CST 610 Project 1

Guidance for Project 1

Here are some thoughts on how Project 1 can be approached and how it will be graded.

The project deliverables include (1)A Security Assessment Report or SAR on the state of the Microsoft and Linux operating systems within the fictitious organization in the scenario, (2)A non-technical narrated presentation. There is no executive summary. Your narration can be written speakers notes in the notes area. The audiences for the SAR and for the presentation are different. The SAR targets technical and non-technical leadership and the Presentation targets only the executive level which needs to know the credible essence for making their decisions.

Next go through the template I provide for your report. The template organizes your work and indicates the information to be included and follows each step of the project. It addresses Criteria 1.1. I therefore suggest that you use it. However, feel free to use any format that is well-organized and covers the desired information within the Project steps.

Now, go through each of the project Steps and begin completing the template by understanding and analyzing what you learn in each step and writing the corresponding desired material in security-professional language, being specific rather than general and citing real events and impact as appropriate. This will address Criteria 2.3 and 5.4. Professionals often include tables of results which makes comparisons and explanations easier to understand. Feel free to include tables and be sure that you explain what and the significance of the table entries are when using tables.

. Make believe that you are performing the work at the company in the scenario and finding results which identify threats, vulnerabilities and means for remediation. Use those specific results within your report. This again addresses Criteria 2.3 and 5.4.

All three Criteria are also addressed in your narrated presentation non-technical presentation to upper management/executives. Here are a few significant aspects for you to keep in mind when you create your presentation.

1. Upper-management is interested in the bottom line.

2. Help upper management understand the technical vulnerabilities you found by giving them the business impact and consequences. Giving real examples drive such impact home.

3. Help them understand that having these issues is normal for an organization and that they just need to address them in some orderly fashion.

4. Help them clearly see their required actions and/or approvals. Explicitly ask for them.

5. Remember the options are to do nothing and accept the risk, to take all actions and to take some actions. Also remember that there are often multiple actions that can be taken for a given vulnerability. Help them understand which to settle on. You can make the suggested steps clear to them at the very end.

6. Finally, simply copying sections of your report and pasting them on slides in the presentation, does not accomplish the above. You need to digest what you covered in the SAR and in business, rather than technical terms help them understand the importance and need to act and the options available and recommended to them.

~ 2 ~