Abstract: In this role-playing teaching case, students impersonate Selective Consulting, a fictitious, Australian-based company tasked with assessing the information security practices of SkillPlat, a provider of apprenticeship and traineeship services. The case develops around the one-week visit paid by Selective Consulting to SkillPlat’s headquarters, during which the consultants identify several issues that denote poor information security management practices by the company. After analysing the case materials (the main text, plus seven exhibits), students write a report in which they assess the pros and cons of SkillPlat’s information security management practices, offer recommendations for improvement, and indicate other sources of information that could be useful for a more detailed analysis. The report is expected to cover various topics in information security management: policies, user behaviours/human factors, governance, security practices, risk management, physical security, protection of personally identifiable information and privacy, organisational culture, etc. This teaching case has been successfully utilised with two cohorts of Master students as an assessment piece, at the end of a course on cybersecurity management. The present case requires students to offer solid arguments in favour of their assessment and recommendations, tapping into their knowledge of the subject and external resources (e.g., industry reports, academic papers, etc.). This Teaching Case needs to be accompanied by its Teaching Notes.
Keywords: Information assurance & security, Case-based learning, Risk assessment, Teaching case
Download This Article: JISE2022v33n4pp338-356.pdf
Recommended Citation: Bongiovanni, I. (2022). Teaching Case: Information Security Management in Distress at SkillPlat. Journal of Information Systems Education, 33(4), 338-356.