Mar 20 (Project 8): Information Security and Ethics

(Team - 75 pts) Casebook (pp 99-100)
Team presentations will be during class time on Apr 17.

Information Security Project: 2010/2011 CSI Computer Crime and Security Survey Analysis

Casebook (pp 99-100)
2010/2011 CSI Computer Crime and Security Survey
(You will be required to register for a free account to access the report. If you experience difficulties, please see your instructor.)

Project Objective
The Computer Crime and Security Survey is conducted by the Computer Security Institute (CSI) with the participation of the San Francisco Federal Bureau of Investigation’s Computer Intrusion Squad (FBI). The survey is the longest-running continuous survey in the information security field. This survey results are based on the responses of computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities. The survey addresses the major issues considered in earlier CSI/FBI surveys, thus allowing us to analyze important computer security trends. The long-term trends considered include:
(a) unauthorized use of computer systems;
(b) the number of incidents from outside, as well as inside, an organization;
(c) types of attacks or misuse detected, and;
(d) actions taken in response to computer intrusions.

Your next step is to follow the instructions below to work on the Information Security project. Your instructor will inform you where the 2010/2011 CSI Computer Crime and Security Survey file is posted so that you can print or access it. Each team will research and report on a separate topic related to information security:.

Parameters

This is a team project - Each team will be required to give a 8-10 minute presentation (2-3 minutes from each person) in class on your assigned topic (too long and too short are equally bad). Remember, you will be presenting technical information to a general audience.
Discuss the current trends for your assigned topic, based on the information within the CSI reports, and speculate on future trends and directions. You may wish to consult additional sources. Support your claims with credible information.
All team members must contribute equally to the presentation. All team members receive the same grade.

Your talk must include some form of visual reinforcement, but choose the medium carefully (PowerPoint, Web pages, handouts, etc.). Remember, a great PowerPoint presentation can (and should) enhance the program (not be the program). A poor (or over done) one can ruin it.
A laptop (WinXP with Internet access, MS Office, etc.) and projector will be provided. You may also use your own laptop if you prefer.
You do not need to dress up, but please remove caps, sunglasses, etc.
There is no written report required; only an in-class presentation

Teams (same as previous projects):

Team 1: Brigido A., John L., Brytny M., James W.
(Topic – Security Budgeting)
Figure 17 (Percentage of Security Budget for Security),
Figure 20 (Percentage of Security Budget Spent on Various Components)

Team 2: Anthony B., Daphne D., Christopher P., Thomas S.
(Topic – Outsourcing and Cyber Insurance):
Figure 18 (Percentage of Security Outsourced),
Figure 19 (Cloud Computing)

Team 3: Andrea F., Kyle P., Ryan P., Bradley T.
(Topic – Cybersecurity Breaches):
Figure 6 (Experienced Security Incidents),
Figure 11 (Percentage of Losses due to Insiders),
Figure 12 (Percentage of Losses that are Direct Expenses)

Team 4: Danielle H., Keith H., Kyle M., Benjamin W.
(Topic – Computer Attacks and Incidents)
Figure 8 (Number of Targeted Attacks),
Figures 9 and 10 (Types of Attacks Experienced by Percent of Respondents)

Team 5: Brian C., Callie L., Devin T., Christopher V.
(Topic – Security Technologies)
Figure 22 (Security Technologies Used),
 Figure 23 (Satisfaction with Security Technology)

Team 6: Jacob I., Jared L., Amanda P., Riley W., Curtis F.
(Topic – Security Audits and Security Awareness Training)
Figure 25 (Techniques Used to Evaluate Effectiveness of Information Security), Figure 26 (Techniques Used to Evaluate Effectiveness of Awareness Training)

Team 7: William K., Lauren M., Danielle R., Patrick S., Ryder S.
(Topic – Information Sharing):
Figure 13 (Actions Taken After an Incident),
Figure 14 (Reason for Not Reporting to Law Enforcement)

Team 8: Joshua B., Maggie B., Kali F., Elizabeth P., Justin S.
(Topic – Security Policy and Software Issues)
Figure 15 (How Would You Describe Your Information Security Policy),
Figure 16 (Software Development Process)