- You and your team have volunteered to participate in a free community information security clinic (“ITACS Clinic”) and provide support to a under-served small local business
- In a prior meeting your team was introduced to a number of small businesses and community support organizations. At that meeting you did a great job introducing your company and the service you are offering through the clinic
- One organization that attended the meeting has taken you up on your offer, and signed up to meet with you and receive intensive help from your team
Your Team’s Mission is to prepare a presentation to give the owners and leaders of the business during an appointment they have with you at the information security clinic. The goal of your presentation is to educate the owner and manager of the business about:
- What information security is and it relates to your client’s business
- The process your clinic will guide them through to help them secure their computers and data
- The level of effort and commitment their business will need to make to achieve information security
- The “homework” you need them to do when they leave this meeting. You will explain to them the information you need them to gather and bring with them to their next meeting with you. The information they compile and turn in to you when they return for their next meeting with you must contain what your team needs to begin planning an information security program that will help the organization get started securing and protecting their information systems and data which they rely on to conduct their business.
Your assignment is to prepare and deliver a PowerPoint presentation and provide supporting materials described in your presentation for the business owners to fill-out and bring to the next meeting with your team at the clinic. Your deliverables should include the following:
- 15 minute presentation given in class by the team, followed by 5 minutes of questions and answers. Your presentation can be in the form of a slide-show or video
- PowerPoint presentation (~5+ slides) – submitted as hard-copy in-class or as digital copy via email to Prof. Lanter, and uploaded to your project team Google drive folder
- Handouts to help the business owner(s) and stakeholders do their homework for your next
meeting. Include a handout(s) they can take with them to prepare the information you need from them that includes a worked out example the business owners can relate to. Provide as hardcopy in-class or as digital copy via email to Prof. Lanter, and uploaded to your project team Google drive folder.
- Word document Email to Prof. Lanter from each team member stating: a) What I contributed to the development and delivery of our presentation, and b) What each other member of the team contributed
Presentation Project Grading Criteria
Inclusion and quality of explanation of the following:
- The identification of the organization you will be helping
- The goals for information systems security and business continuity, and that you will help them accomplish the goals in a practical and cost effective way
- Explanation of the systematic process you will apply to assure that the company’s/organization’s information security goals are achieved
- What the company needs to do to take the first step: Identify/Categorize
I will specifically be looking for a high-level introduction to
- The 5-step process of the NIST Cyber Security Framework: Identify, Protect, Detect, Respond, and Recover
- The objective and process for information system security categorization based on FIPS 199
- …with an emphasis on conveying how the first Identify/Categorize step will enable the “success” of the following steps
I will be evaluating:
- The usefulness of the instructions you provide to help the business/organization leaders create an information asset inventory and risk assessment organized as an IT asset risk register that can serve as a business impact assessment (BIA) document
- How well you motivate the leaders of the company/organization to do this first step of creating a risk register for their organization’s BIA.
- The organization of the presentation materials you store in your team’s project folder on the Google Drive (You will be provided with a Google Drive Folder to organize your materials in)
Your presentation should be based on class readings, lecture materials, and resource materials you find from your own research. Here are a couple of example resources you may use or modify in developing your presentation….