For this case, the students will perform tests related to employee authentication logins. Students are asked to analyze data to determine the average number of employee logins, if logins are missing from the authentication log, if terminated employees are still attempting to login, etc. The last problem asks students to review logins by location and determine the distance between login attempts.

The analysis of these log files is useful for SOC engagements, cybersecurity audits, forensic analyses, security analyses and criminal investigations. The case is patterned after tests that would be performed as part of a cybersecurity engagement. In addition to the data responses, the case asks students to think critically about what the data is telling them. The case is intended to help students practice dealing with data and builds upon their skillset.

The data for this case is simulated and contains nearly 1.3m login attempts. The case has five parts and is designed to be flexible so that instructors may do all or only portion of the analysis. The case can be implemented in class, as homework, as a student project or as part of an exam. Solutions are provided in Alteryx. This case is accompanied with how-to videos for the Alteryx solution.

Suitable courses: Cybersecurity; Accounting information systems; Auditing (external or internal); Fraud; Data analytics

Link to download files (requires login)