Volume 21
Abstract: This case asks information systems analysts to assess the cybersecurity posture of a manufacturing company. The exercise works well as a group activity in an information systems course that addresses cybersecurity controls. The case introduces guidance from the National Institute of Standards and Technology, and learners develop work products consistent with the standards. The narrative provides high-level summaries of relevant cybersecurity standards. The case is based on a real company and actual projects, but the company name and specific details have been fictionalized and made more abstract to make this case relevant even when specific technologies evolve. Through this experience, students will learn the importance of a defense-in-depth strategy for securing information systems. Download this article: ISEDJ - V21 N3 Page 62.pdf Recommended Citation: Marquardson, J., Asadi, M., (2023). Cybersecurity Assessment for a Manufacturing Company Using Risk Registers: A Teaching Case. Information Systems Education Journal21(3) pp 62-69. http://ISEDJ.org/2023-3/ ISSN : ISSN: 1545-679X. A preliminary version appears in The Proceedings of EDSIGCON 2022 |