Step 1: Read "SANS Institute: What Every Tech Startup Should Know About Security, Privacy, and Compliance" (https://www.sans.org/reading-room/whitepapers/compliance/tech-startup-about-security-privacy-compliance-35792) white paper designed to help founders for tech startups ask the right questions about information security.
Step 2:Pick one of these tech startups! As a founder/CEO for one of these startups, you must have information security in mind in order to defend against unauthorized access and data loss potentially compromising intellectual assets, sensitive data and the company's reputation in the marketplace.
|
Acorns
|
PillPack
|
Uber
|
|
"Acorns is hoping to make saving and investing as simple as possible. After connecting their debit and credit cards, the app gives users the ability round up all purchases to the nearest dollar. The extra amount is then added to a diversified investment portfolio."
|
"PillPack is a full service pharmacy that delivers a better, simpler experience. Our pharmacists manage all your refills. From phone calls to faxes and follow up, they handle everything for you."
|
"Uber is a technology platform that is evolving the way the world moves.
By seamlessly connecting riders to drivers through our apps, we make cities more accessible, opening up more possibilities for riders and more business for drivers." |
|
Security Concerns:
- Credit Card Payments
- PCI Compliance
- Securing data in motion
|
Security Concerns:
- HIPAA Compliance
- Privacy/Patient Data
- Credit Card Payments
|
Security Concerns:
- Hiring/pre-screening competent drivers
- Prevention of unauthorized third-party access to driver or rider information
- Credit card transactions
|
- https://www.crunchbase.com/organization/acorns-grow#/entity
- https://www.acorns.com/
|
- https://angel.co/pillpack
- https://www.pillpack.com/
|
- https://angel.co/uber?utm_source=companies
- https://www.uber.com/?exp=hp-c
|
Step 3: Project Requirements
Identify two (2) information security threats that are likely to occur and describe how each threat would result in an adverse effect for the company. (p.106, Table 3-2)
Backup your assertions with a real-world case. Research a similar company (same industry/market/size and/or type) that has been exposed to a similar threat and describe the adverse impact to the organization (e.g. intellectual property theft, data loss, loss of reputation, financial damages, etc.).
Identify two (2) information security controls (p.170, Table 5-1) and discuss how the control would help to reduce, transfer, accept or avoid the risk. (pp. 276-277)
Note: Base your answers on high-level descriptions and security concerns provided. You are not expected to research these tech companies in any depth other than to help you understand the product or service offering in more detail.
Technical Requirements:
Your project report should be formatted professionally in MSWord (.DOC, .DOCX) file format
3-5 pages in length, double-space using 12pt font and normal margin spacing.