ASSIGNMENTS 3, 5, AND 8 ARE IN THE FILE TO HELP WITH THIS ASSIGNMENT
By successfully completing this final assessment, you will demonstrate your proficiency in the following course competencies:
- Examine the practice of fundamentals necessary for an information technology consulting role.
- Evaluate the activities that are key to consulting.
- Evaluate how research aligns with consulting initiatives.
The business plan should include the following:
- Table of contents.
- Executive summary: An approximately one-page summary describing your consulting practice, the services or products you will offer, and the business model you will use.
- Company description: This description provides an overview of your consulting practice in 1–2 pages. A cross-section of the activities offered, including company background, key consulting personalities, business objectives, and general information is appropriate here.
- Vision, mission, and values: This section should include your vision and mission statement, which should connect to your company description and your choices for services offered.
- Products or services offered: An examination of the areas of IT consulting that you intend to pursue and the services you would like to provide to your clients. Why do you intend to pursue this path? What are the assumptions and beliefs you bring as a consultant that will influence your practice?
- Marketing plan: This section describes the plan to market the practice to potential clients and companies, respond to inquiries, and build on current business.
- Operational plan: This section includes details on your methodologies for delivering products and services to your clients, including an examination of local, state, and federal regulations and their potential implications for your practice.
- Management and organization: This section describes the methods of managing the business and the key players in the organization.
- Structure and capitalization: This section describes the funding and financial resources you intend to pursue, as well as your business structure designation.
- Financial plan: For the purpose of this course and final project, no in-depth financial projections should be attempted. Provide a simple projection of your initial financial estimates.
Assignment Description
For this assignment, complete your final business plan by creating your executive summary and table of contents. Remember to integrate any feedback you received from peers and your instructor throughout the course, as well as your research on current IT consulting business plan practices.
Include the following:
- Document the need for IT consulting in the niche you are proposing.
- Describe an appropriate vision and mission statement.
- Describe the legal structure of the consultant business.
- Articulate IT management strategies and roles.
- Justify appropriate products and services to offer. Support appropriate methodologies for delivering those products and services.
- Articulate a marketing plan with marketing activities for current customers and future prospects.
- Articulate a growth strategy for personal IT consultancy. Project out two years in your plan.
- Articulate a financial plan describing funding and financial strategies.
- Integrate IT guidelines and regulations into a plan for IT consulting.
INSTRUCTIONS
Using 10 additional articles on your potential topic and a summary that provides additional evidence to support your work, include the following in your MS Word document:
- Discuss identified gaps in the literature or potential organizational needs.
- Identify a topic consistent with the acceptable topics for the discipline.
- Define the problem for the proposed topic.
- Analyze the alignment of problem, questions, and methods.
- Describe ethical issues or concerns related to the topic and/or theory.
- Present a preliminary project framework that aligns with the topic and problem and is consistent with the acceptable topics and methods for the discipline.
- As a scholar-practitioner, apply conventions of voice, academic tone, and discipline-specific language.
1
2
Exploring
Student
Instructor
University affiliation
Class Name
Date
Cybersecurity Governance: Methodology and Analysis
1. Admassa, W. S., Munaye, Y. Y., & Diro, A. A. (2024).
Identified Problem: Problems of adopting advanced cybersecurity and its intersection with other frameworks and systems.
Research Questions: How can present cybersecurity problems be addressed through appropriate frameworks?
Methodology: Literature review and qualitative analysis only.
Outcomes: Explored existing studies on cybersecurity frameworks and generated knowledge for future work.
Alignment: A qualitative approach was appropriate for discussing general problems, but the approach presented rather vague solutions.
Alternative Approach: A mixed-methods study could have provided empirical support for the proposed solutions.
Ethical Issues: The possible factors related to bias when evaluating the current strategies and maintaining an objective stance in the recommendation.
2. Dillon, R., & Tan, K. L. (2024)
Identified Problem: Cybersecurity Skills Gap: Southeast Asia’s Unseen Crisis.
Research Questions: Indeed, workforce training and education in cybersecurity open the following questions: What strategies can enhance these objectives?
Methodology: Conducted from surveys and from case studies.
Outcomes: Skills shortage in the workforce and reforms in education, which have been underlined.
Alignment: Analyzing the work results, it can be stated that using both qualitative and quantitative approaches meets the problem and questions.
Alternative Approach: The study could have used a more modern data set to propose further longitudinal measures on the reformation that may be proposed.
Ethical Issues: This paper sought to establish how the consent of the participant in the workforce surveys can be granted while at the same time protecting their privacy in the process.
3. Furnell, S. (2021)
Identified Problem: Current and potential issues that may be witnessed in the global cybersecurity workforce.
Research Questions: Which are the essential competencies in the cybersecurity field, and how can these be trained?
Methodology: Literature synthesis and survey analysis.
Outcomes: Shed light on core skills that needed to be filled and suggested concrete training activities.
Alignment: The chosen methodology was relevant to the problem area, but involved extensive use of secondary data sources.
Alternative Approach: The methodology could have been enriched with primary data from specific interviews with industry leaders.
Ethical Issues: This section takes some measures towards reducing biases inherent in survey sampling and interpretation of results.
4. Handa, A. & Sharma, A. & Shukla, S. K. (2019)
Identified Problem: Machine learning (ML) is not deployed as a primary proactive cybersecurity measure.
Research Questions: Which specific strategies can be used to apply the concept of ML in the realm of cybersecurity in order to protect computer networks and disrupt cyberattacks?
Methodology: Review of the selected ML techniques in cybersecurity applications.
Outcomes: Gave a brief of ML methods and recognized possible directions in the aim of the research.
Alignment: The systematic review complemented the presented text, but more practice-oriented references were missing.
Alternative Approach: Perhaps empirical credibility tests for ML models could also improve the reliability.
Ethical Issues: Presentation of prejudices in the choice of review studies.
5. Li, L., H, W., Xu, L., Ash, I., Anwar, M., & Yuan, X. (2019).
Identified Problem: Lack of cybersecurity policies in the organization or employees are not aware of policies in the organization.
Research Questions: What happens when employees are made aware of company policies?
Methodology: Quantitative surveys.
Outcomes: Shown that people who were more aware of the policies in play were more likely to act more securely.
Alignment: The survey method was suitable to obtain employees’ attitudes and perceptions.
Alternative Approach: Adding qualitative interviews could give a deeper rationale for stock-picking decisions.
Ethical Issues: Preservation of employee anonymity in the responses.
6. Li, Y., & Liu, Q. (2021)
Identified Problem: New threats and threats’ insufficient control.
Research Questions: What are the phenomena evident from recent cyber unrest?
Methodology: Literature review.
Outcomes: These include: Some of the trends that have been identified here include; Some of the voids that have been determined from the study include;
Alignment: While the presented approach fitted well, there was no confirmation in the paper.
Alternative Approach: Implementing this by including a survey of what other industry programs are doing could go a long way in offering practical relativity.
Ethical Issues: Preventing plagiarism in synthesizing results gathered from literature research.
7. Nizich, M. (2023)
Identified Problem: Cybersecurity: Training the workforce for the future.
Research Questions: This study aims to identify relevant competencies for the future cybersecurity workforce.
Methodology: Case studies and workforce are the commonly used methods in undertaking a philosophy of the workforce.
Outcomes: Proposed guidelines for training frameworks addressed toward future development.
Alignment: The methodology was successful in answering the questions with the exception that they were cross-sectional; therefore a longitudinal tracking should be incorporated.
Alternative Approach: Including global perspectives could improve the results' applicability.
Ethical Issues: Promoting paradigms that respect workforce diversity: a comment on Hamlin et al.
8. Safitra, M. F., Lubis, M., & Fakhrurroja, H (2023)
Identified Problem: Lack of proficient structures on managing and reducing cybersecurity threats.
Research Questions: How do proactive frameworks help to mitigate cybersecurity threats?
Methodology: Crossover of quantitative type of analyses and qualitative case studies.
Outcomes: Suggested the implementation of a mixed approach for the enhancement of risk management.
Alignment: Qualitative and quantitative approaches were appropriate for studying emergent theories and confirming developed theories.
Alternative Approach: The incorporation of field trials may have a way of proving practical applicability.
Ethical Issues: How best to maintain the bibliographic framework numerical evaluation transparency.
9. Shaukat, K., Luo, L., Varadharajan, Varadharajan, K., Hameed, I. A., & Xu, M. (2020)
Identified Problem: Lacking and ineffective methods in employing it during behavior-based threat estimation.
Research Questions: Which is the best and most efficient ML method for cybersecurity?
Methodology: Introduction to the machinery learning techniques and cases.
Outcomes: Recognized the best data learning approaches and further enhancements.
Alignment: The survey approach correlated well with the problem and its exploratory nature.
Alternative Approach: Introducing practical tests regarding ML models could enhance the realism of the applicability.
Ethical Issues: Countering malicious use of the ML implementation in cybersecurity.
10. Xu, S. (2019)
Identified Problem: Lack of comprehension of the security environment in cyberspace.
Research Questions: Understanding the determinants of cybersecurity dynamics:
Methodology: Theoretical modeling.
Outcomes: Written the basic hypotheses on dynamic network protection.
Alignment: Theoretical modeling was appropriate to the conceptual problem that was posed.
Alternative Approach: Pointing at possible additions, it is possible to strengthen the study's findings by employing empirical validation at this stage.
Ethical Issues: Puzzle of transparency to model development.
References
Admass, W. S., Munaye, Y. Y., & Diro, A. A. (2024). Cyber security: State of the art, challenges and future directions. Cyber Security and Applications, 2, 100031.
Dillon, R., & Tan, K. L. (2024). Cybersecurity workforce landscape, education, and industry growth prospects in Southeast Asia. Journal of Tropical Futures, 1(2), 172-181.
Furnell, S. (2021). The cybersecurity workforce and skills. Computers & Security, 100, 102080.
Handa, A., Sharma, A., & Shukla, S. K. (2019). Machine learning in cybersecurity: A review. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 9(4), e1306.
Li, L., He, W., Xu, L., Ash, I., Anwar, M., & Yuan, X. (2019). Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management, 45, 13-24.
Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cybersecurity: Emerging trends and recent developments. Energy Reports, 7, 8176-8186.
Nizich, M. (2023). Preparing the cybersecurity workforce of tomorrow. The Cybersecurity Workforce of Tomorrow, 117-146.
Safitra, M. F., Lubis, M., & Fakhrurroja, H. (2023). Counterattacking cyber threats: A framework for the future of cybersecurity. Sustainability, 15(18), 13369.
Shaukat, K., Luo, S., Varadharajan, V., Hameed, I. A., & Xu, M. (2020). A survey on machine learning techniques for cyber security in the last decade. IEEE Access, 8, 222310-222354.
Xu, S. (2019). Cybersecurity dynamics: A foundation for the science of cybersecurity. Proactive and Dynamic Network Defense, 1-31.
,
1
2
Identify theory
Student
Instructor
University affiliation
Class Name
Date
1. Introduction: Identifying a Potential Theory
· Chosen Theory: Social Cognitive Theory (SCT) is one of the promising guiding theories for this research. SCT is useful when understanding why people act the way they do given their belief system and the environment in which they operate, as cybersecurity concerns reflect employee training, compliance, and social interventions.
· Rationale for Theory: The focus of SCT on behaviour and learning processes aligns the investigation of the factors influencing cybersecurity education, awareness and the organisational culture on security practices and the preparedness of the workforce to the objectives of SCT.
2. Theory Application in Articles
Most of the selected articles use theories related to SCT, with concern to behaviour, learning, and awareness to explain or prescribe cybersecurity.
3. Theory Usage and Role in Each Article
· Admass et al. (2024): In terms of SCT, this paper revisits the role of behavioural interventions in the context of cybersecurity. The theory here focuses on how the behaviour of individuals affects security risk management and how training affects security.
· Li & Liu (2021): Drawing with references to SCT principles, the study review of employee behaviour and the role of changing threats describes how perceiving influences the response to risks. According to the authors, SCT informs their discussion toward the alteration of cybersecurity behaviours depending on threat events.
· Furnell (2021): SCT is used to investigate the behavioural characteristics of cybersecurity learning and training, where theories of learning and motivation provide a rationale for engagement from the workforce.
· Dillon & Tan (2024): SCT is used to advise the way in which this study analyses how education promotes security consciousness among the cybersecurity workforce. The theory is helpful in explaining the development of security skill sets.
· Shaukat et al. (2020): This article applies SCT by discussing what has been presented about machine learning to forecast behaviour-based threats and how models refine the cybersecurity process from behavioural patterns.
· Safitra et al. (2023): SCT can be seen when studying frameworks of proactive behaviour minimizing risk. It informs the proposed principle for risk management from an employee perspective.
· Handa et al. (2019): SCT applies in developing the understanding that awareness as well as knowledge sharing is critical for the employees’ compliance with security processes.
· Li et al. (2019): SCT is integrated into this article explicitly to explain how awareness contributes to employees’ cybersecurity practice, policy knowledge, and behaviour change.
· Xu (2019): In this sense, SCT principles contribute to building a foundation of thinking for working in network security from positions of prevention and prevention-related behaviour, which pays special attention to the social and organizational aspects of organizing defensive actions.
· Nizich (2023): Decision makers use SCT to assess requirements for training a workforce by examining the learning theories that help predict future security threats.
4. Role of Theory in Studies
· Primary Role: SCT is mainly used to explain how individuals’ behaviour relates to security practices across the various studies. It offers the basis for understanding the cybersecurity training, awareness, and the policy impact on individual and organizational security.
· Impact on Findings: SCT underpins insights into relevant educational and training interventions to promote safer and more secure behaviours in cybersecurity contexts where persons undertake behavioural changes towards more educative and positive cybersecurity cultures.
5. Role of Theory in the future research design
· In Quantitative Research: SCT can lead research works that measure the extent of the effects of training on the practice of cyber security like studies on the level of awareness among respondents before and after the training. It enables hypothesis testing and conducts statistical modelling of behavioural paradigms.
· In Qualitative Research: SCT can use interviews or case studies for example to look at the practice or perception of the employees on cybersecurity. Still, there is a way in which qualitative data can complement insights into facilitators and challenges to safe practices.
· Differences: Quantitative applications highlight the number of times behaviour occurs as a key result feature while qualitative applications shed light on details of why behaviour occurs.
6. Identified Gaps in Theory or Practice
· Observed Gaps: The articles often document a call for more investigation concerning the organizational culture and awareness training towards improved permanency of cybersecurity. Lack of knowledge is there with regard to the identification of more particular motivational factors that give rise to security-indicative behaviour.
· Implications for Future Studies: Herein, expanding on these gaps enables future research to utilize SCT to investigate the organizational practices that support cybersecurity awareness and prevention of employee behaviour.
7. Conclusion: Scholar-Practitioner Perspective
· Application in Practice: SCT can benefit the scholar-practitioner in as much as it generates theoretical underpinnings for scholar-practitioners to design contextualized interventions intended to promote the sustainable implementation of security paradigms. Since SCT focuses on social and individual behaviour, it enhances theoretical contributions to the field and contributions to practice elements of the cybersecurity workforce.
References
1. Admass, W. S., Munaye, Y. Y., & Diro, A. A. (2024). Cyber security: State of the art, challenges and future directions. Cyber Security and Applications, 2, 100031.
2. Dillon, R., & Tan, K. L. (2024). Cybersecurity workforce landscape, education, and industry growth prospects in Southeast Asia. Journal of Tropical Futures, 1(2), 172-181.
3. Furnell, S. (2021). The cybersecurity workforce and skills. Computers & Security, 100, 102080.
4. Handa, A., Sharma, A., & Shukla, S. K. (2019). Machine learning in cybersecurity: A review. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 9(4), e1306.
5. Li, L., He, W., Xu, L., Ash, I., Anwar, M., & Yuan, X. (2019). Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior. International Journal of Information Management, 45, 13-24.
6. Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176-8186.
7. Nizich, M. (2023). Preparing the cybersecurity workforce of tomorrow. The Cybersecurity Workforce of Tomorrow, 117-146.
8. Safitra, M. F., Lubis, M., & Fakhrurroja, H. (2023). Counterattacking cyber threats: A framework for the future of cybersecurity. Sustainability, 15(18), 13369.
9. Shaukat, K., Luo, S., Varadharajan, V., Hameed, I. A., & Xu, M. (2020). A survey on machine learning techniques for cyber security in the last decade. IEEE Access, 8, 222310-222354.
10. Xu, S. (2019). Cybersecurity dynamics: A foundation for the science of cybersecurity. Proactive and Dynamic Network Defense, 1-31.
,
1
2
Acceptable topics
Student
Instructor
University affiliation
Class Name
Date
Summary of Key Articles on Cybersecurity Governance and Risk Management
Cybersecurity governance also has a central function in the processes used by organizations to regulate the risks associated with cyber threats. This paper presents a summary of five articles that contribute significantly to understanding the impact of cybersecurity governance on risk management practices in organizations.
1. Jarjoui, S. & Murimi, R. (2021). A Framework for Enterprise Cybersecurity Risk Management. Advances in cybersecurity management
In their recent systematic literature review, Jarjoui and Murimi (2021) propose a framework for implementing cybersecurity governance within the context of enterprise risk management (ERM). The authors also pay considerable attention to such concepts as the integration of cybersecurity measures into other organizational risk policies.
Relevance to Topic: This framework directly fills the gap of how governance can be integrated into risk management, which is an important component of the proposed study. This demonstrates how proper governance of the firm leads to an improvement of controls to address the risks of cyber threats.
Methodology: This work employs a qualitative research analytic approach in trying to explore the existing cybersecurity frameworks and compare enterprises' security practices. The authors encourage future researchers to determine how this framework is implemented across various industries.
Conclusions: Integrating a unified model of cybersecurity governance when addressing the problems of managing risks in an organization is extremely effective. This in turn has prompted the need for governance structures that can address specifics of the particular industries involved.
2. The impact of cybersecurity risk management examinations and cybersecurity incidents on investor perceptions and decisions.
Perols and Murthy (2021) examine how cybersecurity risk management audits and disruptive events affect investors’ judgment. For that reason, they contend that organizations that have structured governance systems that comprehensively address cybersecurity are more likely to retain investor confidence even in the aftermath of cyber events.
Relevance to Topic: Among external dimensions of cybersecurity governance this article reveals the impact of cybersecurity on investors. The claim advances that sound governance does not only eliminate operating risks but also safeguards the image and solvency of a company.
Methodology: The research method is also quantitative, which serves to examine the responses of investors from public companies. This empirical method is popular and effective for the analysis of the financial consequences of cybersecurity governance.
Conclusions: The result of the analysis of the research materials indicates that corporate actions with effective governance practices can significantly mitigate the detrimental effects of cyber security events on investors’ decisions as they emphasize the necessity of transparent and effective cyber security policies.
3. Evaluating the cyber security readiness of organizations and its influence on performance.
In this paper, Hasan et al., (2021) assess the state of readiness in organizations for cybersecurity and its impact on performance. Instead, they present a maturity model that describes the extent of organizations’ readiness for confronting cyber threats in relation to their governance frameworks.
Relevance to Topic: The article is useful in establishing the connection between an organization’s level of governance maturity on the level of risk management it achieves. This shows that an organization’s level of preparedness for cyber threats, based on good governance practice, is proportional to organizational performance.
Methodology: The study applies a survey method to assess the firms’ preparedness for cybersecurity threats. This generally used and recognized methodology is useful for the evaluation of governance maturity levels in diverse industries.
Conclusions: Those organizations with a more developed state of cybersecurity governance structures observe improved organizational performance and are capable of adequate risk management thus confirming the readiness as the crucial part of the cybersecurity governance.
4. Integrating cybersecurity and enterprise risk management (ERM)
This article from the National Institute of Standards and Technology (NIST) offers direction for implementing cybersecurity with enterprise risk management. It provides specific guidance on how governance arrangements can be integrated with other systems of risk management.
Relevance to Topic: This article is important for the proposed study because it provides a set of guidelines for how to integrate cybersecurity governance into ERM. This paper underscores the role of governance in managing diverse risks prevalent in organizations cutting across different industries.
Methodology: Conceptually, the authors harness a regulatory and a framework-based method to give directions on how to enhance cybersecurity governance in organizations.
Conclusions: The fact that organizations are making cybersecurity governance as an integrated process with ERM proves the notion in this work that governance has to be a comprehensive component of organizational strategy.
5. PRISM: a strategic decision framework for cybersecurity risk assessment. Information & Computer Security
PRISM was developed by Goel et al. (2020) to provide a decision model for cybersecurity risk evaluation. The model also makes emphasizes with regards to the making of governance as one of the strategic factors in cybersecurity decisions.
Relevance to Topic: The PRISM framework offers a strategic vision in the context of governance on how an organization might approach, evaluate, and control cybersecurity risk, coupling governance with decision-making in risk management.
Methodology: To ensure the identified framework is generalized across a host of industries, the article uses both quantitative and qualitative data to prove the mixed-method framework.
Conclusions: By coming up with strategic decision-making frameworks such as PRISM then an organization's capability of handling cyber security risks is boosted; therefore, supports the importance of efficient governance for the organization in handling risks.
References
Goel, R., Kumar, A., & Haddow, J. (2020). PRISM: a strategic decision framework for cybersecurity risk assessment. Information & Computer Security, 28(4), 591-625.
Hasan, S., Ali, M., Kurnia, S., & Thurasamy, R. (2021). Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications, 58, 102726.
Jarjoui, S., & Murimi, R. (2021). A framework for enterprise cybersecurity risk management. In Advances in cybersecurity management (pp. 139-161). Cham: Springer International Publishing.
Perols, R. R., & Murthy, U. S. (2021). The impact of cybersecurity risk management examinations and cybersecurity incidents on investor perceptions and decisions. Auditing: A Journal of Practice & Theory, 40(1), 73-89.
Stine, K., Stine, K., Quinn, S., Witte, G., & Gardner, R. K. (2020). Integrating cybersecurity and enterprise risk management (ERM) (Vol. 10). US Department of Commerce, National Institute of Standards and Technology.