Coltrane Company & Character
Coltrane company
In part, the purpose of the Coltrane activity is to enable improvement of teaching materials and facilitate communication of cyber security topics to students. As part of this effort, different types of materials are key component. As one of those, the project has developed an example company, that should be convenient to use both in examples and in different exercises, providing a detailed background for examples and exercises, complete with characters and personas, that allow students to express and discuss the situation in more concrete terms.
The Executive Industrial Solutions Company (EIS) developed for the COLTRANE project is an originally family-owned business, having been involved in various enterprises and fields of industry since it was originally established to manufacture and supply industrial parts to the needs of establishing industries in the early 1900’s under the name of Alice bob Machine factory.
During the more than century of its existence, the company has regularly bought and involved itself in various business and industrial opportunities, ranging from government contracts to railroads and electricity to goods manufacture and service industries. These activities however, are typically run in daughter companies and occasionally sold to finance new ventures, while the main company acts as an envelope to these operations. New business acquisitions typically are grown under close scrutiny by the main EIS company until the new daughter company is established enough to run on its own. The family still owns considerable share of the company, but nowadays the ownership includes insurance companies, pension funds and private investors. The CEO still has considerable influence over majority of stock, allowing the company considerable mobility in acquiring and opening new business ventures in any field.
This background gives the COLTRANE example company sufficient flexibility to be believably involved in any cyber security related example or exercise, and allow the developed characters reappear in new business situations and companies, to give a sense of familiarity and facilitate quick understanding for the students.
Characters Overview
COLTRANE characters consist of two characters: a male, female character. Each character includes eight expressions that represent six basic emotions (i.e. happy, fearful, surprised, sad, angry), that usually have an explicit cause (e.g. some event) adding two emotions (neutrality and thoughtful).
To create meaningful situations in which employees of the Coltrane Company (or any other company context) experience cybersecurity issues, we developed a number of characters, that can be used to create realistic storylines. With these characters certain roles in the company come to light. Some of these roles are directly involved in cybersecurity (such as IT-team members or the CISO), others are not (e.g., general employee, secretary). Characters come in male and female form, and all have a backstory to get to know them better.
By creating these characters, we can incorporate another important human factor: the role of emotions. Cybersecurity incidents evoke a lot of emotions in all participants involved: for instance fear or anger, because of uncertainties, or happiness when an issue is resolved. For this reason, we developed the characters in a way, that they can display a range of emotions. This adds another dimension to the realistic context that can be created for students.
In the video below, more information about the characters can be found. Below the video, a number of example characters are shown.
COLTRANE Characters
Gary is a Senior member of the IT team and has been with EIS for 8 years, making him the longest serving member of the team. He has a high degree of experience in running the core systems and was the main brains behind the architecture for the IT-NET aspects of the EIS infrastructure. It was largely thanks to Gary’s involvement that staff were able to start doing remote working more effectively during the early stages of the pandemic, as he adapted the configuration of key systems to enable remote access and provided the basis for staff to connect in via VPN. However, Gary has the feeling that this contribution was not appreciated as much as he would have expected. The staff in general just seem to expect that IT should work, and Adrian seemed more interested in taking the credit for his ‘team’ having solved the problem than recognising Gary’s contribution. In addition, Gary is getting the feeling that he is likely to remain side-lined in the longer term, as Adrian seems to be focused on supporting his new protégé, Matthias.
The CIO, Adrian, is responsible for the overall IT infrastructure and provision within EIS. He has worked in senior IT roles for over a decade and has been at EIS for four years. He is bit set in his ways but is generally regarded as having provided an effective (if workmanlike) IT service for the company. However, in more recent times his reputation was somewhat tarnished by difficulties that EIS experienced in enabling staff to transition to home working during the Covid-19 pandemic (staff did not have mobile devices, and had to resort to taking office PCs home, many of which then had configuration problems and did not work, causing many staff – including the CEO – to have to use their personal devices instead). He is therefore keen to ensure that EIS does not find itself in a similar situation again, especially as he is mindful about upholding his own image as an effective CIO.
Matthias is a junior member of the IT team. He is at an early stage in his career, having recently graduated from the University of Salouvinot with a degree in Computer Science with Cyber Security. He joined EIS after the difficulties with home-working had been overcome, and is now witnessing the ongoing discussions about how the company should adapt to enable a degree of ongoing hybrid working as they move forward. Matthias has an appetite to innovate and is keen for EIS to take advantage of the latest technologies (he tends to think that the current use of technology is more conservative than it could be). Adrian regards him as a ‘bright young thing’ and is keen to support his career development … as well as to use some of his creative thinking to help push EIS’s use of IT forward.
Janet is the CISO, and has the responsibility for protecting EIS’s information assets. While the scope of her role encompasses the breadth of security issues, including the technology and organisational aspects. Her own expertise is activity is more closely focused in policy and risk assessment, and she came into the CISO role from a prior background in IT auditing. She therefore liaises closely with other members of the IT team in order to consider and enact the technology aspects. Indeed, Janet worked in consultation with Gary during the pandemic to ensure that security measures were being recognised in the home working provisions. She is keen to enlist the services of Matthias, the new team member who has a bit of cyber security knowledge from his university studies, but at the same time she wonders whether he is already being used by Adrian to provide a ‘shadow’ source of security advice.