Final Presentations

Individual - Mandatory

Description

One of the key success factors for a long-lived threat modeling initiative is that it is supported by senior management as well as by the operative staff at the business units and the people in the IT organization. One of the most important assignments for chief security architects is to communicate and explain the purpose of threat modeling as well as the ongoing and future work within the area. Your assignment is to hold a 10-minute executive presentation about the current threat and risk status, as well as your proposed mitigations, for the employees of the enterprise (i.e. the course participants) as well as the CISO and the CEO (the teachers). This presentation will serve as the beginning of an era of more structured and efficient cyber security risk management at the enterprise. 

It is important that the audience after the presentation has understood the following: 

  • Background information, explaining the need for the presented work. (This is an important thing to communicate and synchronize within enterprises; a common goal!)
  • How the business works, and your business impact analysis. 
  • What is the IT support offered to the business or, vice versa, how dependent on IT are the various parts of the business? What does the system architecture look like.
  • What are the most important threats and attack profiles you worry about at your enterprise?
  • What kind vulnerabilities did you find and what type of attacks did that enable? 
  • What does your risk analysis result in?
  • Which mitigations do you suggest based on the risk analysis? Explain your reasoning. 

Focus on the particulars of your case and company and not on the underlying methodology. The employees of the company are more interested in the results and what to do rather than exactly how you got there (especially the parts that are the same for others doing similar work).  

Note! The presentation must be prepared so that it can be given in English. If only Swedish-speaking people are present at the presentation seminar, Swedish is also OK.

Important: You are not allowed to present if the report has not been submitted. If someone presents on a report that has not been submitted, they will be required to present again later.

You will be able to hold your presentation on Zoom or IRL. Registration and presentation schedule will be organized towards the end of the course.  

Evaluation Criteria

The presentation is Pass/Fail graded. The presentations will be evaluated on the communicative performance, i.e. on the extent to which the contributions are correctly and efficiently communicated to the audience. This will typically be affected by the structure and form of the presentation and slides, the clarity of the argumentation, the presenter’s oral performance, the timeliness of the presentation, and on the responses to questions posed by the audience.