Summary ToDo List

Unit 3 Strategy Learning Objective  CISO and Developing a Security Strategy  CISO and Emerging Technologies and Trends Concepts  Four Ways Organizations Develop Cybersecurity Strategy  Cybersecurity Strategy Development Framework  Company Culture  Government Regulations Reading Review the Required Readings assigned for this lesson from your textbook, CISO Compass, 1st edition:  Chapter 3, “Strategy” Keywords Use the following keywords to search for additional materials to support your work:  Cybersecurity  Strategy  Alignment  Governance  Controls  Risk Management  Physical security  Privacy.

To-do list 1. Reading Assignment: Chapter 3 2. Review Lecture Notes and Slides: a. Course introduction. b. Chapter 3 - slides 3. Lecture/Discussion attendance: a. Attend Class Sessions (on-ground course) or weekly Seminar for online classes (see D2L calendar for date and time). Note for online courses, if you are unable to attend the seminar, you may submit two-page summary report of the week’s reading materials as a substitute for attendance without loss of points. 4. Complete Discussion Post: a. Introduce yourself in the discussion forum. Create a quality post of approximately 100 words and reply to at least 2 other student posts. 5. Complete Assignment & Assessments: a. Complete HW3 b. No lab c. Graduate students : complete graduate reading assignment. d. See assessment part of this document for specifics.

16. Gartner, Inc. 2016. Gartner Says By 2020, More Than Half of Major New Business Processes and Systems Will Incorporate Some Element of the Internet of Things. Gartner Newsroom (January 14).  www.gartner.com/newsroom/id/3185623 . 17. Shaban, H. 2018. Amazon is Issued Patent for Delivery Drones That can React to Screaming Voices, Flailing Arms. The Washington Post (March 22).  http://www.washingtonpost.com/news/the-switch/wp/2018/03/22/amazon-issued-patent-for- delivery-drones-that-can-react-to-screaming-flailing-arms/?utm_term=.dea0a56797b5 . 18. Frank, M. 2016. Drone Privacy: Is Anyone in Charge? Consumer Reports (February 10).  http://www.consumerreports.org/electronics/drone-privacy-is-anyone-in-charge/ . 19. National Conference of State Legislatures. 2018. Current Unmanned Aircraft State Law Landscape. Blog (February 1).  www.ncsl.org/research/transportation/current-unmanned-aircraft-state-law- landscape.aspx . 20. Howell O’Neill, P. 2017. Ransomware is Now a $2 Billion-Per-Year Criminal Industry. Cyberscoop (November 21).  http://www.cyberscoop.com/ransomware-2-billion-bitdefender-gpu- encryption/ . 21. Europol. 2017. 2017, The Year When Cybercrime Hit Close to Home. (November 27).  www.europol.europa.eu/newsroom/news/2017-year-when-cybercrime-hit-close-to-home . 22. Department Health and Human Services. Fact Sheet: Ransomware and HIPAA.  www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf . 23. Los Angeles Times. 2011. Watson Wins ‘Jeopardy!’ Finale; Ken Jennings Welcomes ‘Our New Computer Overlords’. (February 16).  http://latimesblogs.latimes.com/showtracker/2011/02/watson- jeopardy-finale-man-vs-machine-showdown.html . 24. Government Publishing Office. 1998. 63 FR 41804- Presidential Decision Directive 63 on Critical Infrastructure Protection: Sector Coordinators. Federal Register Volume 63, Issue 150. (August 5).  www.gpo.gov/fdsys/granule/FR-1998-08-05/98-20865 . 25. U.S. Department of Homeland Security. 2015. Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection. 1st Ed Dec 17, 2003, last published September 22, 2015.  www.dhs.gov/homeland-security-presidential-directive-7 . 26. Reuters. 2016. SWIFT Tells Banks to Share Information on Hacks. (May 20).  www.cnbc.com/2016/05/20/swift-tells-banks-to-share-information-on-hacks.html . 27. Swift. Customer Security Programme.  www.swift.com/myswift/customer-security-programme- csp/programme-description . 28. Swift. 2018. Fraud and Cyber High Alert. (March 19).  www.swift.com/news-events/news/fraud- and-cyber-high-alert . 29. The ThreatHunting Project.  http://www.threathunting.net/ . 30. MacDonald, N. 2017. 10 Things to Get Right for Successful DevSecOps. Gartner. October 3.  www.gartner.com/doc/3811369/-things-right-successful-devsecops . 31. Granville, K. Facebook and Cambridge Analytica: What You Need to Know as Fallout Widens. New York Times (March 19).  www.nytimes.com/2018/03/19/technology/facebook-cambridge- analytica-explained.html . 32. Columbus, L. 2017. 2017 State of Cloud Adoption and Security. Forbes (April 23).  www.forbes.com/sites/louiscolumbus/2017/04/23/2017-state-of-cloud-adoption-and-security/ #7c032bd21848 . 33. Goodman, M. 2015.  Future Crimes . New York. Doubleday/Random House. Unit 2 1. Waterman Jr., R., Peters, T., and Phillips, J. 1980. Structure Is Not Organization.  http://tompeters.com/docs/Structure_Is_Not_Organization.pdf . 2. Think Marketing. 2016. Have You Ever Read about Apple’s Core Values? (January 11).  https://thinkmarketingmagazine.com/apple-core-values/ . 3. Fortune. 2018. 100 Best Companies to Work For.  http://fortune.com/best-companies/list .

4. Lu, V. 2015. Taxi Companies Fight Uber with Own Updated Apps. The Star (May 20).  www.thestar.com/business/2015/05/20/taxi-companies-fight-uber-with-own-updated- apps.html . 5. Leswing, K. 2016. Apple CEO Tim Cook: ‘Companies should have values, like people do’. Business Insider, U.K. (August 9).  http://uk.businessinsider.com/apple-ceo-tim-cook-companies- should-have-values-like-people-2016-8?r=US&IR=T 6. Peters, T. 1982. In Search of Excellence: Lessons from America’s Best-Run Companies. 7. Zorz, Z. 2018. Researchers Hack BMW Cars, Discover 14 Vulnerabilities. HelpNet Security (May 23).  http://www.helpnetsecurity.com/2018/05/23/hack-bmw-cars/ . Unit 3 1. Kaplan, J., Sharma, S., and Weinberg, A. 2011.  Meeting the Cybersecurity Challenge . McKinsey & Co (June 2011).  www.mckinsey.com/business-functions/digital-mckinsey/our-insights/meeting- the-cybersecurity-challenge . 2. Collins, J. 2001.  Good to Great: Why Some Companies Make the Leap and Others Don’t . New York. HarperCollins Publishers Inc. 3. Fitzgerald, T., Goins, B., and Herold, R. 2007. Information Security and Risk Management.  In Official ISC2 ®   Guide to the CISSP CBK , eds. Tipton, H. A. and Henry, K., 9–17. Boca Raton Auerbach Publications. 4. Kaplan, R. S. and Norton, D. P. 1996.  The Balanced Scorecard, Translating Strategy Info Action . Boston, MA. Harvard Business School Press. 5. Buzan, T. and Buzan, B. 1996.  The Mind Map ®   Book: How to Use Radiant Thinking to Maximize Your Brain’s Untapped Potential . Plume. The Penguin Group publishers.

Discussion In this section, discussion board assignments will be indicated. Discussion 1. Discuss Security Strategy Development – what approach would you implement? 2. Create a quality post of approximately 100 words and reply to at least 2 other student posts. 3. Graduate students: in addition to above, discuss your thoughts regarding the graduate readings. Create a quality post of approximately 100 words and reply to at least 2 other student posts.

Assessment In this section, assignments and assessments will be documented if any for each Unit. Assignment (Hw3) 1. Reference document 3.30 in the assignment section of unit 3. Lab  No lab Quiz  No quiz Graduate Readings  Reference document 3.32 for reading in the assignment section of unit 3.