This third assignment will make you more familiar with the cybersecurity risks of small to medium enterprises (SMEs) and build capacity in putting together end user education and preparation materials.
In assignment 1, you completed a network and asset inventory, as well as a threat analysis for your home network. As a result of that work, you have taken steps to address any weaknesses in your home IT environment risk posture, and you are now confident in your knowledge that you have done everything you could do, to manage the applicable risks.
Everyone has been very impressed with your work, and a few days ago, the Canadian Centre for Keeping Canadians Cybersafe (an entirely fictitious organization created exclusively for this assignment), has reached out to you for help. They want to create a guide for the small to medium business (SME) owner/operator, to help them better protect themselves and also be ready to respond to any cybersecurity incident that may occur.
Your task is to prepare this guide, which should specifically include an appropriate Incident Response Plan (IRP), tailored to the needs of the SME owner/operator.
The requirements for the guide are as follows:
It should include a "how to" on conducting a threat assessment for the SME. Do some research on the most prevalent risks to SMEs, and tailor your approach to the assessment accordingly. Please cite your sources supporting the choices made (if this interferes with the aesthetics feel free to use endnotes on a separate page).
It should include a methodology for completing a risk assessment which helps prioritize the SME's risk management based on the likelihood and impact of specific risks materializing.
It should include the appropriate components of an IRP, suitable for SMEs. Assess the various components and determine how to best include aspects of the various phases we talked about in class (preparation; detection and analysis; containment, eradication and recovery; post incident review; and continuous improvement). Consider the savvyness of the average SME owner/operator. Justify your various choices in formulating the IRP. Make the plan readable and consumable for your intended audience.
You are encouraged to be creative in putting together your guide, and to add any other content you feel will contribute to the effective protection of SMEs.
You may use Word, Latex, Canva, or any other tool to craft and design it, as long as the application you use is able to produce your final product as a PDF, which is the form in which you must submit your final product.
Use clear and concise language, and ensure there are no typos or grammatical errors.
Your guide should be at least two, but no more than five pages in length (exclusive of the page for any endnotes, if any). Feel free to adjust your font size as necessary, but do not include a text font below 10 pt in size.
Submit your final guide in PDF format, by the deadline set out on the Course Schedule page.
I will assess your grade as follows:
The completeness, suitability and comprehensiveness of your threat assessment component, given the sources used (3)
The appropriateness and effectiveness of your IRP (3)
The overall degree of thought and depth of analysis exhibited in tailoring the guide to SMEs (2)
The aesthetics of your guide, including consideration of typos, errors, etc. (2)