Cybersecurity: Strengthening Cyber Defense in Financial Services

Sponsored by: KPMG

In the heart of the Midwest, the city of Chicago is a major hub for financial services, hosting numerous banks and financial institutions that rely heavily on robust IT infrastructures. These institutions handle vast amounts of sensitive data, including customer financial information, transaction records, and investment portfolios. To manage and secure this data, the financial sector employs a complex array of IT systems, including core banking software, customer relationship management (CRM) systems, and data analytics platforms.

However, many of these IT systems were implemented over a decade ago and have not been updated to meet modern cybersecurity standards. This has made them susceptible to cyber threats, such as ransomware attacks, data breaches, and insider threats. Recent incidents, like the Fin7 cybercrime group's attacks on financial institutions and the REvil ransomware targeting global businesses, highlight the growing risks faced by the financial sector.

Your client, Midwest Central Bank., is a leading financial institution based in Chicago, responsible for managing billions of dollars in assets for its clients. With the increasing threat landscape and regulatory requirements such as the Gramm-Leach-Bliley Act (GLBA) and the Payment Card Industry Data Security Standard (PCI DSS), Midwest Central Bank's leadership has tasked your team with conducting a comprehensive IT Audit. The goal is to assess the current state of their IT systems, identify vulnerabilities, and recommend strategies to enhance cybersecurity and ensure compliance with relevant regulations.

Challenge 

Using authoritative sources from government, academia, and industry, conduct an IT Audit for Midwest Central Bank that focuses on identifying major cybersecurity risks associated with their IT infrastructure. Develop a detailed report that includes:

• An evaluation of the current IT systems and their vulnerabilities.
• A risk assessment that prioritizes threats based on their potential impact on business operations.
• Practical, business-oriented strategies to mitigate identified risks, including recommendations for system upgrades, enhanced cybersecurity measures, and employee training programs.
• A compliance review to ensure alignment with regulatory standards such as GLBA and PCI DSS.

Deliverables

1. Primary Deliverable: 10 minute Presentation

   • Focus on key findings, top risks, and actionable recommendations.

   • Make it visually clear: charts, tables, and a simple “risk vs. impact” summary.

   • and/or

2. Supplementary Deliverable: Short Audit Report (1–2 pages)

• • Include essential details only: methodology, sources, key findings, recommendations, and compliance considerations.
  • No need for a full-length formal report

TIMELINE

• February 16, 2026 (11:59 PM Eastern) - Preliminary submissions due 
  
• February 26, 2026 – Finalists notified
• March 27, 2026 – Final presentations (during SCLC) and winners announced

PRIZES

• First place: $2,000 USD
• Second place: $1000 USD
• Third place $500 USD

ELIGIBILITY REQUIREMENT

Only teams from current AIS Student Chapters are eligible to complete.   

• Unsure if your chapter is up-to-date with membership? See the list of current chapters.
• Interested in chapter membership? Learn more.

Evaluation Rubric