NISM Team Meeting Sessions

Team meetings, chat and document sharing were performed by using the Cisco Webex application. All team members were required to download the application.
Introductions and backgrounds of team members took place.
The team contract was discussed and completed during this session.
Team members volunteered to take on roles i.e. Team leader, Communication Leader, etc.
Group 1 comprised of myself (Zihaad Khan), Edward van Biljoen, Michael Geiger, Jitesh Balakrishnan and Imoleayo Ogunseye.
It was agreed that Jitesh would submit the team contract after the meeting.

The team had discussed the Collaboration Discussion 1 topic.
In preparation for Seminar 2, a DREAD analysis was performed by various team members. Results were posted on the Webex team space.
It was agreed that Michael would present in the next Seminar.
This session was specifically used to finalise the presentation.

Session 3 was used to discuss the scanning tool exercise. Various team members had contributed. The Webex team space was updated with the results.
Various questions were raised by team members during the session on how the scanning tools actually work - this topic was discussed.

The team had a discussion around the time taken to complete various tasks.
Michael had presented part 3 of the initial design document - the team was asked to proofread and comment.
The team also had a discussion about Jitesh dropping out from the Module, additional responsibilities needed to be assigned to team members.
The action items for myself included restructuring the document to include the various regulatory bodies (GDPR, ICO, PCI DSS, etc) as well as producing the final table of vulnerabilities, recommendations, etc.
It was agreed that I would send the first draft of the document to the team on the 11th of December 2021 allowing the team to proofread and comment before the next meeting.

The team had a discussion on the various scanning tools in the market.
Michael had presented some findings on the scanning tools exercise.
The initial design document was loaded onto "Turnitin" and produced a score of 28% - this was mostly attributed to the References section.
It was agreed that I will submit the final version of the initial design document on the 17th of December 2021.
Ayo had agreed to present in the next seminar.

Feedback from Beran (Tutor) on the initial design document was discussed in this session.
The team had discussed on how the reflections for each unit is progressing.
The e-portfolio component was also discussed and the progress thus far.
Installation of Kali Linux was mentioned to perform the scanning exercises. It was agreed that all members of the team would install Kali Linux and participate in the scanning activities.
The next session would be scheduled on the 19th of Jan 2022.

Scanning results as well as the wiki inputs were discussed.
It was found amongst the team members that many scans were being blocked as a result of the "Imunify360" Firewall installed.
It was agreeed that I would share my seminar 4 prepwork after the session.
Michael had agreed to compile and present Seminar 4 on behalf of group 1.
Once completed, Ayo would proofread.

Various scan results of the website was discussed and presented.
Michael had presented some research to be included in the Executive Summary.
It was discussed that we would use OWASP ZAP to detect website vulnerabilities. Other tools would be used to verify and validate results.
The team then analysed the Executive Summary requirements again outlining that reference should be made to the initial design report.
The action items for the next meeting included a first Executive Summary draft as well as preparations for Seminar 5.

The Peer Responses for Collaboration Discussion 3 was discussed, it was found to be very time consuming. Information on GDPR issues were also a bit difficult to obtain.
Michael had agreed to present during Seminar 5.
Scanning exercises were validated and the results were compared amongst team members.
nmap scans was compared to Metasploit - detailed scans with nmap provided very valuable information.
The Executive Summary was discussed - It was agreed that I would compile the final version for review in the upcoming sessions.
sqlmap was also discussed in order to obtain some results concerning sql injection on the website.

The focus of this team meeting was to work on the Executive Summary

The team had discussed that alternative tools should be used to verify results obtained from OWASP ZAP.
Assumptions were discussed and added to the report.
Additonal screenshots were taken from scanning the website, this was added to the report.

The focus of this team meeting was to continue working on the Executive Summary

The structure of the report was agreed upon by all team members.
Minor changes were made to the syntax and grammar of the document.
The "Assumptions" section was completed and updated.
OWASP ZAP screenshots were added to the Appendices.
Recommendations were finalised.
The team had also discussed the implementation of the STRIDE model into the report.

The focus of this team meeting was to finalise the Executive Summary

The References section of the executive summary was checked and double checked by all team members.
The executive summary was run through the "Turnitin" portal and returned a result of 30% - most of the similarities picked up were from the References section.
We had discussed that early submission was necessary in order for us to focus on the e-portfolio component of the module.
We had discussed that the assignment would be submitted the following day after proof reading it again. The go ahead would be given on the Webex chat by all team members.

This was the last and final session of the Module. Michael and I had attended. All other team members had dropped off.
Michael had presented the seminar prepwork. This was discussed and the presentation was edited.
We had then discussed the e-portfolio items and the progress thus far.
Lastly, the final reflection of the module was discussed.