Scenario
You are on the management team at an aviation organization of your choice. There have been increasing concerns over the consequences of potential cyberattacks, and you have been asked to prepare an Aviation Cybersecurity Resilience Plan of Action to present to senior leadership.
Requirements
Your plan should include:
* a minimum of 10 pages (not including title and reference pages)
* a minimum of five external resources
* a Table of Contents
* appropriate headings to organize your content
* APA format
Details
Your Aviation Cybersecurity Resilience Plan of Action should include the following elements:
* Company Information
* Purpose and mission
* Descriiption of ecosystem elements
* Key stakeholders or customers
* Products or services
* Physical assets and facilities
* Digital data and information assets
* Aviation automation and technology elements
* Tolerance for cybersecurity risk (high, medium, or low)
* Legal Requirements:
Identify at least one law or regulation that applies to the organization. Identify the law or regulation and describe how that law or
regulation will impact your plan.
* Risk Management
: Using the risk management framework, identify and evaluate the top ten (10) cybersecurity risks and threats facing your organization.
* Governance
: Detail the governance structure that will be used to oversee the Resilience Plan of Action.
Cybersecurity Resilience Plan of Action Steps
* Identify and discuss the defense-in-depth strategies you will employ to prevent and mitigate cybersecurity threats to facilities, aircraft, IT, OT, and IoT
technologies, organizational processes, and people.
* For each identified cybersecurity risk or threat from your risk management process, identify and fully describe the controls or countermeasures (policies,
procedures, controls, countermeasures, processes, or practices) that you will put in place to improve cyber-resilience.
* Include plans to monitor and measure compliance with cybersecurity controls and countermeasures.
* Include an Incident Response Plan for each of the identified ten cybersecurity threats.
Some areas to discuss in your plan include:
* Manufacturing and supply chain
* Facilities and physical security
* Aircraft technologies (manned, unmanned, space)
* Access control and network security
* Personnel security
* Operational Technology (OT) and Internet of Things (IoT) security (include at least one IoT device)
* Application, software, and data security