Security Risks – IntelliTech Innovations
Session Duration: 2.5 hours
Output: 10-minute group presentation (no written report required)
Group size: 3 students
Deliver Today: at 16:00
1. Scenario – Company Profile
IntelliTech Innovations is a UK-based technology company specialising in Internet of Things (IoT) and smart systems.
They design and manufacture smart home devices, industrial IoT sensors, and provide cloud-based analytics for customers worldwide.
Their products are widely deployed in:
- Home automation and energy management
- Industrial monitoring and predictive maintenance
- Real-time data analytics for operational decision-making
As their IoT network expands, IntelliTech faces growing security and privacy challenges.
2. The Challenge
IntelliTech is initiating a qualitative risk assessment to identify and manage security risks across its IoT products and services.
You are part of a multidisciplinary assessment team made up of:
- IoT engineers
- Data scientists
- Cybersecurity specialists
- Legal/compliance advisors
Your task:
Simulate the company’s initial qualitative risk assessment and present your findings.
3. Session Objectives
By the end of the session, you will have:
-
Identified and classified key assets in an IoT system
-
Recognised potential threats and vulnerabilities
-
Evaluated likelihood and impact qualitatively
-
Prioritised and justified key risks
-
Proposed realistic mitigation measures
4. Deliverable: Group Presentation
You will deliver a 10-minute presentation (plus 2-3 minutes for Q&A).
Requirements:
- Use 5–7 slides maximum (PowerPoint, Google Slides)
- Include visuals (tables, risk matrix, icons, diagrams)
5. Suggested Slide Structure
| Slide | Content | Guidance |
|---|---|---|
| 1 | Title, team members | Introduce your group |
| 2 | Company assets | Identify 3–5 key IoT assets (data, hardware, software, comms, reputation) |
| 3 | Threats & vulnerabilities | List realistic IoT-specific examples |
| 4 | Risk evaluation | Show your likelihood × impact matrix |
| 5 | Risk prioritisation | Identify top 3 risks with short rationale |
| 6 | Mitigation strategies | Summarise controls and countermeasures |
| 7 | Reflection | What surprised you? What remains uncertain? |
6. Open Framework Reference (Free to Use)
To guide your thinking, draw on principles from:
(All freely available online — no access to ISO standards required.)
7. Time Guidance
| Time | Activity |
|---|---|
| 0–15 min | Form groups, read scenario, clarify scope |
| 15–60 min | Identify assets, threats, vulnerabilities |
| 60–100 min | Assess likelihood, impact, and prioritise risks |
| 100–130 min | Prepare presentation slides |
| 130–150 min | Presentations & Q&A |
8. Example – Risk Matrix
| Likelihood ↓ / Impact → | Low | Medium | High |
|---|---|---|---|
| Low | Low | Low | Medium |
| Medium | Low | Medium | High |
| High | Medium | High | Critical |
Example risk:
Unencrypted IoT sensor data → Interception in transit → Likelihood: Medium / Impact: High → Overall: High
9. Extension (Optional for Early Finishers)
Explore how to extend your qualitative approach into a semi-quantitative model using:
- AV – Asset Value
- SLE – Single Loss Expectancy
- EF – Exposure Factor
- ALE – Annualised Loss Expectancy
(Briefly describe one example in your final slide if time allows.)
10. Learning Reflection
At the end of the session, reflect as a group:
- What was the most significant risk you identified?
- How confident are you in your likelihood/impact judgments?
- What data or expertise would improve this assessment in a real company?
Outcome:
You will present a concise, professional risk assessment demonstrating your ability to analyse, prioritise, and communicate cybersecurity risks within the IoT domain.