Milestone 1 - Expectations entail a comprehensive and thorough examination of the client’s business website to include a detailed risk assessment, server infrastructure analysis, assessing and discovering critical digital assets to protect, probability analysis of major attacks on each asset, and a potential damage analysis of a breach or intrusion.
These Milestone 1 deliverables, and the deliverables that follow, will be measured against industry best practices that rely on guidelines and policies defined by industry leading organizations such as the NIST and SANS.
Milestone 2 - This milestone expects the project team to research and apply understood industry best practices to produce general security and access policies for the Akwaaba organization and subsequent function and operation for the server infrastructure stack. The assessments and analyses discovered from Milestone 1 will be integrated in implementing the risk mitigation plan against the organization’s server infrastructure to prevent breaches or intrusions. The deliverable also expects the Akwaaba website and its underlying infrastructure to be secure against all known vulnerabilities.
The team will then be expected to prepare for the Red and Blue team phases and any additional monitoring will need to be installed and configured for the subsequent defense and offense phases.
Milestone 3 - Finally, this milestone expects the project team to finalize the Red and Blue team phase and collate a report on any breaches they suffered from the Red team, and to report on any vulnerabilities they incurred against their adversary while conducting its own Red team actions. Vulnerability analysis of the Akwaaba infrastructure will take place to identify if Blue team efforts failed and will be reported for later inclusion in the project team’s research paper.
Additional Deliverables - The project requires that the project team produce a video presentation from all group members that outlines and details all aspects of the project. This will include all milestones and phases of the project. All research findings, risk mitigation plans and assessments, policies, and Red and Blue team data and processes will be explained for the sponsor and subsequent judges for C-Day and in-person presentations.
The project team will also be expected to produce a project website that details what will be covered in the video presentation for an intuitive and readily accessible delineation of the project, project scope, and its goals.