it is a case study. where we need to think as aCISO level by using business acumen a

nd technical knowledge.

Case #1 (3-5 pages double spaced with citations) The case studies are designed to challenge to think strategically at the ClO/CISO level. In your discussion of each question, foch on how you would deal with each of these situations if you were the CIO/CISO thus integrated both your business acumen and your technical knowledge. Students should feel confident exploring any industry trends and should be less concerned about getting "the right" answer. These cases allow you to think about reacting to situations before you are actually put in that situation Hypothetical: As CIO/CISO, you were recently hired into a retail shoe store that does not have any information security team, so you are charged with creating that organization. You are a direct report to the CEO, and you have the budget guidance of "keeping us secure but don't go overboard." The organization has not had any true security incidents yet, but you were hired as a result of a recent close call. In this case, students should: 1. Discuss what teams you will build out in your organization (e.g. incident response, vulnerability management, policy, threat management, etc.). You should research industry best practice here and align to it. 2. Provide a sample org chart of what this team will look like and what head count will be per team. 3. Put together a sample high level budget for the security tooling you developed in Assignment #1 and headcount you are requesting. This should be in priority order with justifications and impact if those requests are not filled. This is going to your boss (the ClO ) who will then present it to the CEO so this should be at the executive level showing how business outcomes are supported. As CIO/CISO, you were recently hired into a retail shoe store that does not have any information security team, so you are charged with creating that organization. You are a direct report to the CEO, and you have the budget guidance of "keeping us secure but don't go overboard." The organization has not had any true security incidents yet, but you were hired as a result of a recent close call. In this case, students should: 1. Discuss what teams you will build out in your organization (e.g. incident response, vulnerability management, policy, threat management, etc.). You should research industry best practice here and align to it. 2. Provide a sample org chart of what this team will look like and what head count will be per team. 3. Put together a sample high level budget for the security tooling you developed in Assignment #1 and headcount you are requesting. This should be in priority order with justifications and impact if those requests are not filled. This is going to your boss (the CIO ) who will then present it to the CEO so this should be at the executive level showing how business outcomes are supported