The Scenario
Your team’s commitment to community service is commendable. You and your team have volunteered to participate in a free community information security clinic (“ITACS Clinic”) and provide support to under-served small local businesses in the Philadelphia area. In a prior meeting your team was introduced to a number of small businesses and community support organizations. At that meeting you did a great job introducing your company and the services you are offering through the clinic. One organization that attended the meeting has taken you up on your offer, and signed up to meet with you and receive intensive help from your team.
Your Team’s Mission is to prepare a presentation to give the owners and leaders of the business during an appointment they have with you at the information security clinic. The goal of your presentation is to educate the owner and manager of the business about:
1.Information System Security – Introduce them to “Information Security Objectives”, and how the objectives are relevant to small businesses like theirs
-
- Confidentiality, Integrity and Availability
- Prevalence and impact of breaches on businesses like theirs
2.Risk Management Process – The process you will guide them through to help them secure their information and computer systems
-
- For example: NIST Cybersecurity Framework or Risk Management Framework
3.Homework – What they need to work on and bring with them to your next meeting:
-
- Business Impact Analysis information your Team needs the business owner/manager to provide to get started with the first step of the process
–Information Inventory: What types of business data do they have?
–How important is the data that they have?
4.Motivation – Why they should do their homework? What is in it for them?
-
- Explain how the information you are asking them to compile and bring to the next meeting will help you determine a cost-effective and good security solution for their information and information systems
5.Assignment Details – How they should do their homework
-
- Provide a worked-out example they can use as a template to help them started and guide their work
- (Example handout – this is an ISO27001 template that has a number of issues that you need to fix and improve on).
Deliverables
By end of day of your Team’s final presentation, each member of each project team should submit to Canvas in PDF format the following:
- Team project PowerPoint slide presentation
- Homework materials you prepared for your client
- 360-degree review: What each member of your Team (including yourself) contributed to the development and delivery of your Team’s presentation
Be sure to identify: your client, your Team, and all members of your team in deliverables for both 1-3.