CS 4840: Computer Security and Cryptography
Fall 2017 - Daily Briefings
Due on the day assigned to you, in class
This is an individual assignment. All work must be your own.
As a future computer security professional, you may be called upon to
regularly inform managers at your place of employment of current security
risks and what the managers need to do about them. In the spirit of such
future work, you will give an informative, 2 - 4 minute briefing to your
fellow students, on a topic in computer security.
Students will be randomly assigned class days to give briefings on, starting
Thursday, October 5th. If
there is a date you wish to avoid, you may email the professor and volunteer
for an early date.
What you will do:
On the day assigned to you, you will stand up and give a 2 - 4 minute verbal
presentation on your topic. You will also email the professor a one-page
outline of your presentation. These outlines will be posted on the class web page,
for other students to review and study.
(Here are some sample outlines, to remind you what they should look like.)
(Presentations will be given near the start of class. A student presenter may
stand next to their desk, if they wish.)
At least four calendar days before your scheduled presentation, claim your topic by
emailing the professor with a message stating which SANS newsletter (month, year, title)
or famous incident (name, date) you would like to present. Consult the list of
already selected topics below before you make your selection, as students are
not allowed to present any topic someone else has already picked.
Tuesday briefings will summarize sound security advice from one issue of the
Security Awareness Newsletter, OUCH!.
Thursday briefings will summarize famous security incidents of the past.
Either select an incident from the list below, or propose an acceptable incident
to the professor (early). For this assignment,
Wikipedia articles and articles from reputable
newspapers will be acceptable sources. If available, articles from KrebsOnSecurity are also recommended.
Questions your presentation should answer:
Security incident presentation:
Security Advice presentation:
- What is your topic? (Date, location.)
- Who were the victims?
- What happened?
- What was the vulnerability that allowed the incident to occur?
- What controls might have prevented the security incident?
- What is your topic?
- Why does your topic matter?
- Summarize the security advice presented.
- What are some challenges you see in getting real people to follow the advice?
Security Awareness Newsletter, OUCH!
Famous incidents you may select to summarize:
Already covered or selected (do NOT pick these):
- WannaCry ransomware, 2017 (WannaCry summary)
- Stuxnet, 2010 (Stuxnet summary)
- Heartbleed, OpenSSL (Heartbleed summary)
- March 2017: Securely Using Mobile Apps, SANS Ouch! (Secure Mobile Apps summary)
- Ukraine power utility incident, 2015 (Ukraine 2015 summary)
- October 2017: Helping Others Secure Themselves, SANS Ouch! (Helping Others summary)
- November 2016: Using the Cloud Securely, SANS Ouch! (Using the Cloud summary)
- ILOVEYOU virus (ILOVEYOU summary)
- July 2017: Gaming Online Safely and Securely, SANS Ouch! (Gaming Safely summary)
- April 2016: I'm Hacked, Now What?, SANS Ouch! (I'm Hacked summary)
- December 2015: Phishing, SANS Ouch! (Phishing summary)
- CryptoLocker ransomware, 2013 (CryptoLocker 2011 summary)
- Sony Playstation Network Outage, 2011 (Playstation 2011 summary)
- Operation: Red October, ending 2012 (Red October summary)
- February 2016: Securing Your Home Network, SANS Ouch! (Home Network summary)
- March 2016: What is Malware?, SANS Ouch! (Malware summary)
- November 2017: Shopping Online Securely, SANS Ouch! (Shop Securely summary)
- February 2015: Staying Secure on the Road, SANS Ouch! (Travel Securely summary)
- Mydoom worm, 2004 (Mydoom summary)
- January 2017: Social Engineering, SANS Ouch! (Social Eng. summary)
- PoisonIvy trojan, 2005 (Poison Ivy summary)
- Conficker worm, 2008 (Conficker summary)
- September 2016: Email Do's and Don'ts, SANS Ouch! (Email summary)
- July 2015: Social Media (Social Media summary)
- August 2017: Backup and Recovery (Backup and Recovery summary)