CSI1209-04 Community Futures Peterborough Cyber Secure Certification


 

Joseph Digiovanni

Joseph is a 6th semester Computer Security and Investigations student. He has enjoyed and appreciated the knowledge and skills learned from his program, but also comes from a technical background and is happy to share his experiences with the team. Joseph plans to secure additional certifications after graduating before seeking permanent employment. In his free time, Joseph tends to his chickens and cats in his small hobby farm, and also enjoys gaming, reading, and writing.

 

Sang Tuan Nguyen

Sang is currently pursuing a Computer Security and Investigation Advanced Diploma at Fleming College. Sang brings to the team knowledge of Linux and Windows operating systems as well as knowledge of HTML, JavaScript, and Python and is eager to learn other programming language such as Golang. Sang is able to use Git on command line and is a AWS Certified Developer – Associate. After graduation, Sang hopes to find an IT related job, preferably in the Computer Security field. Outside of his educational pursuits, Sang enjoys playing video games and running in the great outdoors.

 

Joshua Parsons

A Peterborough native, Joshua is in his 6th and final semester of the Computer Security and Investigations program. Outside of the material learned in the program, Josh has knowledge of a number of programming languages such as HTML and Java. A critical thinker, Josh helps solve problems by approaching them from a different angle and helps to keep the project organized. After graduating the course, Josh wants to work towards several industry certifications before finding work. In his spare time, he enjoys playing and modifying grand strategy games.

 

Samantha Shannon

Samantha Shannon is a sixth semester Computer Security and Investigations student. In addition to the technical knowledge acquired through her studies, Samantha brings excellent communication and organizational skills to the team. Always eager to learn new things, Samantha has entered her studies in cyber security from a background in museum management and has found this experience valuable to her ability to communicate technical concepts to non-technical professionals. After graduation Samantha hopes to find employment as a cyber security analyst. In her free time, Samantha enjoys woodworking and is a skilled marquetry artist.

 


Team Name:

CSI4

Team Members Names:

Joseph Digiovanni, Sang Tuan Nguyen, Josh Parsons, Samantha Shannon

Program of Study:

Computer Security and Investigations

Mentor Name:

Mamdouh Mina

Project Name:

Cyber Security Improvements at Community Futures Peterborough

Sponsor Name:

Gail Moorhouse



Sponsor Organisation:

Community Futures Peterborough


Brief Description Of Project:

Students from the Computer Security and Investigations program will use the skills gained in this program to help Community Futures Peterborough make improvements to their cyber security. Following a security incident at another Community Futures branch, Community Futures Peterborough has identified a need to improve cyber security practices and documentation. The covid-19 pandemic and the switch to remote work has changed the technology environment of the organization making it especially important to ensure that the organization has appropriate controls in placeAs a busy not-for-profit organization, there are limited resources to address this need so they have enlisted the help of knowledgeable Fleming College students through this applied project.

Community Futures Peterborough intends to pursue CyberSecure Canada Certification, a program from the Government of Canada targeting small and medium businesses. In support of this goal, the project has used the baseline controls outlined in the requirements of the certification as the basis for all actions taken.

Project Objective:

The goal of the project is to review, develop, and organize cyber security related documentation and practices to improve cyber security at Community Futures Peterborough.

Deliverables:

  • List of information systems and digital assets of the organization 
  • Cyber Incident Response plan 
  • Drafts of cyber security policies and procedures
  • Recommendations on cyber security training for employees
  • Final report outlining status of 50 baseline controls required for CyberSecure certification

Project Innovation:

Security auditing and implementation of new controls are a common undertaking for businesses. The unique approach taken in this project is doing this with an eye towards gaining CyberSecure certification. The CyberSecure certification program was launched in 2019 by the Government of Canada aimed at small and medium businesses however, due to the amount of documentation required, only a handful of organizations have achieved certification to date. Community Futures Peterborough intends to achieve certification in the coming year.  The approach taken in this project to emphasize documentation and awareness training in combination with improved practices will help them to achieve this goal.

To determine the specific requirements of the project, the team reviewed the list of 50 baseline controls that must be met to receive certification.  We broke down the requirements into 168 specific questions which would reveal the current state of cyber security. The answers to these questions would direct us in recommending technical improvements or developing documentation. This process also allowed us to split up the project into discrete parts that could be assigned to individual team members.


Challenges & Solutions:

Our greatest challenge was our lack of knowledge about the sponsor, we did not know the current state of their cyber security, their level of expertise, their IT systems or documentation. The solution to this was to start asking questions, as quickly as we could and as many as possible. To get the answers we needed in a useful and efficient manner we made documents and charts that would be easy for staff to fill out. In some cases we needed to connect with other parties to get an answer; we had the opportunity to consult with representatives from MicroAge Peterborough and Emmatt Digital Solutions to address some of our technical questions.


Project Results or Progress:

Work Completed to Date:

  • Gathered information about IT and cyber security at Community Futures Peterborough
  • Created a list of information systems and digital assets
  • Drafted 9 cyber security related policies and procedures
  • Developed a Cyber Incident Response Plan
  • Provided guidance on Cyber Security training

Work Outstanding:

  • Conduct a full review of the requirements of CyberSecure certification (partially completed)
  • Deliver a report on the present state of cyber security at Community Futures, what supporting documents exist for each requirement, and recommendations on outstanding requirements (partially completed)

Client response has been positive and all deadlines have been met. We are on track to complete all deliverables for this project on time.


Lessons Learned:

All members of the team gained experience in developing cyber security related documentation and the process of developing cyber security plans. We gained an understanding of the scope of IT systems and assets at a small organization and how these influence the security needs. We developed an understanding of many risks that exist for a business and the methods that can be employed to mitigate or eliminate these risks.

Many of the greatest lessons of this project relate to the planning and execution. Although this was an important project for both the students and the sponsor, it was important to remember that this project was being completed on top of the regular workload of the staff at Community Futures. There were some instances where questions were not asked clearly or the rationale for work was not clearly articulated by the team. In retrospect, better planning and anticipation of communication requirements would have made the process more efficient. If the project was started today we would put more time into planning our communications to avoid repeating some tasks.

In the end, the team gained a good understanding of the CyberSecure Canada certification and the baseline levels of security controls that should be recommended to small and medium businesses. In 2019, one in 5 Canadian businesses reported being impacted by a cyber security incident; this shows the huge potential for students to apply the knowledge and experience gained in this project as businesses are increasingly looking for advice on how to protect their data and the privacy of their clients and employees.


Short Video: