16. Communicate Risks Exercise

Communicate Risks Exercise

Instruction

The ability to communicate risks, assessment findings, and recommendations is a critical part of a security professional's job.

Let's go back to Jill & Roy's accounting. You should be familiar with this case study from an earlier lesson. Here is the basic introduction of their business if you want to get check it again.

Jill and Roy provide accounting services throughout their area. They employ 7 full-time workers: 4 accountants, 1 office administrator, and themselves. They also have about a dozen seasonal workers during tax season.

They use Microsoft 365 (aka Office 365) for all of their office applications (email, word processing, spreadsheets, etc.). For their accounting, they use Intuit's Quickbooks and ProConnect online versions. They have a single office with a network router to their ISP, a Linksys LGS116P Ethernet Switch and a Linksys AC1900 WiFi Router.

The full-time accountants each have a Lenovo ThinkPad T490 and the office administrator has a Lenovo desktop. All company workstation computers use Windows 10, Google Chrome for their standard web browser, and all users have administrator access on their PC and many have installed their own software, which includes games and media streaming applications.

They also have one internal Windows 10 Lenovo desktop that they use as a centralized print and file server that sits in the main office area. Only Roy, Jill, and the office admin have an account on it. They recently allowed Remote Desktop Protocol (RDP) into it to allow employees to access files from home. The temporary workers use their own laptops, which are a mixture of Windows and Macs. It's known that some of the temporary workers will download client files onto their personal computers to work offline.

The office has a Bring Your Own Device (BYOD) Policy for all cell phones (a mix of Apple iPhones and Android). Cell phones are used for business email and to speak with office workers and clients.

Jill & Roys has a contract with a local IT company to provide services, which includes a weekly backup of the file/print server, monthly updating of Microsoft products on office computers, and maintenance of the network equipment.

For this exercise, you are to create a presentation to Jill & Roy based on your findings and recommendations. Include the following:

  • Summary of how you performed your security assessment
  • Top 5 risks and why they are risks
  • At least 5 key takeaways
  • At least 10 slides
  • What visuals can you use to support your presentation

Practice.

Present to a friend:

  • Ask for feedback
  • Were there any parts that were confusing?
  • What are the most important ideas?

Next Concept