Week 10 Blog Post

      In week 9-10 we have created an "Action Plan" for our Harry & Mae Company. For some of you who have not encountered the Harry and Mae case study, the case is about a fictions company that  is franchising restaurants across the US.  You are given video presentations about the company, company assets, policies and procedures which you analyse for different classes you take.

  This time the assignment was to create an action plan to resolve all physical and asset vulnerabilities and harden the business after a credit card breach. As of right now my paper is about 23 pages long and covers asset identification, asset vulnerability assessments, policy and procedure review, glossary of terms used, network diagram, threat model and the action plan to resolve and mitigate vulnerabilities.


  Most fun part about the assignment was to research all the vulnerabilities associated with the assets. Example of this is below.

After the vulnerabilities were listed (lets just say there were many) the next step was to find ways to mitigate them. This was done by assigning a control to the process and addressing the vulnerability itself. Most mitigation techniques were collected from CVE MITRE.

Overall a very good assignment where students learn first hand how to find and address vulnerabilities and conduct risk assessments.