Case Study carries a 15% weight of the final grade (150 Points) . You must find an organization that has implemented information systems security with emphasis on one or more security services and mechanisms. These services and mechanisms may include Access Control, Authentication, Intrusion Detection, Firewalls, Perimeter Protection, VPN security, Antivirus Infrastructure, Intranet Security, PKI, Real-time Protection, Unix/Windows Security, and Security Auditing. There are many more services and mechanisms that might be available for analysis. The focus of this assignment is Information Systems Security. Writing about gates, guards, fences, lighting , CCTV, and building access is not appropriate for this assignment.
Your case analysis must focus on strengths and weaknesses of the security of information infrastructure with respect to the services and mechanisms you have identified for analysis. You do not need to analyze all services and mechanisms. Select those that you might consider critical to the system being examined. For example, access control is very critical in on-line Consumer Banking system, while encryption is considered very critical in Business-to-Business Electronic Commerce. The case does not need to identify the corporation or employer. This is done for those who would like to look at a problem within their own organization without the problems associated with publishing employer information. The case should focus on a specific security issues and technologies. Recommendations for improvement are a required part of the analysis.
E-commerce organizations that have experienced a data breach in the past will have adequate information published to formulate a case. Interviews are not required for this case. If a Department of Defense organization is used in Case Study, ensure that all sources are from the public domain.
Analyze the case you have selected by providing the background and existing infrastructure for information systems security and make reasonable recommendations for improvement. There is always a room for improvement. Approximate length of case should be between 3 to 5 pages, double-spaced, and well-documented. You must make specific recommendations.
Your grades in case study will be determined by your analytical skills, ability to identify real-life security problems, professional competence, and the feasibility of recommended solution(s) for real-life implementation. Your case is unique and therefore, your report will not be compared with other student reports.
Primary Reference: Corporate Computer Security (Online Courses ONLY )
Author: Randall J. Boyle