• No results found

The Information Security and Privacy Tradeshow. CIS 8080 Security/Privacy of Information Richard Baskerville

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "The Information Security and Privacy Tradeshow. CIS 8080 Security/Privacy of Information Richard Baskerville"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Page 1 of 5

The Information Security and Privacy Tradeshow CIS 8080 Security/Privacy of Information

Richard Baskerville

This activity simulates a market in which participants aim to offer the best information security and privacy products. In this market participants evaluate the products according to known criteria and acquire products from the market. Successes arise when products sell well in the market. Successes also arise when products are effectively evaluated.

Each team (Aces, Kings, etc.) is allowed to offer a product to the course tradeshow. The product should be represented in a tradeshow “booth”. At a minimum, the booth should include a representative of the team and a product brochure. The booth may also include a poster, art, demos, video, etc., but at least a brochure is required for scoring purposes. At a minimum, the product brochure should be a product brief that summarizes the purpose of the product, the targeted market/customers for the product, the features of the product, its benefits relative to similar products on the market, and its business value. The brochure should also detail the team’s name and the team member names.

The booth and the brochure should aim to critically explain and assesses the product to be demonstrated in in the tradeshow. Along the way, they should demonstrate the students’ ability to research a technical problem and its solutions, analyze data, synthesize data from different sources, and to compare and to evaluate distinct solution technologies with a clear train of fact-based argumentation. Any and all conclusions must be clearly stated. To insure research originality, students are strongly encouraged to seek information beyond web pages, and from at least one original source (such as an interview with an authority on the subject). To be complete and authoritative, the booth and brochure should include citations and full references to all direct sources.

Choosing a Product to Sell in the Tradeshow

The product must be a real information security and privacy product available for purchase in the contemporary marketplace. The selected product must not replicate a product previously claimed by another team via the course BrightSpace/D2L discussion set aside for this purpose. See evaluation criteria for more hints on the qualities of a good product for this tradeshow.

To claim your team’s product:

1. Logon to the course BrightSpace/D2L page. 2. Choose Discussions from the Menu.

3. Choose Topic Claims from the course content items 4. Choose the “Security product claim” discussion. 5. Read the example from the instructor

6. Verify that no team has claimed your topic by reviewing all existing claims (threads)

7. Choose “Start a new thread” to add your claim to the discussion. Include a URL for the product.

Choosing a Product to Buy in the Tradeshow

Each team will also rank all products in the tradeshow. Each team is allowed to “buy” three products at the tradeshow. A team may NOT buy or rank its own product. The purchase decision should be based

(2)

Page 2 of 5

on the product’s purpose/features and the team’s evaluation of the product. At least one purchased product should treat the risk described by the purchasing team’s threat scenario for Jashopper. In certain circumstances, highly ranked products may not be ideal for purchase. For example, if the three highest ranked products are all firewalls, purchasing three different kinds of firewalls could duplicate

functionality and provide less security than buying the top ranked firewall and two other kinds of products.

Tradeshow Operation

At least one member of each team should tend the team’s product booth to pitch the product to interested buyers. At least one member of each team should visit other product booths to evaluate and buy

products. Scoring:

Teams are graded on their ability to deliver a successful information security product to the market, and their ability to evaluate products available in this market. Each team must submit three items for scoring: (1) The team’s product brochure. (2) A photo of the team’s booth. (3) The team’s evaluation and purchase report.

Product Tradeshow Success: 80 Percent

Scoring is based on product quality ranking by experts in the market, and success in the market product sales.

Product Evaluation: 20 Percent

Scoring is based on the team’s rationale in applying the criteria to products in its product selection decision-making

Tradeshow Evaluation Criteria (Overall criterion)

1. How well does this product deliver business value to its customers? (Criteria based on ISO/IEC 27005 Information Security Risk Management)

2. What kinds of organizations are vulnerable to these risks? 3. How prevalent are these risks?

4. How effective is the product in its treatment of these risks?

5. How difficult is it to acquire? What is the installation and training burden? 6. Does the product enable monitoring and review of its effectiveness?

(Criteria based on ISO/IEC 27006 Requirements for bodies providing audit and certification of information security management systems)

7. Does the operation of this product require new/additional competencies in the organization or its auditors?

8. Does the product support certification of its performance (or security/privacy performance)? (Criteria based on ISO/IEC 27002 Code of practice for information security management)

9. Does the product fit needs for controls that are essential and/or common practice? E.g., a. Legislatively essential information security controls:

i. data protection and privacy of personal information (see 15.1.4); ii. protection of organizational records (see 15.1.3);

(3)

Page 3 of 5 b. Common practice information security controls:

i. information security policy document (see 5.1.1);

ii. allocation of information security responsibilities (see 6.1.3); iii. information security awareness, education, and training (see 8.2.2); iv. correct processing in applications (see 12.2);

v. technical vulnerability management (see 12.6); vi. business continuity management (see 14);

vii. management of information security incidents and improvements (see 13.2). 10. Does the product treat the best categories of information security and privacy controls for the

situation?

a. Security Policy

b. Organization of Information Security c. Human Resources Security

d. Asset Management e. Access Control f. Cryptography

g. Physical And Environmental Security h. Operations security

i. Communications Security

j. Information Systems Acquisition, Development, Maintenance k. Supplier Relationships

l. Information Security Incident management

m. Information Security Aspects of Business Continuity n. Compliance

(Criterion based on immediate problem)

(4)

Page 4 of 5

Team Evaluation and Purchase Report

Team Name:

Team Members:

Products Purchased (Order is not significant):

Product Name Vending Team Name

(1) (2) (3)

Rationale for selecting these three products:

(5)

Page 5 of 5 ______________________ Team’s Vendor Product Ranking

References

Download now ( PDF - 5 Page - 128.44 KB )

Related documents

Higher Education in Douglas County: An economic and market assessment

The survey also indicates that over 87 percent of respondents agree that bringing additional higher education to the County should be a priority for the community, not only as a

A. Pratkanis, E. Aronson - Wiek Propagandy

Gdybyśmy jednak mieli wskazać dokładny moment rozpoczęcia wieku propagandy, wybralibyśmy nieznane wydarzenie, pomijane w większości pod- ręczników historii amerykańskiej.

An Overview of the Product Features

Support is provided through system assistance functionality that provides a support ticket reference for the system owners’ administration team to monitor. The system owners’

Prognostic value of nucleated red blood cells in critically ill children

We provide univariate analysis, stratified by age group (neonates and children >28 days of age), and multiple logistic regression, comparing clinically important outcomes

Do Stock Price Bubbles Influence Corporate Capital Investment?Empirical Test of the Equity Channel and the Catering Channel

According to the study, financially unconstrained group show a strong investment-bubble sensitivity through catering channel, induced by agency costs, while those that are

Mégis forog a Föld? Tévképzetek a földrajzban

Lori Agan és Cary Sneider cikke (2004) egy áttekintést ad arról, milyen eredményekre jutottak ebben a témában külön- bözõ kutatók. Tizenhárom, szakmailag jelentõs és

Fluid driven processes in the crust – the formation of anorthositic dykes in the Troodos ophiolite (Cyprus)

Decompression recrystallisation experiments with hydrous tholeiite compositions reconcile that fractionation of a mafic melt prior to unmixing of a fluid phase results in

Impact of Emotional Support Animals on Student Stress

Average heart rate (bpm) of subjects in relation to presence of an ESA rabbit. continuously recorded throughout both trials using electrical leads connected to BioPac MP36.