Thesis

Cybersecurity Risk Assessment of Company X

Students in the Cybersecurity Master’s Program at California State University, San
 Marcos are required to do a Semester in Residence (SIR) project to culminate their
 experience in the program. This SIR required students to work with a company on a
 cybersecurity project that could range from penetration testing, risk assessment,
 vulnerability reports, security awareness training, and much more. We searched for
 companies to work with during the Fall 2016 semester and worked on this project for a total of 16 weeks in Spring 2017. Once we found a company partner for our project to complete our residence, a project proposal was developed and reviewed during the Fall 2016 semester. I will not be listing the name of the company I worked with, or the staff member’s names due to privacy and security concerns. The company will be known as Company X in this report. Company X is a small non-profit organization with approximately 20 employees. Like many small organizations, Company X does not have an official Information Technology (IT) department, so they hired a third-party IT Company to assist with their technology needs. Company X is one of the smaller clients that the third-party IT company supports. The third-party IT support company will be known as Company Y. The staff member that I worked with was in upper management and will be known as Lisa. Lisa manages the IT support for Company X and their contract is limited to Server support, backups, and very basic desktop support.
 Students in the Cybersecurity Master’s Program at California State University, San
 Marcos are required to do a Semester in Residence (SIR) project to culminate their
 experience in the program. This SIR required students to work with a company on a
 cybersecurity project that could range from penetration testing, risk assessment,
 vulnerability reports, security awareness training, and much more. We searched for
 companies to work with during the Fall 2016 semester and worked on this project for a total of 16 weeks in Spring 2017. Once we found a company partner for our project to complete our residence, a project proposal was developed and reviewed during the Fall 2016 semester. I will not be listing the name of the company I worked with, or the staff member’s names due to privacy and security concerns. The company will be known as Company X in this report. Company X is a small non-profit organization with approximately 20 employees. Like
 many small organizations, Company X does not have an official Information Technology (IT) department, so they hired a third-party IT Company to assist with their technology needs. Company X is one of the smaller clients that the third-party IT company supports. The third-party IT support company will be known as Company Y. The staff member that I worked with was in upper management and will be known as Lisa. Lisa manages the IT support for Company X and their contract is limited to Server support, backups, and very basic desktop support.
 My responsibility was to work with Lisa to create a Cyber Risk Assessment report that included the following products:
 • Risk assessment
 • Vulnerability report
 • Recommended security policies
 • Analysis of outsourced IT department contract
 • Security awareness training documentation

Students in the Cybersecurity Master’s Program at California State University, San Marcos are required to do a Semester in Residence (SIR) project to culminate their experience in the program. This SIR required students to work with a company on a cybersecurity project that could range from penetration testing, risk assessment, vulnerability reports, security awareness training, and much more. We searched for companies to work with during the Fall 2016 semester and worked on this project for a total of 16 weeks in Spring 2017. Once we found a company partner for our project to complete our residence, a project proposal was developed and reviewed during the Fall 2016 semester. I will not be listing the name of the company I worked with, or the staff member’s names due to privacy and security concerns. The company will be known as Company X in this report. Company X is a small non-profit organization with approximately 20 employees. Like many small organizations, Company X does not have an official Information Technology (IT) department, so they hired a third-party IT Company to assist with their technology needs. Company X is one of the smaller clients that the third-party IT company supports. The third-party IT support company will be known as Company Y. The staff member that I worked with was in upper management and will be known as Lisa. Lisa manages the IT support for Company X and their contract is limited to Server support, backups, and very basic desktop support. Students in the Cybersecurity Master’s Program at California State University, San Marcos are required to do a Semester in Residence (SIR) project to culminate their experience in the program. This SIR required students to work with a company on a cybersecurity project that could range from penetration testing, risk assessment, vulnerability reports, security awareness training, and much more. We searched for companies to work with during the Fall 2016 semester and worked on this project for a total of 16 weeks in Spring 2017. Once we found a company partner for our project to complete our residence, a project proposal was developed and reviewed during the Fall 2016 semester. I will not be listing the name of the company I worked with, or the staff member’s names due to privacy and security concerns. The company will be known as Company X in this report. Company X is a small non-profit organization with approximately 20 employees. Like many small organizations, Company X does not have an official Information Technology (IT) department, so they hired a third-party IT Company to assist with their technology needs. Company X is one of the smaller clients that the third-party IT company supports. The third-party IT support company will be known as Company Y. The staff member that I worked with was in upper management and will be known as Lisa. Lisa manages the IT support for Company X and their contract is limited to Server support, backups, and very basic desktop support. My responsibility was to work with Lisa to create a Cyber Risk Assessment report that included the following products: • Risk assessment • Vulnerability report • Recommended security policies • Analysis of outsourced IT department contract • Security awareness training documentation

Relationships

Items