Sec578 week 6 course project and presenation 2017

Guidelines

• Papers must be 5–10 pages long (this would be roughly one page per area included in the report) with 10-point font. They must be double-spaced must include a cover page, table of contents, introduction, body of the report, summary or conclusion, and works cited.
• Even though this is not a scientific-type writing assignment, and is mostly creative in nature, references are still very important. At least six authoritative outside references are required (anonymous authors or web pages are not acceptable). These should be listed on the last page, which is titled "Works Cited."
• Appropriate citations are required.
• All DeVry University policies are in effect, including the plagiarism policy.
• Management Briefing (PowerPoint) is due at the end of Week 6 (resubmit to the Project Discussion topic in the Week 7 Discussion forum) of the course.
• Risk Assessment Report and Risk Management Matrix are due during Week 6 of this course.
• Any questions about the Course Project may be discussed in the weekly Q & A Discussion topic.
• The paper and PowerPoint are worth 190 total points and will be graded on quality of research topic, quality of paper information, use of citations, and grammar and sentence structure.

Week 1

Read the first week's Course Project files in the CSPM Project Files and Hacker Project Files in Doc Sharing. To obtain the role information for either the CSMP or the hacker, go to the Doc Sharing dropdown menu. There you will see a box next to the "Select View." Click on the arrow to view the choices. Then click on the "GO" button.

The case study will explore an information system and the organization in which it operates, and the current state of the information system. You will choose a scenario from either the perspective of a Computer Security Program Manager (CSPM) or from a hacker's perspective.

Next, place your decision in a Word document and submit it to the Week 1 Course Project Planning Assignment Dropbox. If there are insufficient CSPM choices or hacker choices, the teacher may (randomly) ask a student to change the choice.

Note: Once the choice is made, it is final. Sharing the CSPM and Hacker packets is not allowed.

Each teacher will send an additional handout to each student and provide extra information pertinent to the case. Each member will be provided identical information as its other group members (either the CSPM or hacker group). The CSPM packet and the Hacker packet present different information. The idea is to get two views of the risk for comparison: one from the point of view of the CSPM, and one from the point of view of a hacker.

Differing and contrasted perspectives offer a lens through which to view the problem of physical and operational security: from the lens of a responsible manager or from the lens of a hacker. The differing perspectives are useful in exploring the fundamental problems associated with securing an information system, and will have the student considering problems from both perspectives. In the industry, we even see the availability of "hacker certification" where technology professionals are trained to think like hackers in order to gain meaningful perspectives. As mentioned in the Week 1 Lecture, the advice to know the enemy and to think as the enemy is thousands of years old (Sun Tzu) but is as valid today as it was in 500 B.C.

Week 6

Management Briefing

The PowerPoint will be a briefing to senior management that could be used to present the findings of the risk assessment to management. The briefing will identify the system that was assessed, provide a brief description of the assessment process used, state the conclusions of the assessment, and recommend a course of action to management.

At the end of Week 6, the senior management-level briefing will be posted to the Project Discussion topic in the Week 7 Discussion forum and discussed among class members during that week. Differences in approach and findings will be identified and the ramifications of those differences will be discussed. Discussion, however, is not limited to these two topics but is expected to be "freewheeling" (where anything is fair game, but please use discretion).

Risk Assessment Report

The risk assessment report will contain a simple risk management matrix that can be easily read and understood by senior management so that management can make an appropriate risk management decision.

Risk Management Matrix

The risk management matrix will be a matrix with at least the following columns.

1. Risk description
2. What adversary might exploit this risk
3. Estimated likelihood of exploitation
4. Impact if the risk is exploited
5. Recommended course of action

At least three risks must be identified. Students are at liberty to add columns and rows to the risk management matrix if deemed necessary. Keep in mind this matrix is for senior management's use.

The following table is a sample to use.

Submit the Risk Assessment Report, Risk Management Matrix, and Management Briefing to the Week 6 Course Project Dropbox.

Note: the Management Briefing receives two grades: one for its submission to the Project Discussion topic in the Week 7 Discussion forum and the other for its submission to its Week 6 Course Project Dropbox.

See the Syllabus section "Due Dates for Assignments & Exams" for due date information.

Grading Rubrics

It is expected that students will produce different risk assessment reports, risk management matrices, and management briefings. There is no correct report, matrix, or briefing that is compelling; there are many vulnerabilities in the fictional system, and the threat agents may be chosen differently by each student. Additionally, the information available to the CSPM group is not the same information that is available to the hacker group.

Projects will be scored on the following criteria.

1. Clear, concise exposition of the risks that were identified (at least three). Be certain to follow APA format. Additionally, unclear grammar and misspelled words will be considered lack of clarity.
2. Clearly executed risk management matrix. All five (or more) columns and three content rows present the risk, needed controls, likelihood of occurrence, impact, and recommendation. These are clear and concise and suitable for senior management.
3. Clear management-level PowerPoint presentation of results of the risk assessment. It is advisable to include the risk management matrix as a slide, but not required.

Best Practices

The following are the best practices in preparing this paper.

• Cover Page - Include who you prepared the paper for, who prepared, and date.
• Table of Content - List the main ideas and section of you paper and the pages in which they are located. The illustrations should be included separately.
• Introduction -Use a header on your paper. This will indicate you are introducing your paper. The purpose of an introduction or opening:
  1. Introduce the subject and why the subject is important.
  2. Previews the main ideas and the order in which they will be covered.
  3. Establish a tone of the document.
  Include in the introduction a reason for the audience to read the paper. Also, include an overview of what you are going to cover in your paper and the importance of the material. (This should include or introduce the questions you are asked to answer on each assignment.)
• Body of Your Report - Use a header titled with the name of your project. Example: “The Development of Hotel X - A World Class Resort”. Then proceed to break out the main ideas. State the main ideas, state major points in each idea, provide evidence. Break out each main idea you will use in the body of your paper. Show some type of division like separate sections that are labeled; separate group of paragraphs; or headers. You would include the information you found during your research and investigation.
• Summary and Conclusion - Summarizing is similar to paraphrasing bur presents the gist of the material in fewer words than the original. An effective summary identifies the main ideas and major support points from the body of your report. Minor details are left out. Summarize the benefits of the ideas and how the effect the tourism industry.
• Work Cited - Use the citation format as specified in the Syllabus.

Additional hints on preparing the best possible project.

1. Apply a three step process of writing… Plan, Write, and Complete.
2. Prepare an outline of your research paper before you go forward.
3. Complete a first draft and then go back to edit, evaluate, and make any changes required.
4. Use visual communication to further clarify and support the written part of your report. Example graphs, diagrams, photographs, flowcharts, maps, drawings, animation, video clips, pictograms, Tables, and Gantt charts.