cybersecurity attack

CSC-321 Final Writing Assignment

In this assignment, you will write an article about a recent cybersecurity attack (of your choosing). The article will include the following components:

1) Executive summary: a 1-page executive summary highlighting the potential impact and likelihood of a similar attack against a fictional company XYZ. XYZ should be a company in a similar field to the company attacked by the vulnerability.

a. Audience: A C-level business executive. Do not assume they will have any technical knowledge but assume they are very interested in the economic impact of things.

b. Purpose: Provide a summary that they will use to make business decisions from. You need to be convincing that the cost of security makes business sense.

2) Technical report: a 3-page technical report including the following topics: Introduction, Vulnerability(s) exploited, financial impact (if applicable), social impact (if applicable), technological impact (if applicable), political impact (if applicable), patches available/needed to prevent these vulnerabilities (if applicable), human training needed (if applicable), comparison to similar vulnerabilities in the past 20 years, assessment of how common the vulnerability is, and recommendations for company XYZ to protect itself from similar vulnerabilities.

a. Audience: A Technical manager and his engineering staff. Assume a good knowledge of computer science, engineering, and math but no specific security knowledge.

b. Purpose: Provides information to engineers at XYZ about the attack and how to prevent a similar one against XYZ.

3) Press release: a 2-page article for popular consumption (think wired). This should explain the vulnerability, protection, and potential impact to general audiences (users and share-holders).

a. Format: 2-page wired article. Be informative, objective, and entertaining b. Audience: General public who are interested in technology but may have never taken a

computer science course and, almost certainly, have never taken a computer security course.

c. Purpose: To express your understanding to a broad audience.

Choosing your topic

Your article must be about a recent computer security exploit with real world impacts. You must get your topic approved in lab or by email before April 22nd.

Format​: IEEE conference formatting with 12pt font. All page counts are precise. You should not go over and should be no more than ¼ column under.

Press release (2 pages) Draft: Apr, 29 Due: May, 13

Lastly you are to write a two-page article for a national technical magazine, think Wired. This article is intended for a general audience who is interested in technology but does not have formal technical backgrounds. This article should explain the attack, its impact, how it is mitigated, and what (if anything) the general audience should do. This article should be informative, objective, and ​entertaining.

Executive Summary (1 page) Due: May, 27

An informative and concise 1-page summary designed to inform a C-level XYZ executive about the attack. This should include an assessment of the impact of the attack, the potential for the attack to be

mounted against XYZ, and how to mitigate similar attacks. This summary should be understandable by someone with a business background but no technical knowledge. This section should contain no references.

Technical report (3 pages + references) Due: Jun, 7

Your first deliverable will be a technical report exploring a modern cybersecurity attack. This deliverable must be 3-pages and wrote for a technical audience without security background. This report will be designed to inform the technical staff of a fictional company about the attack and how to avoid a similar attack. This report should have sufficient references when needed. This report should include the following sections.

1) Introduction – Narrate and motivate your work. Also, present a clear statement of the purpose of your document.

2) Technical explanation – describe the technical and social failures that enabled the attack. Make sure this is described in sufficient detail for the technical staff of XYZ to understand.

3) Impact – One or more section that will discuss the impact of the attack. This may include a. Social impact b. Economic impact c. Political impact d. Technological impact

4) Mitigation techniques – Describe, in sufficient detail for the staff of XYZ to understand, how to mitigate this attack. This may include technical solutions as well as human training solutions.

5) Related attacks – A survey of related attacks from the past 20 years including an assessment of the likelihood of the attack occurring again.

6) Conclusion – A summary of your finding as well as recommendations for the technical staff of XYZ.

Plagiarism: ​Per the Academic Senate’s resolution on academic dishonesty “​Plagiarism is defined as the  act of using the ideas or work of another person or persons as if they were one's own without giving  proper credit to the source,” ​(AS-722-10, 684.3). If you use a quote, fact, conclusion, lines of reasoning, or idea from someone else, it must be cited. It is also important to note that if you are paraphrasing a source, you should cite it. ​If in doubt, cite​.

Grading: ​The grade breakdown for the assignment will be 10% for the draft of part 3 30% for part 1 30% for part 2 30% for part 3