Privacy Policy

Our company collects and processes large amounts of data from thousands of customers. It is of utmost importance that we keep this data confidential and safely manage personal information. We would like to collaborate with students to audit our current privacy policy. This policy builds trust with users and protects our company by transparently disclosing how we gather information. This will involve several different steps for the students, including: Familiarizing themselves with our mission and vision statements. Completing a needs assessment. Familiarizing themselves with company activities that involve the use of personal information. Analyzing information management practices within the company. Recommending changes or improvements to the existing privacy policy.

Security & Penetration Testing of Web Application

A standard practice for web based tools is to conduct what is known as penetration tests at least once a year. This is a white-hat hacking approach in which a firm is given special permission to try and break into, exploit, or otherwise attempt to break a given product via security vulnerabilities. First, we would like students to get familiar with our product. Sign up, play around with it, understand generally how it works. Second, students should spend time conducting research on state of the art pen testing technologies. They should look into common vulnerability lists such as OWASP Top 10, and common security tools such as Nmap, Burp Suitar, Nessus, and Wireshark. Third, students should have a written attack plan and present it to us so we can confirm we understand what the test will do and what might be uncovered. Fourth, students are free to attack our product as per the presented plan

Incident Response Plan

Our company collects and processes large amounts of data from thousands of customers. It is of utmost importance that we keep this data confidential and safely manage personal information. We would like to collaborate with students to create an incident response plan. This plan would help our company respond to cybersecurity threats and maintain customer trust. This will involve several different steps for the students, including: Familiarizing themselves with our mission and vision statements. Completing a needs assessment. Identifying phases of the incident response process. Recommending procedures to identify and recover from cybersecurity threats. Bonus steps in the process would also include: Testing the incident response plan through a cybersecurity drill.