ISY210 (Information security): Course Project

Instructions:
 Work in groups of 2 or 3 students each.
 Provide background information necessary to understand the topic you choose
to tackle.
 Select one of the topics listed on page 3 for your presentation (in PowerPoint
format).
 Each group should choose a different topic; no similar topics are allowed among
groups.
 The presentation should be well-organized with sections for title, introduction,
subtopics, conclusion, and references. You can include pictures or infographics
for illustrations and visual aids.
 An electronic copy of the presentation must be submitted before the final exam
weeks (Week 13).
Please refer to the example topic below and ensure your presentation includes similar
elements.
Example topic:
The CIA Triad: Confidentiality, Integrity, and Availability – a core framework of information
security.
A breakdown of what students can focus on in their presentation about the CIA Triad, including
discussion points and real-world examples:

1. Confidentiality
 Definition: Ensuring only authorized individuals can access sensitive information.
 Methods:
o Encryption
o Access controls (usernames, passwords, role-based permissions)
o Physical security measures (locked server rooms, restricted areas)
 Examples of breaches:
o A hacker stealing customer credit card information from a database.
o An employee leaking confidential company documents.
o Medical records accessed by unauthorized personnel.
Discussion Points:
 Why is confidentiality so important?
 What are the consequences of a confidentiality breach?
 How can individuals protect their own confidential information?
2. Integrity
 Definition: Maintaining the accuracy, completeness, and consistency of data.
 Methods:

pg. 1
 o Hashing (check that files haven't been changed)
o Backups (to restore data if it's corrupted)
o Version control (tracking changes in documents)
o Input validation (checking data for errors before it's used)
 Examples of breaches:
o Malware altering financial records.
o A disgruntled employee deleting critical system files.
o A website being defaced with false information.
Discussion Points:
 How do even minor changes to data create significant problems?
 What can organizations do to prevent data tampering?
 How can individuals verify the integrity of the information they find online?
3. Availability
 Definition: Ensuring data and systems are accessible to authorized users when needed.
 Methods:
o Redundant systems (backup servers, etc.)
o Disaster recovery plans
o Denial-of-service (DoS) attack mitigation
 Examples of breaches:
o A ransomware attack locking down critical systems.
o A website crashing due to a sudden surge in traffic.
o A natural disaster damaging a data center.
Discussion Points
 How does downtime impact businesses and individuals?
 What are the biggest threats to availability?
 How can organizations plan for and quickly recover from disruptions?
Additional Presentation Tips:
 Real-world scenarios: Use recent data breaches or security incidents to illustrate the
consequences of failing to uphold the CIA triad.
 Practical examples: Discuss how encryption, user permissions, and backups protect
confidentiality, integrity, and availability in everyday situations.
 Interaction: Engage the audience with questions or a short quiz to emphasize key points.

pg. 2
Topics: Please select one of the topics listed below from 1 to 30.
If you're interested in a topic that is not listed here, please contact the instructor for
approval beforehand.
Foundational Concepts
1. Common Attack Types: Viruses, malware, ransomware, phishing, and social engineering.

2. Risk Assessment: Understand how to identify potential threats and vulnerabilities.

3. Cryptography: Exploring encryption and its role in protecting data.

4. Access Control: Authentication, authorization, and how to manage user permissions.

5. Network Security: Network Components, Defense-in-Depth (security layers), Network

Configurations and Common Network Attacks.

Defense and Protection

6. Password: Creating strong passwords, using password managers, and understanding multi-
factor authentication.

7. Safe Browsing and Email Habits: Spotting malicious links, avoiding suspicious websites, and
recognizing phishing emails.

8. Software Updates: Why They Matter: The link between patching vulnerabilities and
cybersecurity.

9. Firewalls: Network Gatekeepers: Exploring the function of firewalls in monitoring and

filtering network traffic.

10. Antivirus and Anti-malware Defense: Understanding different security tools and their roles.

Cybersecurity Trends and Issues

11. The Rise of Mobile Security: Securing smartphones and tablets against unique threats.

12. Internet of Things (IoT) Vulnerabilities: Security challenges with smart devices and
networks.

13. Cloud Security: Risks and safeguards for data stored in the cloud.

14. Social Media Security Risks: Balancing online presence with safeguarding personal
information.

15. Cyberbullying and Online Harassment: Understanding the impact and strategies for
prevention.

Legal and Ethical Considerations

16. Privacy vs. Security: A Delicate Balance: The debate between online privacy and the need
for surveillance.

17. Cybersecurity Laws and Regulations: Explore basic data protection laws (like GDPR) and
their implications.

18. Cyberwarfare: The Digital Battlefield: Understanding the role of cyber-attacks in modern
conflicts.

pg. 3
 19. The Ethics of Hacking: White hat vs. black hat, the debate over responsible disclosure.

20. The Future of Cybersecurity Careers: Pathways and possibilities in a rapidly growing field.

Incident Response and Forensics

21. Recognizing a Security Breach: Understanding the signs and what steps to take immediately.

22. Basic Incident Response: The first steps to contain a breach and minimize damage.

23. Backup Strategies: The importance of having secure backups to restore lost or damaged
data.

24. Reporting Cybercrime: Knowing where and how to report cyber incidents.

25. Digital Forensics 101: Introduction to the process of collecting and analysing digital evidence.

Staying Informed

26. Reliable Cybersecurity News Sources: Curating reputable blogs, websites, and experts to
follow.

27. Debunking Cybersecurity Myths: Separating fact from fiction in common misconceptions.

28. Cybersecurity Awareness Training: Understanding its value and different forms it takes.

29. Online Cybersecurity Resources: Identifying trusted libraries and online tools for support.

30. Building a Cybersecurity Mindset: Developing proactive habits and critical thinking for
staying safe online.

pg. 4