456 Team Projects - Fall 2011 Resident

 

Project 1 Security Models (1-1)

 

Assume that a security model is needed for the protection of information in your class. Using the CNSS model, examine each of the cells and write a brief statement (about 1-2 paragraphs) on how you would address the three communities of interest in that cell.  (Note that you are evaluating 27 cells - 3x3x3)

 

Do this in a Word Document with a title, team member names, and an introduction that explains the purpose of the paper.  Have a header for each cell.  Consider all class information including lecture notes and materials, team work, grades, etc.  Be mindful of Penn State policy (where appropriate) and laws such as FERPA.

 

Your paper will be delivered both in print form and posted to an online drop box. Include a summary that explains the work breakdown among team members.

 

Rubric:

 

The complete project is worth 15% of your final grade.  Based on a total of 100% the breakdown of components for project grading will be:

 

10% -- Team did an excellent job of following directions, including all required sections.

 

81% -- (3% per cell) Team did excellent job, in 1-2 paragraphs per cell, of explaining how they would address the issue of this cell with respect to the three communities of interest.

 

9% -- The project is composed very well, construction and composition are excellent.  There are no spelling or grammatical errors.

 

-------------------------------------

 

 Project 2 Security Policies

 

Examine the Penn State Policy Manual (GURU)  http://guru.psu.edu/policies/    Identify seven policies or guidelines that are related to information security.  Describe and summarize each of these in a report.  Be sure to explain the purpose and rationale for each policy and guideline.  Your report will be in essay format but should contain bulleted items for each policy identified.

You should have a minimum of 2-3 paragraphs of summary and analysis for each policy identified.

 

Be sure to look at the revision history for each policy and/or guideline and explain, where applicable, how evolving technology and usage of technology made the policy and/or guideline necessary.  Also consider compliance with Federal and State laws, as this is an emerging, but important, aspect of information security.

 

Your paper will be in the form of a Word document. Your paper will be delivered both in print form and posted to an online drop box.  Include a summary that explains the work breakdown among team members.

 

TIPS:

 

     These are all under the category of Administrative Policies and Guidelines

     There are at least 7 policies/guidelines that are relevant to this project - depending on your perspective there could be 2-3 more.

     When you signed for your PSU access account you agreed to be legally bound by these policies and guidelines - so you should at least know what they are.

 

 

Rubric:

 

The complete project is worth 15% of your final grade.  Based on a total of 100% the breakdown of components for project grading will be:

 

15% -- Team did an excellent job of following directions, including all required sections.

 

35% -- (5% per policy/guideline) Team did an excellent job of identifying 7 policies/guidelines relevant to IT security and summarizing each policy or guideline in a few paragraphs.

 

35% -- (5% per policy/guideline) For each policy or guideline identified team did an excellent job of explaining why this policy or guideline was necessary - within the context of the evolution of information technology and usage.

 

15% -- The project is composed very well, construction and composition are excellent.  There are no spelling or grammatical errors.

 

 

Project 3 -- Security Auditing and Standards -- ISO/IEC 27000 series

 

Examine the published ISO/IEC 27000 series of standards for security management.  A good starting point for this is http://en.wikipedia.org/wiki/ISO/IEC_27000-series although there is a great deal of information regarding ISO-27K on the Web.  (Hint, search on specific standards for more detailed information.)

 

Prepare a paper in which you describe ISOs 27001, 27002, 27003, 27004, 27005 and 27006.  Explain the intent of each standard and how it might be applied in a mid-sized organization.  Summarize the important points of that standard and what security managers can do to apply the standard in their organization. Include an introduction that is a brief overview of the ISO/IEC 27000 series.

 

Your paper will be in the form of a Word document. Have a separate heading for each stabndard.  Your paper will be delivered both in print form and posted to an online drop box. Include a summary that explains the work breakdown among team members.

 

Rubric:

 

The complete project is worth 15% of your final grade.  Based on a total of 100% the breakdown of components for project grading will be:

 

5% -- Team did an excellent job of following directions, including all required sections.

 

90% -- (15% per standard) Team did an excellent job of summarizing the 6 required ISO/IEC standards, explaining their purpose and intent, and explaining how security management might implement them.

 

5% -- The project is composed very well, construction and composition are excellent.  There are no spelling or grammatical errors.

 

 

Team Security News Presentation

 

Your team will identify an important event in security news that has implications for security management.  Possibile examples might include:

 

     A major specific systems attack, such as a compromise at a major business or government data center.

     A new Federal or State law impacting information security and/or security certification, or a major case related to this area.

     A new technology, technique, or methodology that impacts information security management.

 

Prepare a 5-8 minute presentation, using Powerpoint, that you will present to class.  Be sure to cover

 

     The specifics of the item presented

     The relevancy to information security management

     Any possible positive or negative impacts

     References (MLA format) and resources for further information

 

All team members must participate in the project and presentation.  Powerpoint slides will be provided to the instructor, before the presentation, in both print and digital form.

 

Rubric:

 

The complete project is worth 10% of your final grade.  Based on a total of 100% the breakdown of components for project grading will be:

 

15% -- Team selected an excellent topic for the presentation that is very relevant to information security management.

 

20 % -- Team followed all project rules and provided a paper copy of the Powerpoint slides as well as a digital copy.

 

20% -- Team did an excellent job of developing Powerpoint slides that were appropriate for the information presented as well as keeping the audience interest.

 

20% -- Team did an excellent job of including relevant information in their presentation

 

15% -- Team speaking skills were excellent - pacing, transitions, vocal tone and volume.

 

10% -- Team did an excellent job of researching the selected event, and provided good references (in MLA format) and resources.