Best Practices for Security Operations Center Abhishek Joshi - s3442187, Randeep Singh Chhabra - s3465543 School of Mathematical and Geospatial Science RMIT University Melbourne, Australia 28/05/2014
I.
Abstract
Security Operations Center (SOC) is an important facility for any organization that want to address security threats, vulnerability, assessment and management. There are baseline in existence that addresses few of the security aspects but a complete framework combining people, process and technology currently is not up to the high standards (Jacobs, Arnab & Irwin 2013). A well-functioning SOC can provide efficient and effective detection and management of threat (Ernst & Young 2013). Therefore this paper addresses the best practices for building a SOC by outlining its mission and combining people, processes and technology involved.
II.
Introduction
With the rise in information security breaches and sophistication of attacks on ever changing information system, there is an increasing need for comprehensive analysis and monitoring tools, processes and management of information security; all of these can be achieved from Security Operations Center (SOC). SOC is a center where enterprise information systems are monitored, assessed, protected and managed. It combines people, processes and technologies to provide situational alertness through the detection, containment, and remediation of IT threats (HP 2013). SOC manages all incidents in an enterprise, i.e. including identifying and analyzing possible cyber-attacks or intrusion and carry out appropriate communication, action and reporting to reduce negative impacts on business (Ernst & Young 2013). Security threats are becoming increasingly complex, harder to detect and can cause damages to an organization which can stretch across all business process and aspects including clients. Thus for an organization just having a firewall, anti-virus and intrusion detection system (IDS) is not enough (DEFCON n.d.) and therefore they need to implement SOC. As SOC not only looks over preventing threats, but provides continuous prevention, protection, and detection, fast response capabilities against threats, vulnerabilities and real-time incidents (Rotkhe 2012). Moreover, most of our modern organization have different policies under their Information Security Strategy. These policies include security, intrusion prevention, monitoring, incidence response, configuration management and disaster recovery and in order to handle each of them, there are several technologies available to make informed decisions, such as Firewall and Router Logs, Application Level Logs, Application Security Testing Automation, Access Control Management etc. These solutions remain a key control for battling today’s known attacks.
1
Nevertheless, they become less effective over time as attackers find new and complex ways to bypass controls (Ernst & Young 2013). Thus failing to provide a single holistic approach towards overall security (Robert L Behm 2003). Eventually, advanced persistent attacks go undetected for as long as months or even years before a breach gets noticed. The main problem is the existence of distributed silo, lack of skilled professionals, the tools to provide them with accurate information and processes to enable them to fulfil their responsibilities effectively (Network Computing 2012). Combating these complex threats and issues requires to enable ease of collaboration among security personnel, streamline the incident-handling process and manage overall security tools/ technologies. Such a comprehensive system with different tools, process and people is carried by SOC making it a backbone of any organization’s Information Security Strategy (Network Computing 2012). To achieve an effectively operating SOC, the associated processes, people and technologies must not only exist but also be mature (HP 2013). A well-operating SOC is the backbone of the most efficient and effective detection and prevention of threats and vulnerabilities. It can allow information security processes to respond much faster, carry out more collaborative work and share knowledge more effectively (Ernst & Young 2013). This paper would outline the evolution of SOC and address on different factors of best practices for building a SOC.
III.
Evolution of SOC
The emergence of complex cyber threats continue to wreak havoc on current security systems. There have never been a higher demand for a unified security system, services and intelligence than now. Although with abundant management support, organizations still face difficulties to staff skilled experts to keep up with rapidly advancing technologies. Additionally, the most challenging process is to implement different procedures to manage and monitor security operations from a single point that provides real time protection on against new/ multifaceted threats (Internet Security Systems 2006). SOC is the heart of such unified single point security system that integrates security tools, services and intelligence (Internet Security Systems 2006). Building such SOC with regards to emerging threats is very challenging, as there have been numerous advances and developments in SOC since the inception of internet. In addition SOC has also been affected by the company’s evolutionary changes. Despite of these changes, SOC has always been bridging gaps between different organizational units and have been on front lines of cyber defense. SOC has evolved itself to provide the best security that any organization can demand (HP 2013). HP ESP Security Intelligence and Operations Consulting Services in their business white paper of 2013 has devised the five generations of SOC, i.e. 1st Generation (1975-1995) 2nd Generation (1996-2001)
2
3rd Generation (2002-2006) 4th Generation (2007-2012) 5G/ SOC (2013-?)
First four generations of SOC dealt with threats such as nuisance programs, malware outbreak, cybercrime, cyberwar, Hacktivism etc. which was controlled using various technologies such as intrusion detection and prevention (HP 2013). The current generation SOC not only responds to attacks in progress, but understands the scope of the adversary and their motivations and provides risk-appropriate security intelligence and protective measures. This generation SOC is mostly influenced by big data analytics, intelligence-driven methodology, information sharing and human adversary approach (HP 2013). While HP refers the latest generation as simply 5G/ SOC, there are different experts that refers SOC with different names. Forester Research calls the current version as SOC 1.0 while the next generation is named SOC 2.0 (a better way to accomplish SOC tasks against evolving threats) (Kindervag 2010). Nonetheless, all next generation SOC focuses on three key aspects for the success of a SOC, i.e. People, Process and Technology (DTS-Solution n.d.) (Kindervag 2010).
IV.
Mission
Every organizations need to plan their steps prior to building a SOC. Their focus should not only be on people, process and technology but also should address business problems and issues that SOC will solve. The overall success of SOC depends on how mission has been stated (HP 2013). Furthermore, we need a unifying drive to encourage team members, prioritize responsibilities and respond effectively to growing business needs. The more we focus in identifying mission more benefit we will get out of SOC in the long run (HP 2013). For building a good and effective SOC, HP (2013) in their paper “Security Operations” suggests that a mission statement should consist: the needs and requirements what SOC will fulfill for the organization, specific tasks that should be assigned to SOC to provide effective security, probable consumers of SOC collected/ analyzed information and their expectations from SOC, Security data events that should be provided to SOC for monitoring. Example Mission statement:
“The SOC is responsible for monitoring, detecting, and isolating incidents and the management of the organization’s security products, network devices, end-user devices, and systems. This function is performed seven days a week, 24 hours per day under Corporate IT. The SOC is the primary location of the staff and the systems dedicated for this function servicing all the business and IT stakeholders.” (McAfee 2013)
3
V.
Executive and board support
Executive/ board commitment is one of the key to a successful and best SOC. Its support to security is vital to encourage information systems owners and users and to deliver the visibility needed by the team to confirm support of the business units. It is the most important factor for an effective SOC as there are very few motivations to improve security, other than an actual loss of data or direct attacks on the systems (Lee 2001). Likewise, without any clear board support, implementing SOC from grass root level has minimal chance of success and SOC might turn out to be ineffective without realizing its value. For an effective SOC, it is essential for executive support to establish clear objectives and a long term strategy in order to drive organizational change in terms of information security (Ernst & Young 2013). In order to secure executive support to establish best SOC, following key points must be discussed with the management (Ernst & Young 2013):
VI.
Define existing problems and its impact on security and business of the organization o Need for SOC, o SOC’s goals and objectives, o Existing issues that SOC’s implementation would resolve. Establish vision o Mission Statement with desired expectations of outputs. o Short and long term vision should be stated o Match vision, mission with business objectives and risk posture. Define resources, investment requirements for a successful SOC and its outcomes. o Unifying people, process, and technology to produce successful output. o Deciding on in-house requirements and outsourcing o The initial and operating costs involved to either initiate new SOC or evolve an existing SOC. Show the value of implementing SOC by increasing productivity and achieving efficient and effective security management.
Investment
One of the significant challenge when building SOC is that its implementation suffer inadequate resources, mainly investments (money) or expertise (Bowen, Chew & Hash 2007). Such circumstances restricts the SOC team to work with in limited means which makes it difficult to achieve expected results. The scarcity of SOC expertise makes this condition worse as organizations need to spend more on attractive compensations to draw such expertise (Ernst & Young 2013). Furthermore, SOC’s technologies are very expensive. Even if organizations opt for open source tools to minimize costs; expertise to customize it for organizations adaptability still would be
4
high and vendor provided solutions despite being easy are quite costly. Hence finding the right balance between limited investment and quality of SOC is very essential (Ernst & Young 2013). In addition understanding the benefits of compliance objectives such as information security risk management objectives or achieving compliance with information security standards can help overcome such restrictions by efficient management of resources and be able to achieve the holistic objective of SOC with that limited resources (Bowen, Chew & Hash 2007).
VII. Physical space A successful SOC cannot be achieved without creating a distinct location for SOC. The organizations should maintain their own secured physical space to promote unity, team work, and knowledge sharing with in short response time (Ernst & Young 2013). Initial objective should be to clearly document requirements for space as early as in the design process and obtain sufficient space required (Aggleton 2013). As SOC analysts work in a team (rarely in isolation), their performance tend to be effective when in physical proximity to each other. This proximity assists in fast communication that further helps to achieve better security from diverse, collective knowledge of the team (Ernst & Young 2013). Hence, SOC should be placed in a secured location which facilitates quality working environment for the entire team (Aggleton 2013).
VIII. Strategy The SOC strategy should be aligned with the mission statement and should have 3 broad priorities a) Understanding overall risk posture and Aligning to it b) Supporting business goals c) Meeting compliance obligations (Ernst & Young 2013). Creation of SOC’s governance and operating model helps organization and SOC team to achieve accountability, guide communication and manage timely interactions with involved functions such as IT, IR, HR, legal, compliance and others. Documentation of Service level agreements, Processes and chain of authority helps minimize any uncertainty and chaos during emergency high-impact actions (e.g., denial of service attack, system shutdown) (Ernst & Young 2013). Strategy should also involve creation of detailed Standard operating procedures (SOPs) specifying technical processes, checklists, techniques and forms used by the teams. This ensures that the SOC operations reflect priorities of the organization (Kent & Souppaya 2006). Based on resources and objectives an enterprise SOC operation can either be run entirely by internal technology, process and teams or it can also relay partly/completely on external provider. Factors like skill availability, cost, single/multiple global locations, requirements on cloud coverage and support also play a part in deciding the same (IBM 2013).
5
A clear SOC strategy also needs to include milestones and guidelines in relation to IT Security Metrics, as they help organization to monitor achievements of goals and objectives. Some examples of such metrics are having Checkup standards for Security Logs, Configuration, Back up and contingency, Policy & Procedures, Access control etc. (Kahraman, n.d).
IX.
People
As the functional requisites and technology requirements in a SOC are so vastly spread and complex, it always requires cross – disciplinary teams to work together. The team should be having skills and should work together to detect, dissect and disable the threat. Some of the critical skills required by the teams are a) Forensic Knowledge, b) Proficiency in coding, c) Managing threat Intelligence, d) Breach Management, e) Penetration Testing and f) Data Analysts (EMC 2013). At times these skills could also be outsourced to bring fresh perspective or to quickly initiate until internal teams scale up (Ernst & Young 2013). The key roles in a SOC team can be Level 1 or 2 Analyst, Incident handler, Content Developer, Operations Lead, SIEM Engineer, Network Administrators, Security Device Engineers, Data Analysts, Compliance specialist, etc. It is also very important to ensure right coverage by planning a right number of resources across multiple shifts (Anderson, n.d).
X.
Processes
A structured process is meant for enabling consistent operation and repeatable outcomes. It also plugs the shortcoming of people and technology. For e.g. A new employee can learn faster using a detailed process manual or a detailed manual activity process can help overcome limitation of automation. First step in devising a SOC process should be analysis and profiling of Networks, Application and systems and understanding the normal behavior so that the anomaly can be easily identified. Then a detailed set of event correlation rules and use cases needs to be created in order to arrest an event quickly and validate if a particular incidence has occurred (Kent & Souppaya 2006). Then it is required to have a detailed Incidence response procedure and a clear operating guide to recover forensic and incident response data (Lyne 2013). A structured process has to be followed for Incident prioritization. Incidences cannot be addressed on a first come- first served basis instead they should be prioritized based on Functional, Business and Information impact of incidence and the recoverability (Kent & Souppaya 2006). All above SOC processes can be broken into broad 4 categories as suggested by HP in their business white paper (2011): a) Administrative processes b) Technology process c) Operational process
6
d) Analytical process. (HP 2011) Also for each process a respective procedure and workflow should be established, Process defines who is responsible for carrying specific tasks, and procedure explains on how to accomplish the task and workflow emphasizes on sequence. Process integration eliminates redundant /repetitive steps, reduces opportunities of error, and facilitates best practice implementation and closed loop cooperation cycles between involved teams (EMC 2013). The Process maturity level of SOC, can be ascertained using frameworks such as Control Objectives for Information Technology (CoBIT) and Information Technology Information Library (ITIL), coupled with information security frameworks such as ISO/IEC 27001 (Jacobs, Arnab & Irwin 2013).
XI.
Technology
The principle behind choosing SOC technology should be that technology should work for people and best processes not vice versa. The solution should be able to convert operational data into actionable information, which eventually improve security posture of organization (RSA 2008). SOC needs technology for generating, storing, transmitting and analyzing, security log data from applications, databases and network. As different logs comprises different methods of storing, technology is also required to normalize and classify the logs. And then perform log correlation analysis for identifying security incidents, anomalies, fraudulent activities etc. (Madani, Rezayi & Gharaee 2011). Some of the required technologies in a next generation SOC are: a) Scalable Analytics Engine b) Consolidated warehouse for security data or cross indexed series of data stores. c) Centralized Management dashboard d) Pattern based threat monitoring techniques e) Ticketing system f) Rich correlation of incidence information g) Full network packet capture h) Data and Identity classification and Access Management solution i) Integrated Compliance and governance management tools. j) Data Analytics and Forensic tools. (EMC 2013)
XII. Environment The overarching purpose of a SOC is to secure and enable the business. To achieve that, SOC personnel must understand the business and the value associated with specific decisions in order
7
to prioritize the most appropriate response. By correlating business-relevant information against available technical data, the SOC produces security industry trends that enable the business to improve decision-making, risk management, compliance and business continuity (EY 2013). For e.g. TELUS, leading national telecommunications company in Canada deployed a SOC solution to ensure PCI compliance, significantly reducing time spent satisfying auditors’ requests (EMC 2011).
XIII. Analytics and reporting SOC needs to give actionable, prioritized and risk-based insight from the sea of information coming from all the devices being monitored. It needs to capture anomalies, status/alerts and perform real time correlation. The results should be made available in concise reports and dashboards. Analytical capability of a SOC is strengthened by rise of Big Data technologies. It is now possible to perform forensics and the analysis of very long-term historical trends. The efficiency of queries has become sophisticated enough to perform behavior based analysis by carrying out complex queries. Also streaming data analyses adds considerable strength to traditional batch processing techniques. This allows tools to identify sudden attacks more efficiently without historical correlation (Taylor 2014). Analytics involves building of Specific Connectors to: a) Normalize every alarm and alert into a common security schema b) Filter out unwanted traffic c) Set severity according to a common taxonomy d) Multi-Stage Event Correlation to analyze information from a variety of disparate events—sometimes three or more different events—to determine if they are all related to the same incident. e) Prioritization capability to identify the business relevance of the target in question as it relates to the organization’s business imperatives. (HP 2011) The SOC can also use analytics to create insightful metrics and performance measures. For example, use metrics to facilitate internal operational improvements or management using it to make informed decisions to balance trade-offs between cost and risk. Consequently, a good metrics and reporting structure can add value beyond security matters by also serving as a compelling communication vehicle for financial and operational concerns (EY 2013).
XIV. Continuous improvement Ensuring safety of information assets is a moving target and hence the next generation SOC should be continuously evolving. In field of continuous improvement, a principle called Time Based Security Principle directly indicate the need to continuously improve defenses. It says that
8
the effective security measures are those where protections last longer than the time to detect a threat plus the time to remediate that threat, i.e. MTP > MTD + MTR, MTP (Mean Time to Protect); MTD (Mean Time to Detect); MTR (Mean Time to Repair)
(Swift 2011). This clearly quantifies the need for rapid evolution of the SOC. Also, the existing approaches in SOC broadly focus on Target Hardening and Anomaly/Incident detection. These approaches do not cater to reducing the perceptions of net benefit of a hack or do not reduce provocation for an attack. There are some Situational Crime prevention (SCP) techniques being devised which when mixed with the traditional risk management process, can evolve new ways to counter security attacks. SOC operations should be keeping an eye on such developments (Beebe & Rao 2010). Advances in Big Data technology is also helping SOCs to have: Real-time ‘reputation services’ which can simultaneously correlate information from multiple entities like IP addresses, URLs, user identities, email and file objects (MacDonald 2011).
Accurate heuristics and models of malware activity based on broad visibility and using more computing power to perform the analysis. Eventually helping in identifying new and unknown threats compared to just blacklisting known threats (MacDonald 2011).
XV. Conclusion Security Operations Center is the foundation of any organization’s security control and management (Nickle 2011). Building an SOC with effective management can rapidly improve its ability to detect and prevent malicious events (HP 2013). It not only increases response time to deal with threats but improves collaborative work and knowledge sharing. A successful SOC is driven by management commitment, adequate budget, good governance, skilled individuals, well executed processes and implemented technology and the drive for improvement (Rothke 2012) (Ernst & Young 2013). The potential benefits of a SOC is massive and without these driving factors SOC cannot realize its full potential (Nickle 2011).
Word Count: 3430 words
9
Percentage Allocation Team Member Name Abhishek Joshi Randeep S. Chhabra Abhishek Joshi Randeep S. Chhabra
Abhishek Joshi
Randeep S. Chhabra
Abhishek Joshi Randeep S. Chhabra Abhishek Joshi Randeep S. Chhabra
Tasks Allocated and Completed Researched and decided the scope on Security Operations Center (SOC) for the report Researched and collected as much information as possible on the best practices of SOC Worked on drafting and editing sections from headings I to VII with reference to researched information. Worked on drafting and editing sections from headings VIII to XIV with reference to researched information. Worked on section XV (Conclusion) Edited the references and finalized the document format. Managed the minutes for the meetings.
Percentage 5% 5% 5% 5%
30%
30%
5% 5% 5% 5%
Abhishek Joshi
Total
50%
Randeep S. Chhabra
Total
50%
10
Signature
References Aggleton, D, 2013, Best Practices for SOC Design, Tips for planning and deploying an in-house Security Operations Center, SecurityInfoWatch.com, viewed 15 May 2014, . Anderson, B, n.d., Building, Maturing & Rocking a Security Operations Center, Global Cyber Security Threat & Vulnerability Management, Hewlett-Packard, SANS Archive, viewed May 11 2014, . Beebe, Nicole L. and Rao, V. Srinivasan, 2010, Improving Organizational Information Security Strategy via Meso-Level Application of Situational Crime Prevention to the Risk Management Process, Communications of the Association for Information Systems: Vol. 26, Article 17, viewed 14 May 2014, . Bowen, P, Chew, E & Hash, J, 2012, Information Security Guide for Government Executives, National Institute of Standards and Technology, viewed 13 May 2013, . DEFCON, n.d., Building Security Operations Center – For little or no money, viewed 3 May 2014, . DTS-Solution, n.d., Protecting your Information Assets from next Generation of Threats, Next Generation Security Operations Center, viewed 1 April 2014, . EMC, 2011, TELUS improves compliance and strengthens security with market-leading SIEM platform, RSA, EMC Corporation, viewed 12 May 2014, . EMC, 2013, Building an Intelligence-Driven Security Operations Center, RSA Technical Brief, EMC Corporation, viewed 14 May 2014, . Ernst & Young, 2013, Security Operations Centers against Cybercrime - Top 10 considerations for success, Insights on governance, risk and compliance, Ernst & Young Publication, viewed 15 April 2014, .
11
HP, 2011, Building a Successful SOC, HP Enterprise Security Business White Paper, Enterprise Security, HP, viewed 5 April 2014, . HP, 2013, 5G/SOC: SOC Generations White Paper 2013, HP ESP Security Intelligence and Operations Consulting Services, viewed 1 April 2014, . HP, 2013, Security Operations – Building a Successful SOC, HP Enterprise Security Business White Paper, HP, viewed 1 April 2014, . IBM, 2013, Strategy considerations for building a security operations center, IBM Global Technology Services, viewed 12 May 2014, . Internet Security Systems, 2006, The Evolution of Managed Security Services, ISS Virtual-SOC Solution, Security the Way You Need It, viewed 13 May 2014, . Jacobs, P, Arnab, A & Irwin B, Classification of Security Operation Centers, Department of Computer Science, Rhodes University, South Africa, viewed 3 May 2014, . Kahraman, E, n.d., Evaluating IT security performance with quantifiable metrics, Stockholm University, viewed 13 May 2013, . Kent, K & Souppaya, M, 2006, Guide to Computer Security Log Management, National Institute of Standards and Technology, viewed 12 May 2014, . Kindervag, J, 2010, SOC 2.0: Three key steps toward the next-generation security operations center, TechTarget.com, viewed 13 May 2014, . Lee, R. D., 2001, Developing Effective Information Systems Security Policy, SANS Institute, viewed 13 May 2014 . Lyne, J, 2013, 8 tips for a security incident handling plan, naked security, viewed May 9 2014,
12
. Madani, A, Rezayi, S & Gharaee, H, 2011, Log management comprehensive architecture in Security Operation Center (SOC), Computational Aspects of Social Networks (CASoN), viewed 11 May 2014, . McAfee, 2012, Creating and Maintaining a SOC, The details behind successful Security Operations Centers, white paper, McAfee – An Intel Company, viewed 14 May 2014, . MacDonald, N, 2011, Information Security is Becoming a Big Data Problem, The Gartner Blog Network, viewed 16 May 2014, . Network Computing, 2012, Do you need a Security Operations Center?, Wireless Infrastructure, Network Computing, viewed 12 May 2014, . Nickle, M, 2011, Best practices for building a Security Operations Center - untangling the mess created by multiple security solutions, CA Technology Services, viewed 18 May 2014, . Rothke B, 2012, Building a Security Operations Center, Wyndham Worldwide Corp., RSA Conference 2012, viewed 3 May 2014, . RSA, 2008, Creating an Effective Security Operations Function – White Paper, RSA – The Security Division of EMC, viewed 10 May 2014, . Swift, D, 2011, A Process for Continuous Improvement Using Log Analysis, SANS Institute, viewed May 17 2014, . Taylor, B, 2014, How Big Data is changing the security analytics landscape, TechRepublic, viewed May 13 2014, .
13
Minutes of the Meetings Minutes of 1st Meeting Date: 30th March 2014 Time: 8:30 pm Members Present: 1. Abhishek Joshi 2. Randeep Singh Chhabra Members Absent: None Discussion: - Possible topics provided in the guideline for project. - Considered Security Operations Center as a probable topic. Decision: - To carry out more research on different topics before considering the final topic. - Also test the feasibility of Security Operations Center as a probable topic. Meeting adjourned at 8:50 pm.
Minutes of 2nd Meeting Date: 1st April 2014 Time: 8:15 pm Members Present: 1. Abhishek Joshi 2. Randeep Singh Chhabra Members Absent: None Discussion: - Put forward different arguments and ideas to support the topic to be chosen. - After finalizing Security Operations Center as a topic, discussed and finalized the outline of the topic for submission. Decision: - Finalized Best Practices of Security Operations Center as the final topic for our study. - Discussed and written the outline of the topic for submission. - Division of tasks to further research on the topic for final discussion paper. Meeting adjourned at 9:20 pm.
14
Minutes of 3rd Meeting Date: 10thApril 2014 Time: 1:10 pm Members Present: 1. Abhishek Joshi 2. Randeep Singh Chhabra Members Absent: None Discussion: - Discussed on information gathered as per the previous research carried out. - Discussed the scope of the project to sort out the relevant information. - Planned on proceeding to finalize the introduction of the report. Decision: - To finalize, structure the introduction and probable headings of the report at next meeting. Meeting adjourned at 1:35 pm. Minutes of 4th Meeting Date: 15thApril 2014 Time: 3:10 pm Members Present: 1. Abhishek Joshi 2. Randeep Singh Chhabra Members Absent: None Discussion and Decision: - Structured, finalized and formatted the introduction. - Listed out probable components of the discussion report. Meeting adjourned at 4:00 pm.
15
Minutes of 5th Meeting Date: 23rd April 2014 Time: 8:30 pm Members Present: 1. Abhishek Joshi 2. Randeep Singh Chhabra Members Absent: None Discussion: - With regards to comments received on the introduction, discussed on how to improve. - Finalized the listed out headings for the report. Decision: - Divided tasks amongst us to create a draft for the report. - Allocated the whole report in 50 % each. - Two weeks as a deadline to submit each draft. Meeting adjourned at 8.45 pm Minutes of 6th Meeting Date: 7th May 2014 Time: 8:30 pm Members Present: 1. Abhishek Joshi 2. Randeep Singh Chhabra Members Absent: None Discussion: - Reviewed each other’s draft of their parts for errors and accuracy. - Need of more references to back our study - Too lengthy draft, both of us discussed how it would be feasible to cut the length without losing the essence of the study. Decision: - Re-write the drafts to shorten the length and limit it under 3500 words - Find more references to back our study for effective presentation - Meeting next week after class. Meeting Adjourned at 9.00 pm
16
Minutes of 7th Meeting Date: 14th May 2014 Time: 8:30 pm Members Present: 1. Abhishek Joshi 2. Randeep Singh Chhabra Members Absent: None Discussion: - Reviewed the draft again along with the references. - Still some improvements required for overall content. - Discussed on how to send our message from presentation. - Planned on the topics and the contents of the presentation. Decision: - To finalize the report by next week. - And finalize the contents of the presentation by next week. Meeting Adjourned at 9.05 pm Minutes of 8th Meeting Date: 21st May 2014 Time: 8:30 pm Members Present: 1. Abhishek Joshi 2. Randeep Singh Chhabra Members Absent: None Discussion and Decision: - Discussed on some essence missing after proof reading it and decided on to try improve it again - Structure and formatting of the report finalize. - Discussed on possible presentation tools we can use for effective presentation. - By Friday 23rd May 2014 finalize the report and the presentation. Meeting adjourned at 8:55 pm
17
Minutes of 9th Meeting Date: 26th May 2014 Time: 8:45 pm Members Present: 1. Abhishek Joshi 2. Randeep Singh Chhabra Members Absent: None Discussion and Decision: - Finalized the report, formatted, edited. - Checked references and devised percentage allocation as per the tasks divided and carried out. - Reviewed the images to be used in presentation. - Evaluated the contents for presentation in terms of time restriction. Meeting adjourned at 10:00 pm
18