Bringing the Entire Information Security Semester Together With a Team Project

Information Security 365/765Nicholas A. Davis, CISA, CISSP

Team ProjectNovember 2, 2017

Group ProjectGroup ProjectOverviewOverview

Congratulations, you have graduated from UW-Madison, with a 4.0 GPA in your Information Systems major. Although you had dozens of job offers, you finally decided to take a consulting position with Ernst & Young. You first assignment is with a publicly traded Fortune 100 company. You have been assigned to work on-site, with the rest of your team members, to conduct an IT Security assessment of your client’s company.

11/02/17 UNIVERSITY OF WISCONSIN 2

AssignmentAssignment

1. Read the annual report of the company to which you have been assigned, so that you are aware of the specifics of their business, the products they make, where they operate, and how the company functions.2. Based on what you learn from the annual report, you have been asked to perform an IT security assessment of the entire environment. 3. Compile your findings into a 30 minute Powerpoint presentation, which your team will present to senior management, who just happen to look very much like your classmates


Your Powerpoint presentation should include

An brief (3 minute) overview of the company you are working at and what their primary business is



A comprehensive review of their IT enterprise systems, which means that you should review all the different areas we covered in class, this semester. Obviously, you will not be able to gather this information from the annual report, so you are being asked to engage your imagination. Based on what you know about the company, fill in the information gaps with your best educated guess as to what their IT systems look like



In your team’s assessment (Powerpoint presentation), you MUST review all the topics we discussed throughout the semester, as they relate to the company you have chosen. In some cases, a specific topic may not apply. In such a situation, you will describe why that topic does not apply in your case.



In your team’s assessment, you MUST find problems in at least SEVEN of the areas below. For some topics, you will again need to use an educated guess as well as your imagination. For example, in the Security Trends section



Adding a sense of humor to the presentation is always appreciated as well. Be professional, but be friendly while giving your presentation. Be thorough but make sure that the concepts, ideas and suggestions made are clear and appropriate for the Board of Directors and executive management. Remember, you are billing out at $300 per hour for your IT security expertise. Therefore, management expects your Powerpoint presentation to look professional, and polished. Pictures, graphs, etc, are always good things to have.


IMPORTANTIMPORTANT

Remember, your team is playing the role of outside experts, brought in to assess the environment and then present your professional opinion. You analysis for each area should include a clear description of:

1. The current situation

2. The threats (if any) which have been discovered

3. Suggested changes, to improve that aspect of IT security


GradingGrading

You will be graded as a team, not individually. Your grade will be determined by your class peers, who will only have a limited amount of grading points to distribute, so it won’t be possible for every team to score 100 points. We have seven teams and each student/peer will be asked to distribute 540 points, among the six teams they are grading (students will not grade their own team.) With 540 points to distribute among six teams, the average will be 90 points per team, out of a possible 100 points. So, make sure to work hard, to make your team presentation stand out above the rest of the team presentations.


Areas of EvaluationAreas of EvaluationList of items to evaluate in your assessment.• Information Security and Risk Management• Access Control• Security Architecture and Design• Physical and Environmental Security• Telecommunications and Network Security• Cryptography• Business Continuity and Disaster Recovery• Legal, Regulations, Compliance and Investigations• Application Security• Operations Security•Cloud Security•BYOD Security•Blockchain


More About GradingMore About Grading

There are five teams. You are being asked to grade four of them. You will not grade your own team.You have 360 points to distribute among the six teams you are grading.Grading is on a 100 point scale.If a presentation is fantastic, you might choose to award the team 100 pointsIf a presentation good, you might choose to award the team 86 pointsIf a presentation is poor, you might choose to award the team 73 pointsHowever, remember that the total number of points awarded to all six teams MUST total 360


Grading CriteriaGrading CriteriaWhen grading, ask yourself the following questions:How well did the team address all the areas we studied in class?How well did the team demonstrate their knowledge of the IT Security topics we studied in class? Did they find problems in at least seven areas/topics we studied?Did the presentation seem professional and suitable for an executive audience?Did the team seem well prepared to answer any questions?Overall, did the team seem to have a good understanding of their company, and did they prepare well?


Let’s MeetLet’s MeetOur Teams!Our Teams!

Spend the rest of class meeting your team

Make plans to get together

Discuss which company you want to analyze

Ask me any questions you may have


Bringing the Entire Information Security Semester Together With a Team Project

Internet

Transcript of Bringing the Entire Information Security Semester Together With a Team Project