– CYSE 425W –

This course explores cybersecurity policy and strategy and introduces students to the essentials of strategy development and policy making in cybersecurity. Topics considered include planning principles in cyber strategy; risk management and cybersecurity policy; the connections between cybersecurity policies, businesses, and governmental institutions; the knowledge, skills, and abilities needed to develop and implement cybersecurity policy; the social, political and ethical implications that arise in cybersecurity policies and strategies; strategies to assess cybersecurity policy; and the ties between national security and cybersecurity policy.

Throughout this course, I engaged in in-depth policy analysis and strategic planning exercises, focusing on cybersecurity at the national and organizational levels. My work involved understanding and assessing real-world policies, such as the CISA National Cybersecurity Strategic Plan (FY2024-2026), and exploring how these policies are implemented to protect national security and critical infrastructure.

One of the primary components of this course was completing six Policy Analysis Papers, each addressing a different facet of cybersecurity policy. These papers provided me with a structured approach to critically analyzing cybersecurity strategies and the implications of policy decisions on national and organizational security. By analyzing current and proposed policies, I gained insights into the complexities of cybersecurity governance and the challenges of balancing security with privacy and ethical considerations.

Skills and Values:

Policy Analysis and Critical Thinking: Developed the ability to critically analyze cybersecurity policies, assess their effectiveness, and understand the implications of many policy decisions.

Strategic Planning: Gained skills in evaluating and contributing to cybersecurity strategies that align with national security and organizational goals.

Ethical Awareness and Legal Compliance: Enhanced my understanding of the ethical, legal, and societal considerations that shape cybersecurity policies, especially those that impact privacy.

Communication and Reporting: Learned to communicate complex policy analysis findings effectively, a skill crucial for roles in governance, risk, and compliance (GRC).

Policy Analysis Paper 1

Policy Analysis Paper 2

Policy Analysis Paper 3

Policy Analysis Paper 4

Policy Analysis Paper 5