and utilize existing information security technical staff and resources to support the CSIRT activities (when needed)

Identify any needed external resources needed

Identify (do not write out) what you believe are the top 5 key CSIRT policies and procedures (based on best practices and everything you have reviewed and learned in this course, and any additional resources needed) that need to be developed first, given iFinance’s (or your previous/existing company you are with) industry, size, structure, etc. Again only list the top 5 policies/procedures that need to be developed.

Define the CSIRT reporting structure, authority, and organizational model to ensure that the team has the access, funding, and a clear mandate

Estimate the amount of additional funding needed to implement and maintain the CSIRT given the limited information you have

Establish a proposed timeline for implementing the CSIRT

Part 1 – Case Study Write-up Rubric:

200 points total:

20 points – APA formatting throughout the paper

20 points – Mission & Vision Statement

20 points – Key Stakeholders

20 points – Scope of Services

20 points – Staffing Recommendations

20 points – CSIRT Organizational Structure/Reporting

40 points – Key Policies/Best Practices

20 points – Funding Request/Estimate

20 points – Proposed Timeline

Part 2 (This will occur during your Day 3 session)

Armed with support from key stakeholders, knowledge of best practices currently being used in incident management, an understanding of the current and potential threats to iFinance (or current/previous company), and a vision and plan for implementing a CSIRT, it is now time to make the business case to the Chief Technology Officer (CTO), Chief Operations Officer (COO), and the Chief Legal Counsel to finalize plans for funding and staffing an operational CSIRT. You should present a well-researched, compelling rationale that includes the aforementioned components from part 1 of the assignment.