Students Gain Real-World Skills Remotely
SDSU student teams enrolled in an information technology security course lent their expertise remotely to audit and provide recommendations for San Diego nonprofit.
“Organizations are struggling to maintain their information systems security during a time when personnel don’t have physical access to their equipment.”
Even during the COVID-19 global pandemic that has caused companies and organizations to adapt information technology (IT) systems due to employee teleworking, hackers and identity thieves are still working, determined to exploit vulnerabilities in networking systems.
When analyzing IT systems to resolve potential cyber security issues, organizations traditionally undertake an on-site system audit to determine if any potential weaknesses could allow unauthorized access to their network systems. with much of the nation and world working from home, however, cybersecurity experts have less on-site access to IT centers.
“Organizations are struggling to maintain their information systems security during a time when personnel don’t have physical access to their equipment,” said Murray Jennex, management information systems (MIS) professor at San Diego State University’s Fowler College of Business.
With this in mind, Jennex assigned a special project to students enrolled in his Information Systems Security and Risk Management class (MIS 755), taking place during the summer.
Students divided into two teams. Jennex tasked one with generating a response plan based on the findings of a vulnerability scan, and the second with determining if a successful audit could be done remotely from an organization’s existing security plan. The audit and analysis were conducted for a nonprofit health research organization supported by SDSU.
The first team’s analysis resulted a list of identified vulnerabilities, ranked in the order of impact, the resources needed to resolve them and the compilation of information into a formal plan of action and milestones. The second team’s audit of the existing security plan, provided in an updated format to fit new guidelines, generated a list of improvement recommendations. All analysis and reports were required to be on templates provided by the National Institute of Standards and Technology, complying with the standards set by the federal government and the National Institutes of Health.
The class project was successfully completed and delivered to the organization on July 10, allowing the organization’s IT expert to make the necessary upgrades in a timely manner.
“Ultimately the projects were all about communication, and instead of the normal face-to-face communication that occurs in a normal audit, this audit relied on the technology to facilitate knowledge transfer between the students and the organization,” said Jennex.
This is another examples of SDSU’s emphasis on providing students with real-world, transformative experiences that will prepare them for the workforce.