Assessment Description and Instructions
In this assessment, students will work individually on a comprehensive security management project. The primary objective is to gain hands-on experience in teamwork and to analyze the effectiveness of solutions in the context of the provided case study. The case study is based on a real-world scenario involving a data breach incident at ChatGPT's parent company, OpenAI.

Description of the Case: ChatGPT Data Breach
In the age of digitalization and AI innovation, ChatGPT, developed by OpenAI, has garnered significant attention for its groundbreaking capabilities. However, in late March, the company faced a significant challenge when it disclosed a data breach. OpenAI officials stated, "In the hours before we took ChatGPT offline on Monday, it was possible for some users to see another active user’s first and last name, email address, payment address, the last four digits (only) of a credit card number, and credit card expiration date. Full credit card numbers were not exposed at any time".
The company is actively addressing the situation by notifying affected users, verifying their emails, and implementing additional security measures to prevent future incidents.
https://www.electric.ai/blog/recent-big-company-data-breaches





Project Objectives:

• Analyze the security challenges faced by OpenAI in the aftermath of the ChatGPT data breach.
• Develop a comprehensive security management plan to prevent similar incidents and enhance security at OpenAI.
• Present findings and recommendations as an expert in the field.

Project Tasks and Deliverables:

1. Asset Identification and Weighted Factor Analysis:

• Identify at least five valuable assets within OpenAI's IT infrastructure.
• Create a Weighted Factor Analysis Worksheet (WFAW) to prioritize these assets, using at least four criteria.

2. Threat Identification:

• Identify at least two potential threats against each of the five assets.

3. Vulnerability Assessment:

• Identify one vulnerability for each of the five assets.

4. Risk Assessment:

• Develop a Threats-Vulnerabilities-Assets (TVA) worksheet, considering the prioritized assets, identified threats, and vulnerabilities.
• Select any five TVA triplets representing risks and assess the impact and likelihood of each risk.
• Calculate the risk rating for each of the five triplets out of 25, assuming that assumptions and data are 95% accurate.

5. Risk Treatment Strategy:

• Provide a treatment strategy for each of the five identified risks.
• Justify each decision regarding risk treatment.

6. Secure Network Design for Headquarters:

• Develop a secure network design plan specifically for OpenAI's headquarters.
• Consider principles of secure design and best practices to make the network secure by design.

7. Protection Mechanisms:

• Advise on various plausible protection mechanisms that can be implemented.
• Specify the appropriate places of application for each recommended protection mechanism.