Home‎ > ‎CIS 75‎ > ‎

Project 1: Understanding Data Breaches


Every year Verizon publishes the Data Breach Investigations Report. It's a summary of successful attacks from the previous year. The data is gathered by organizations that voluntarily report data breaches and other security problems to Verizon. Only a tiny fraction of problems are reported, however. Most organizations try to keep their computer security a secret which only helps the attackers. In this project you will read and discuss sections of the 2016 DBIR. The goal of this project is to help you get a better understanding of what the real threats are. You may be surprised by what you learn.

It's essential that you discuss what you learn with your peers. Computer security is a collaborative process. Security experts combine technical depth with the ability to teach and learn. Therefore, you must work in groups of three to four students. You should have identified your group after the first class. If you are taking this class online, learn videoconferencing software so that you are able to meet with your group. I recommend Google Hangouts but Skype is also excellent. You will record a YouTube video to present your understanding to the class.

The YouTube video will be in the place of a class presentation. Last year everyone had to present live or over CCC confer. I changed it to YouTube so that students would not have to arrange to attend class live and to lessen the amount of class time spent on presentations (it took all four hours last year). Your video does not have to look professional, but you should sound professional in it. All group members do not have to appear in the video. A screencast with narration is good. I have some examples of videos at the bottom of the page. I will show top videos to class. 

Part 1: Read the Introduction

Each team member should read pages 1 through 12 (stop when you get to the Vulnerabilities section). The introduction gives you the high level details and discusses trends. With your group discuss the questions:
  • What (if anything) has changed about the state of data breaches from 2015 to 2016?
  • What are the major victim industries cited in the report? 
  • What do attackers want from their victims? 
  • How are attackers attacking their victims? 
Answer the questions in your video presentation. Your answers should cite the facts and figures in the DBIR. 

Part 2: Read Deeper

As a group pick one of the following chapters:
  • Vulnerabilities 
  • Phishing
  • Credentials
Read the chapter and discuss the answers to the following questions:
  • What is an example of this kind of attack? 
  • What action could you take at home or at work to prevent this kind of attack?  
Answer the questions in your video presentation. 

Making Videos

Making a screencast is an easy way to make a professional presentation. Software like Screencast-O-Matic has the built-in ability to share your screencast to YouTube. The YouTube video editor makes it easy to do simple editing and annotations on your video. You will not be graded on editing quality! Here is a screencast I made for other instructors at Cabrillo that introduces NetLab+ and what it's used for: 

Here's a live action video from one of my favorite YouTube celebrities (a Canadian jet mechanic). Live action videos can be simply shot like this one. 



Your video will be graded primarily on the quality of the answers to the questions. Your grade will be out of 100 points with points allocated to the following categories:
  • Information: 70 points
    • Do you clearly answer the question asked?
    • Is your answer correct and clear?  
  • Presentation: 20 points 
    • The video should be presented as though an employer would see it. 
  • Teamwork: 10 points 
    • You work should be a documented team effort (see below). 

Turn In

On Canvas submit a link to your team video along with a brief written summary of your team meetings. For each meeting you have with your team list:
  1. When did you meet?
  2. Who was there?
  3. How long was the meeting?