IT-FPX4993: Cybersecurity Capstone

IT-FPX4993 is the capstone for the cybersecurity track — assessments expect students to demonstrate integrated command of security concepts across risk, architecture, operations, and policy, not just competency in any one area. The project-based format means early assessment choices constrain later ones, and weak scoping at the start creates compounding problems. This guide explains the capstone structure and how academic support for IT-FPX4993 can help you produce a coherent, complete project from start to finish.

Course Overview

IT-FPX4993 requires students to select or be assigned a realistic enterprise scenario and develop a comprehensive cybersecurity solution across a sequence of linked assessments. The capstone draws on skills developed in prior courses (including IT-FPX4803 and related security courses) and requires students to apply them in an integrated way — moving from threat landscape analysis through security architecture design, policy and procedure development, and a final professional presentation of the complete security program. The course is designed to mirror the experience of producing a security assessment and program recommendation for a real organization.

Key Assessments

1Organizational Security Assessment and Threat Analysis
Students analyze the assigned scenario organization's current security posture — identifying the threat landscape (relevant threat actors, attack vectors, and existing vulnerabilities), assessing current control gaps, and framing the security challenges the capstone project will address. Rubrics evaluate the depth and specificity of the threat analysis and the quality of the gap identification.
2Security Architecture and Control Framework Design
Based on Assessment 1's findings, students design a security architecture — selecting and justifying security controls, defining network segmentation and access control requirements, and mapping the proposed architecture to a recognized framework (NIST CSF or similar). This assessment must directly address the threats and gaps identified in Assessment 1.
3Security Policy and Governance Development
Students develop key security policies for the organization — typically covering acceptable use, access control, incident response, and data classification. Policies must be practical (actionable, enforceable) and aligned with both the security architecture from Assessment 2 and the organization's operational context.
4Capstone Presentation and Program Summary
A professional presentation of the complete cybersecurity program — synthesizing the threat analysis, architecture, and policies into a cohesive executive-level communication. Rubrics evaluate both the technical accuracy of the content and the clarity and professionalism of the presentation format.

How We Help With IT-FPX4993

Scoping Assessment 1 correctly — a threat analysis that is specific enough to support concrete architecture decisions in Assessment 2
Designing security architectures that directly trace to the Assessment 1 threat findings and are grounded in a named framework
Writing security policies that are enforceable and operational — not generic policy templates but policies tailored to the scenario organization
Building the Assessment 4 presentation to communicate technical findings clearly to an executive audience without oversimplifying
Maintaining consistency across all four assessments so each one logically builds on and references the prior work

Common Challenges in This Course

The most frequent capstone failure mode is an Assessment 1 threat analysis that is too vague — identifying "phishing" and "ransomware" as threats without connecting them to the specific scenario organization's industry, size, data types, and attack surface. When Assessment 1 is vague, Assessment 2's architecture becomes generic (not tied to actual threats), and the policies in Assessment 3 become boilerplate. Students often discover this in Assessment 3 when they realize their policies don't reference anything scenario-specific. Starting with a specific, well-scoped scenario in Assessment 1 is the single highest-leverage investment in this capstone.

Need Help With IT-FPX4993?

Send us your capstone scenario and the assessment you're working on — we'll help you build a coherent, technically sound project from threat analysis through final presentation.

Get Started Browse IT Courses

Related Courses

IT-FPX4993 FAQ

Can I choose my own organization scenario for the capstone?

Some sections allow you to propose a scenario; others assign one. If you can choose, select an organization type with enough publicly available information to support the threat analysis — a mid-size healthcare provider, a regional financial institution, or a retail company are well-documented scenario types. Avoid overly niche or fictional organizations where threat data is hard to source.

Which security framework should I use for the architecture design?

The NIST Cybersecurity Framework (CSF) is the most commonly required or accepted framework for the architecture assessment. NIST SP 800-53 controls are often used to populate the specific control selections. If your section specifies ISO 27001 or another framework, follow that specification.

How long should the Assessment 3 security policies be?

Each policy should be long enough to be actionable — typically 2-4 pages per policy covering purpose, scope, policy statements, roles and responsibilities, enforcement, and review cycle. A policy that is too short will not cover enforcement and accountability; a policy that is too long will be impractical. Quality over length.

Is the Assessment 4 presentation a slide deck or a written document?

Most sections require a slide presentation (PowerPoint or similar) with narrated audio or speaker notes. Check your section's specific format requirement — some sections accept a video presentation, and a few may accept a written executive summary instead.