Introduction

Every year Verizon publishes the Data Breach Investigations Report. It's a summary of successful attacks from the previous year. The data is gathered by organizations that voluntarily report data breaches and other security problems to Verizon. Only a tiny fraction of problems are reported, however. Most organizations try to keep their computer security a secret which only helps the attackers. In this project you will read and discuss sections of the 2017 DBIR. The goal of this project is to help you get a better understanding of what the real threats are. You may be surprised by what you learn.

It's essential that you discuss what you learn with your peers. Computer security is a collaborative process. Security experts combine technical depth with the ability to teach and learn. Therefore, you must work in groups of three to four students. You should have identified your group after the first class. If you are taking this class online, learn videoconferencing software so that you are able to meet with your group. I recommend Zoom, Google Hangouts and Skype. You will record a YouTube video to present your understanding to the class. The YouTube video will be in the place of a class presentation. Your video does not have to look professional, but you should sound professional in it. All group members do not have to appear in the video. A screencast with narration is good. I have some examples of videos at the bottom of the page. I will show top student videos to class.

Part 1: Read the Introduction

Each team member should read pages 1 through 13 (stop when you get to the Accommodation and Food Services industry section). The introduction gives you the high level details and discusses trends. With your group discuss the questions:

  • What (if anything) has changed about data breaches in 2016?
  • What threat actors are causing breaches?
  • What motivates the threat actors and how is it changing?
  • What kind of data is being stolen?

Answer the questions in your video presentation. Your answers should cite the facts and figures in the DBIR.

Part 2: Pick Your Industries

As a group, choose an industry that you want to read more about. It's best to choose an industry that you care about in some way, but which one you choose doesn't matter to me. Read and understand the summary data for you industry in Table 1 on page 9 and Figure 9 on page 10. In your video answer the following questions:

  • What industry did you choose?
  • How many incidents and breaches were reported for your industry?
  • What asset is of the most concern for your industry, what is the least?

Read the chapter on your chosen industry and summarize what you read in your video. Your summary should talk about the most prevalent incidents and breaches. You should also summarize what the authors of the DBIR suggest that an organization in that industry do to better protect themselves.

Making Videos

Making a screencast is an easy way to make a professional presentation. Software like Screencast-O-Matic has the built-in ability to share your screencast to YouTube. The YouTube video editor makes it easy to do simple editing and annotations on your video. You will not be graded on editing quality! Your video must be five minutes or less. Here is a screencast I made for other instructors at Cabrillo that introduces NetLab+ and what it's used for:

Here's a live action video from one of my favorite YouTube celebrities (a Canadian jet mechanic). Live action videos can be simply shot like this one.

Grading

Your video will be graded primarily on the quality of the answers to the questions. Your grade will be out of 100 points with points allocated to the following categories:

  • Information: 70 points
    • Do you clearly answer the question asked?
    • Is your answer correct and clear?
  • Presentation: 20 points
    • The video should be presented as though an employer would see it.
    • Remember: 5 minutes or less!
  • Teamwork: 10 points
    • You work should be a documented team effort (see below).

Turn In

On Canvas submit a link to your team video along with a brief written summary of your team meetings. For each meeting you have with your team list:

  1. When did you meet?
  2. Who was there?
  3. How long was the meeting?