Posted: November 29th, 2022

August 2021 T-Mobile data breach Analysis Report and Spreadsheet

August 2021 T-Mobile data breach Analysis Report and Spreadsheet
GENERAL ASSIGNMENT GUIDELINES
Students are to submit a spreadsheet assessing the controls via NIST, AND also provide an
assessment report in Powerpoint of their analysis (20 slides) as if presenting to the
board/senior management.
You will be asked to perform a cybersecurity risk assessment for a company that was breached
in the past two years. Your simulated assessment is done prior to the breach. Therefore, all
breach information and reasoning provided through your research will be used as part of your
assessment process. You will select a company (a maximum of 5 students can select the same
company) and develop a risk assessment report that reflects the risks uncovered as a result of
your assessment. You need to use the NIST CSF framework (pages 23-44) for this assessment.
Your reasoning must be consistent with publicly available information about the company and
the breach, but you may draw additional conclusions based on this information.
Please use the spreadsheet to assess the controls and then develop the assessment report. The
FINAL SUBMISSIOn should include both the
A. spreadsheet and
B. the report deck (PowerPoint).
The steps required to complete the assignment are as follows:
1. You are to select a company (not attack type) of a major breach publicly announced
within the last couple of years.
2. You are to conduct research about the breach at this company.
3. Based on the information that you obtained from your research using the NIST CSF
framework’s 5 major control areas (identify, protect, detect, respond, recover), your
assessment will identify at least 2 risks per major control area that you believe were
missing and contributed to the breach.
4. There needs to exist a logical connection between the breach and missing controls
(subcategories) for a specific company. This connection can be established in two
ways:
1.The missing control was specifically mentioned in the publicly available
research. If this is the case, you can just reference the information that you
found.
2.You were able to make a case that this control was missing based on other
information uncovered in the course of your assessment.
CLIENT’S SPECIFICATIONS
Based on the requirement, we will be asked to perform a cybersecurity risk assessment for a
company that was breached in the past two years. The company I choose is T-Mobile data
breach that happened in August 2021. Please do more research for this data breach incident.
The spreadsheet should base on NIST CSF framework (pages 23-44) (Attached)
The content of PowerPoint is summarized NIST framework from the spreadsheet and also
come up with recommendation. I have attached sample report. Do not exactly copy. You can
customize the content by yourself.
Submit two things: Spreadsheet and PPT
This work is very important. You need to be good at IT analysis.
Try to produce high quality for this work
The incident for T mobile is happened on August 2021. I know they have several breach
events, but don’t analyze the wrong ones, otherwise it’s not meet the requirements