Preferred learners
- Anywhere
- Academic experience
Categories
Project scope
- What is the main goal for this project?
-
We operate an ID registry (database) that is critical to the media & entertainment global supply chain. In addition to our public-facing Web site, we also have a Web-based User Interface for data entry and retrieval and a public-facing REST API connected to the ID registry.
We need a complete security assessment, encompassing all of our systems, services, policies, and procedures that identifies and quantifies any vulnerabilities or other shortcomings and includes ranked recommendations for changes or improvements. Ideally, this would include vulnerability scans and penetration tests in addition to documentation and practice reviews.
In the end, we either need to provide our member companies assurance that the EIDR service is sufficiently secure and resilient to protect their interests or offer a roadmap that will bring us there.
- What tasks will learners need to complete to achieve the project goal?
-
Students will need to:
- Familiarize themselves with state-of-the art Internet security practices and any domain-specific issues for our industry segment
- Familiarize themselves with data privacy requirements for GDRP and CCPA
- Familiarize themselves with our systems and services (we will provide training, documentation, and access)
- Review our documentation, policies, and procedures (we will make our staff and contractors available for interviews, as necessary)
- Perform vulnerability scans and penetration tests (white-hat hacking) against our test servers (functionally identical to production)
- Produce a written report summarizing their findings with recommendations for remediation
- Present the findings to our senior staff and key stakeholders
NOTE: The security work and final report will covered by a Non-Disclosure Agreement. We will grant reasonable exceptions for classroom discussion and anonymized references in academic papers, journal articles, conference presentations, etc.
- What is the main goal for this project?
-
We operate an ID registry (database) that is critical to the media & entertainment global supply chain. In addition to our public-facing Web site, we also have a Web-based User Interface for data entry and retrieval and a public-facing REST API connected to the ID registry.
We need a complete security assessment, encompassing all of our systems, services, policies, and procedures that identifies and quantifies any vulnerabilities or other shortcomings and includes ranked recommendations for changes or improvements. Ideally, this would include vulnerability scans and penetration tests in addition to documentation and practice reviews.
In the end, we either need to provide our member companies assurance that the EIDR service is sufficiently secure and resilient to protect their interests or offer a roadmap that will bring us there.
- What tasks will learners need to complete to achieve the project goal?
-
Students will need to:
- Familiarize themselves with state-of-the art Internet security practices and any domain-specific issues for our industry segment
- Familiarize themselves with data privacy requirements for GDRP and CCPA
- Familiarize themselves with our systems and services (we will provide training, documentation, and access)
- Review our documentation, policies, and procedures (we will make our staff and contractors available for interviews, as necessary)
- Perform vulnerability scans and penetration tests (white-hat hacking) against our test servers (functionally identical to production)
- Produce a written report summarizing their findings with recommendations for remediation
- Present the findings to our senior staff and key stakeholders
NOTE: The security work and final report will covered by a Non-Disclosure Agreement. We will grant reasonable exceptions for classroom discussion and anonymized references in academic papers, journal articles, conference presentations, etc.
- How will you support learners in completing the project?
-
We will provide a dedicated project manager and access to our staff and contractors. We will bring in technology experts as needed from our member companies. We will provide training for all of our service offerings access to all of our service, technical, and operational documentation. We operate two full training and test environments that can be used for review, testing, or any other necessary experimentation without concern for interrupting production operations.
- What skills or technologies will help learners to complete the project?
-
Prior knowledge of the following would be beneficial:
- Cloud service technologies and architectures
- Internet security best practices and common vulnerabilities
- Commonly available security scanning and penetration testing tools
About the company
- https://eidr.org
- 2 - 10 employees
- Entertainment, Media & production, Non-profit, philanthropic & civil society, Technology
The Entertainment Identifier Registry Association (EIDR) is a nonprofit industry association that supplies the global entertainment supply chain with universal identifiers for a broad array of audio visual objects. EIDR IDs are to movies, TV, games, and podcasts as ISBNs are to books, VINs are to cars, or UPC/EAN codes are to consumer products. The EIDR registry is, and always has been, read-for-free, though we do restrict write-access to authorized parties only. Our identifiers are critical to applications throughout the media and entertainment industry from production to public presentation, by archives, and in academic citation. Our Board includes Amazon, Google, Gracenote, NBCUniversal, Paramount, Sony Pictures, Disney, Warner Bros, and Xperi.