Information Security and Technology Department
I work in the MERCURY USA Information Security and Technology Department as a cyber threat analyst. Today, I’ll be presenting our proposal to address the CEO’s mandate to protect the organization from dangerous ransomware attacks.
Let’s get started.
1
<insert narration>
AGENDA
2
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
Tell your audience what you intend to cover in your proposal. This is the PURPOSE of your communication!
You should cover the three areas enumerated in the Project 3 instructions.
Ensure you link your main points to your earlier work in Project #1 and Project #2.
Although three main points is considered ideal, use less or more to fit your project; four main points are shown here for example purposes only.
The three projects should be consistent and aligned with Judy “Mac” McNamara’s guidance.
2
Main Point #1
Main Point #2
Main Point #3
Main Point #4
1: OUR BUSINESS CASE
3
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
<insert narration>
What are the important factors about the business?
What is the CEO’s intent and guidance?
How do the first two items relate to the next slides?
Example sub-bullet #1
Example sub-bullet #2
Example sub-bullet #3
This is main point #1. Provide no more than six bullets to expand on your topic.
Limit each bullet to around six words.
This is known as the 6 x 6 rule of presenting.
On this slide, you should cover the business case. Think of this as the value to the business that will result from your recommendations.
How does your recommendation meet the CEO’s direction and intent?
Tell your audience members the what, why, how, and who so that they can make an informed decision about your proposal.
If you do not cover these areas adequately, you may not get a decision, you may get a negative decision, or you may be told to come back after you’ve done your due diligence.
3
2: OUR SECURITY POSTURE
4
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
<insert narration>
What are the most important vulnerabilities discovered?
What is our exposure to known threats?
How did you link the results to the business?
Transportation industry hit hard by ransomware attacks
Example #1: Use your findings and conduct research [1]
Example #2: Use your findings and conduct research
This is main point #2. Provide no more than six bullets to expand on your topic.
Limit each bullet to around six words.
This is known as the 6 x 6 rule of presenting.
What vulnerabilities did you find in your analysis? What are the most important to tell the CEO about? Why are the vulnerabilities you selected important to the business? Ensure you explain in plain language, not technical jargon or cyber-speak.
What are the threats that you see to the business given the scenario?
Now consider this simple equation from the uCertify content: risk = threat x vulnerability x impact
Use the equation to effectively explain your findings.
If you find yourself struggling to quantify a vulnerability, return to this equation.
Are there identified and specific threats to MERCURY USA? Avoid generic threats and using fear as a motivator.
Is there a vulnerability from your analysis that can be linked to the specific threat?
What is the potential impact in not addressing the threat (e.g., cost, reputational, loss of jobs, damage to hardware and software, etc.).
4
James Brocker (JB) – [@Andrew Rider] [@Jessica McCarty] Not sure I understand the first bullet point. Looks like something is missing.
James Brocker (JB) – [@John Galliano] Can you review?
John Galliano (JG) – Sorry for that, Team. Looks like a stray-click & delete. Fixed!
3: OUR VM PROCESS
5
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
<insert narration>
<example process graphic>
This is main point #3. Provide no more than six bullets to expand on your topic.
Limit each bullet to around six words.
This is known as the 6 x 6 rule of presenting.
This slide includes an example graphic.
5
A
B
C
D
E
F
4A: WE NEED A GOOD SCANNER
6
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
<insert narration>
Reviewed scanners
<Product Name> is recommended due to several factors
Sub-bullet #1
Sub-bullet #2
Sub-bullet #3
Sub-bullet #4
This is main point #4. Provide no more than six bullets to expand on your topic.
Limit each bullet to around six words.
This is known as the 6 x 6 rule of presenting.
Provide your logic in recommending a scanning tool.
What process did you use to evaluate the scanning tools?
What tool are you recommending? Provide at least three sub-bullets to support your recommendation.
6
4B: THE ASK
7
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
<insert narration>
Lead-in bullet
Sub-bullet #1
Purchase <Product Name>:
Cost
Manpower
Measures of success
This is main point #4 continued. Provide no more than six bullets to expand on your topic.
Limit each bullet to around six words.
This is known as the 6 x 6 rule of presenting.
Now give the specifics of your ask to the executive decision maker.
What are you asking for? How much will it cost? Who will implement it, and will additional manpower be required?
What about training? How will you measure success?
7
SUMMARY
8
Logistics through innovation, dedication, and technology – MERCURY USA Delivers!
<insert narration>
Main Point 1
Main Point 2
Main Point 3
Main Point 4
This is your summary and your last opportunity to connect with your audience.
Do not merely repeat your agenda topics. Add one to two important details about each main point to review for your audience.
Ensure you re-state why you are giving this pitch: What is the decision you want?
What is/are the main takeaway(s)?
8
EXECUTIVE DISCUSSION & QUESTIONS
The obligatory questions slide. In this scenario, it is highly likely for open discussion to occur among the executives present and other stakeholders, and you will field questions.
A narration for this slide is not required.
9
<Example IEEE Reference Citations>
[1] A. Greenberg, “The Untold Story of NotPetya, the Most Devastating Cyberattack in History”, Wired, 2020. [Online]. Available: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/. [Accessed: 19- May- 2020].
[2] “Nessus Pro”, Tenable.com, 2020. [Online]. Available: https://www.tenable.com/products/nessus. [Accessed: 19- May- 2020].
REFERENCES
10
The example above uses IEEE style. Ask your instructor for clarification on the style to be used.
A narration for this slide is not required.
10