Group Projects

Group Projects

Whether as a leader of processes, people, or both, STI graduates are regularly called upon to work in group settings, to analyze problems, and to present their findings and recommendation to technical and non-technical C-suite executives. Working with their peers, STI master's program candidates engage with time-sensitive scenarios based upon real-world issues to arrive at technical solutions which also take into account risk management and business practice realities. These presentations and executive summaries demonstrate the full range of research, technical analysis, leadership, and communication skills which our students master in their program.


  • ISM 6100 Group Project
    A Guide for Aspiring CISOs to Have the Ability to Prioritize and Triage Incident Response and Vulnerability Remediation in a Calm, Balanced Manner
    By Chris Jarko and John Dittmer
    January 2017

    • Incident response and triage is possibly the most stressful situation a Chief Information Security Officer (CISO) can face, yet the CISO must remain calm. The surest way to remain calm is to be prepared; the CISO must start with a sound approach to risk management, and knowledge of their enterprise's networks, sensitive data, and key people. Techniques and procedures for incident handling must be documented in plans and policy and rehearsed on a regular basis. Also, the CISO must build (or outsource) an incident response team with the right mix of skills and experience. After an incident (or audit), the CISO will undoubtedly be left with a list of vulnerabilities to mitigate. This mitigation effort will require the CISO to make prioritization recommendations to senior executives and must maintain a balance between securing the enterprise and ensuring the enterprise can still meet the organization's business needs.

      Download:  OAuth 2.0 Web Application Vulnerability Analysis and Solution Project Plan

  • OAuth 2.0 Web Application Vulnerability Analysis and Solution Project Plan
    By Brian Quick, Russel Van Tuyl & Sumesh Shivdas
    January 2017

    • This project examines concerns regarding a potential threat involving OAuth 2.0 and enterprise web applications. The examined vulnerabilities significantly impact enterprise security, allowing for possible covert remote attacks from the internet. Exploitation of the identified vulnerabilities could allow a remote attacker to gain access to enterprise user accounts and potentially access sensitive data, creating an unacceptable risk to intellectual property. The test cases conducted provided critical lessons on OAuth 2.0 traces and application calls which delineate how web applications are vulnerable. A detailed recommendation and an implementation plan are provided for in this project plan.

      Download:  OAuth 2.0 Web Application Vulnerability Analysis and Solution Project Plan

  • Ransomware Response Project Plan
    By Robert L. Adams & Matthew Koch
    January 2017

    • Companies across all industries are in constant battle with phishing emails, the most prevalent attack vector today. Employees are constantly connected to corporate email, and attackers take advantage of this fact by sending crafted emails to deceive employees into opening a door for the attackers. This project evaluated several technologies, including Bro, Cuckoo, and YARA, to see if they can be used in concert to combat phishing.

      Download:  Using Bro, Cuckoo, and YARA to Combat Phishing

  • Ransomware Response Project Plan
    By Phillip Bosco & Stephen Deck
    May 2016

    • In 2015 and 2016, ransomware attacks have drastically increased. The GIAC Enterprises information security team was engaged to provide controls to mitigate the risk of ransomware. This guide contains step-by-step instructions to implement these countermeasures.

      Download:  ransomware-response-project-plan.zip - 7.5MB