Cybersecurity Policies – Defining and Implementing Security Metrics

About this Assignment
Cybersecurity references the protection of sensitive information, specifically that which is stored or accessed via the Internet. Cybersecurity is important for protecting personal information for both individuals, and for large that hold this sensitive information. For companies store sensitive information on their clients, it’s essential that they have a robust and measured cybersecurity program. A metrics program is critical in measuring how successful an organization is in protecting its assets.
For this final assignment, you will write a 1,500-1,800 word paper outlining a security metrics program for a business that provides financial services to clients. It should focus on what security metrics are, why they are needed, and how they can be implemented. You should identify key performance indicators (KPIs) that can be measured and then develop a security metrics measurement plan with metric thresholds and resultant actions should metrics not be met.
You have just acquired and are excited to start taking on new clients. In a request for proposal (RFP) you received from a Fortune 500 CFO, he asked you to outline your security metrics program and explain how it is implemented. You couldn’t answer this question, and as a result, you lost the business. You are now sweating as you realize how much money you just forfeit the company! To address this challenge, you have hired a new Chief Information Security Officer (CISO) and his first directive is to collaborate with you to create this program. In it you need to define the what, why, and how of cybersecurity metrics. In addition, you need to define KPIs that measure success and outline what will happen if these metrics are not met. Another RFP has just arrived so time is of the essence!
Formatting & Sources
Please write your paper in the MLA format. You may refer to the course material for supporting evidence, but you must also use 3 other sources and cite them using the MLA format. Please include a mix of both primary and secondary sources, with at least one source from a security journal. If you use any lessons as sources, please also cite them in MLA (including the lesson title and instructor’s name).

Primary sources are first-hand accounts such as interviews, advertisements, speeches, company documents, statements, and press releases published by the company in question.
Secondary sources come from peer-reviewed scholarly journals, such as the Oxford Academic Journal of Cybersecurity. You may use sources like JSTOR or Google Scholar to find articles from these journals. Secondary sources may also come from reputable websites with .gov, .edu, or .org in the domain. (Wikipedia is not a reputable source, though the sources listed in Wikipedia articles may be acceptable.)