Group Projects

Group Projects

Whether as a leader of processes, people, or both, STI graduates are regularly called upon to work in group settings, to analyze problems, and to present their findings and recommendation to technical and non-technical C-suite executives. Working with their peers, STI master's program candidates engage with time-sensitive scenarios based upon real-world issues to arrive at technical solutions which also take into account risk management and business practice realities. These presentations and executive summaries demonstrate the full range of research, technical analysis, leadership, and communication skills which our students master in their program.


  • Hash - All Smoke or Stronger is Better?
    By Andre Shori, Matt Freeman, and Ronald Tallman
    June 2017

    • The current hashing algorithm being utilized is SHA1, which is depreciated and of increased risk of hash collisions, possibly resulting in database integrity and versioning issues. This report explores the current vulnerabilities of SHA1 and the accompanying risks and impacts.

      Download:  Hash - All Smoke or Stronger is Better?

  • Mergers, Acquisitions and Information Security Aspects
    By Andre Shori and Ed Yuwono
    March 2017

    • This project examines information security processes and posture as an increasingly important aspect of corporate mergers and acquisitions. In this exercise, the GIAC Fortune Cookie Company is in an early stage of acquiring Ya Mon Fortunes. The student team was asked to provide a preliminary plan for the safe integration of Ya Mon Fortunes into GIAC Fortune Cookie operations. Their report outlines a systematic and logical approach to the safe integration of Ya Mon's existing processes, with minimal disruption to current and future business processes and in the shortest timeframe.

      Download:  Mergers, Acquisitions and Information Security Aspects

  • ISM 6100 Group Project
    A Guide for Aspiring CISOs to Have the Ability to Prioritize and Triage Incident Response and Vulnerability Remediation in a Calm, Balanced Manner
    By Chris Jarko and John Dittmer
    January 2017

    • Incident response and triage is possibly the most stressful situation a Chief Information Security Officer (CISO) can face, yet the CISO must remain calm. The surest way to remain calm is to be prepared; the CISO must start with a sound approach to risk management, and knowledge of their enterprise's networks, sensitive data, and key people. Techniques and procedures for incident handling must be documented in plans and policy and rehearsed on a regular basis. Also, the CISO must build (or outsource) an incident response team with the right mix of skills and experience. After an incident (or audit), the CISO will undoubtedly be left with a list of vulnerabilities to mitigate. This mitigation effort will require the CISO to make prioritization recommendations to senior executives and must maintain a balance between securing the enterprise and ensuring the enterprise can still meet the organization's business needs.

      Download:  OAuth 2.0 Web Application Vulnerability Analysis and Solution Project Plan

  • OAuth 2.0 Web Application Vulnerability Analysis and Solution Project Plan
    By Brian Quick, Russel Van Tuyl & Sumesh Shivdas
    January 2017

    • This project examines concerns regarding a potential threat involving OAuth 2.0 and enterprise web applications. The examined vulnerabilities significantly impact enterprise security, allowing for possible covert remote attacks from the internet. Exploitation of the identified vulnerabilities could allow a remote attacker to gain access to enterprise user accounts and potentially access sensitive data, creating an unacceptable risk to intellectual property. The test cases conducted provided critical lessons on OAuth 2.0 traces and application calls which delineate how web applications are vulnerable. A detailed recommendation and an implementation plan are provided for in this project plan.

      Download:  OAuth 2.0 Web Application Vulnerability Analysis and Solution Project Plan

  • Ransomware Response Project Plan
    By Robert L. Adams & Matthew Koch
    January 2017

    • Companies across all industries are in constant battle with phishing emails, the most prevalent attack vector today. Employees are constantly connected to corporate email, and attackers take advantage of this fact by sending crafted emails to deceive employees into opening a door for the attackers. This project evaluated several technologies, including Bro, Cuckoo, and YARA, to see if they can be used in concert to combat phishing.

      Download:  Using Bro, Cuckoo, and YARA to Combat Phishing

  • Ransomware Response Project Plan
    By Phillip Bosco & Stephen Deck
    May 2016

    • In 2015 and 2016, ransomware attacks have drastically increased. The GIAC Enterprises information security team was engaged to provide controls to mitigate the risk of ransomware. This guide contains step-by-step instructions to implement these countermeasures.

      Download:  ransomware-response-project-plan.zip - 7.5MB