Teaching Case: Cybersecurity Assessment for a Manufacturing Company Using Risk Registers -- A Teaching Case
- Resource Type
- Journal Articles
Reports - Descriptive
- Authors
- Marquardson, Jim; Asadi, Majid
- Source
- Information Systems Education Journal. Jul 2023 21(3):62-69.
- Subject
- Teaching Methods
Information Systems
Information Science Education
Information Security
Manufacturing
Standards
National Organizations
Corporations
Risk Management
Case Method (Teaching Technique)
Identification
Assignments
Building Design
Computer Security
Research and Development
- Language
- English
- ISSN
- 1545-679X
This case asks information systems analysts to assess the cybersecurity posture of a manufacturing company. The exercise works well as a group activity in an information systems course that addresses cybersecurity controls. The case introduces guidance from the National Institute of Standards and Technology, and learners develop work products consistent with the standards. The narrative provides high-level summaries of relevant cybersecurity standards. The case is based on a real company and actual projects, but the company name and specific details have been fictionalized and made more abstract to make this case relevant even when specific technologies evolve. Through this experience, students will learn the importance of a defense-in-depth strategy for securing information systems.