The Phoenix Project
Case Analysis Assignment
This case analysis is an individual assignment (versus groups) and its purpose in this course is to give you an opportunity to integrate a variety of concepts in the context of an actual, historical cybersecurity scenario. In this case, the context is the University of Virginia (UVA) and the scenario is remediating a cyberattack. Your analysis of this case will be framed around a number of questions that are presented at the end of this writeup. As laid out in our syllabus, your analysis should, at minimum, meet the “2-why” standard.
While you can find a number of strategies out there for conquering case analyses (many of them are very good), I recommend the approach of reading the case at least once without consideration of the questions. That opens the mind up to absorbing details that might otherwise erroneously get dismissed in a “know the questions, hunt for the answers” type of approach. After that, lay our your outline with each question framing a new major section. Then, re-read the case analysis and as you go through, build the outline of your answer with references to page numbers so you can quickly go back. Once the outline is built, you should have a clean connection between your point and some evidence from the case. At that point, it is a matter of polishing the communication without inadvertently changing the thesis.
The case can be found in your Harvard Coursepack, referenced in the Materials section of our syllabus. Given the mistakes made be the professor of this course, the case analysis must be submitted through Blackboard in Microsoft Word or .pdf format before 11:59pm Wednesday, February 24th.
Case Analysis Questions:
1. Describe the role of Information Technology Services (ITS) in fulfilling UVA’s mission.
2. Why might cyber-attackers be attracted to universities? What attack methods are most likely common?
3. Describe each of the five objectives of the Phoenix Project and provide your assessment of the level of effort that would be required to accomplish these objectives.
4. What are the key risks inherent in this project and how would you recommend the team manage these risks?
5. When and how should the Phoenix Project be evaluated?