SDSU Student Team Completes Remote Cyber Security Audit
Security Management Class lends expertise remotely to support San Diego nonprofit.
Even during a pandemic lock-down, black-hat hackers and fraudsters are still on the job with the intent of exploiting vulnerabilities in networking systems.
Murray Jennex, Professor, Management Information Systems Department
When organizations want to analyze their IT systems to resolve potential cyber security issues, they traditionally have a team of experts on site to provide a system audit to determine if there any bugs or potential weakness that could allow unauthorized access to their network systems. However, with much of the nation (and much of the world) working from home, cyber security experts have less on-site access to IT centers.
With this in mind, Murray Jennex, management information systems (MIS) professor at San Diego State University’s Fowler College of Business, assigned a special project to his students enrolled in his Information Systems Security Management class (MIS 755). He asked them to form two teams of five students each. Team 1 needed to generate a response plan based on the findings of a vulnerability scan. Team 2 was challenged to determine if a successful audit could be done remotely from an organization’s existing security plan. The audit and analysis was conducted for a nonprofit health research organization supported by SDSU.
Team 1 analyzed a list of identified vulnerabilities, ranking them in the order of impact, determining the amount of resources needed to fix them and then compiling the information into a formal plan of action and milestones. Team 2 audited the existing security plan, updated its format to fit new guidelines, and generated a list of improvement recommendations. All analysis and reports were required to be on templates provided by the National Institute of Standards and Technology (NIST) complying with the standards set by the federal government and the National Institutes of Health.
The class project was successfully completed and delivered to the organization on July 10, allowing their IT expert to make the necessary upgrades in a timely manner.
“Organizations are struggling to maintain their information systems security during a time when personnel don’t have physical access to their equipment,” said Jennex. “Ultimately the projects were all about communication, and instead of the normal face-to-face communication that occurs in a normal audit, this audit relied on the technology to facilitate knowledge transfer between the students and the organization.”