The idea behind the research paper is to test your ability to translate what you have learnt throughout the course into high-quality content, addressing BOTH executive and technical stakeholders.
The paper is NOT academic in nature, rather the intent is to present a consultant-like deliverable which the client stakeholders are paying for as part of the engagement (“project”). You are to work on your own.
The security assessment report is a technical report covering one of the topics below. The report is very specific to the topics and must address the methodology utilized in conducting the assessment and the technical findings as well as recommendations. This is a technical consulting paper, therefore, please keep academic references to a minimum unless your recommendations are addressing a previously not-discussed concept that you feel is relevant to the current findings.
A significant portion of the feedback is devoted to clarity, structure, problem resolution, and grammar/style. Why the focus on this? Often, a reader’s perception of the issues can be affected (rightly or wrongly) by these areas. You should proofread your paper multiple times to ensure that each sentence makes sense.
You should identify clearly at the beginning (intro paragraph(s)) the topic and the scope of the paper. By referring to the assignment and ensuring that all of the requirements are addressed here (and elaborated upon in the body) is essential, so that the reader understands what the paper is about and what the scope/depth is.
Paper Requirements:
The paper should be 3000 (+/- 100) words.
Content should be original (written by you) and not cut/pasted from other sources.
As you analyze your research results, take positions and defend them by referring to specific concepts from the course text book.
The paper should contain an executive summary of about 300 words and a conclusion of about 300 words.
An executive summary is succinct, gets to the point and explains what was done and your findings at a high-level.
A conclusion discusses the findings and recommendations in a succinct manner.
The paper should be formatted using the following structure:
TITLE PAGE (topic, course, date, “client name” and student name)
Table of contents
Version history table including version number, date and description
BRIEF Introduction (includes background, objectives addressed, scope of the engagement, assumptions, approach to the assessment)
Executive summary (findings summary, recommendations summary)
Detailed findings, observations and recommendations
Conclusion
Appendices (if needed)
Paper topics (Select ONE):
ISO27K report
CTF (Capture The Flag) Report on one system/server you compromised – assume you performed a black-hat penetration testing. A discussion around the different phases of a PT should be included, enum/recon, etc.
Post table-top report