Project: Technology Threat Assessment or Organizational Security Incident Report

By Drs. Anthony Vance and Dave Eargle

This is a group project, with teams of up to four. Have each member of your team join one of the already-existing “Project | Threat Assessment” groups on Canvas. Please do not make your own group. Search Canvas groups for “Project | Threat Assessment” and join one of those.

Your team has two choices for this project: either a technology threat assessment, or report on an organizational security incident. Both options are described below.

Approval for Topic

Your team should pitch your proposed topic on the #project_idea_claim on slack. You must obtain my approval for your topic.

Option 1: Technology Threat Assessment Review

This option is adapted from Cryptography Engineering, 2nd edition, by Ferguson, Schneier and Kohno (2010).

This exercise deals with developing your security mindset in the context of real products or systems. Your goal with the security reviews is to evaluate the potential security and privacy issues of new technologies, evaluate the severity of those issues, and discuss how to address those security and privacy issues. This review should reflect deeply on the technology that you’re discussing.

Your security review should contain:

Some examples of past security reviews are online at

Option 2: Organizational Security Incident

The purpose of this option is to explore the unfolding of a security incident from the perspective of the organization: to analyze how an organization handled it and to look at how the public reacted to the incident (if at all). Teams will choose a security incident and report on the unfolding of events leading up to, during, and after the incident. This report is more than just a summary of one or two news articles. It is a meta- and longitudinal analysis of the incident as it unfolded. For this reason, the incident needs to be sufficiently old for investigations to have been conducted and reports published. For this reason, breaking news will not suffice.



Your final report should be 5-10 pages in the length (not including a timeline of events, if you choose Option 1). Please submit your report in PDF format to Canvas.