1. CIS 558 Week 3 Assignment 1 ERM Roadmap (2
Papers)
For more classes visit
www.snaptutorial.com
This Tutorial contains 2 Papers
CIS 558 Week 3 Assignment 1 ERM Roadmap
Week 3 Assignment 1
Students, please view the "Submit a Clickable Rubric Assignment" in
the Student Center.
Instructors, training on how to grade is within the Instructor Center.
Assignment 1: ERM Roadmap
Due Week 3 and worth 125 points
The following material may be useful for the completion of this
assignment. You may refer to the documents titled “Embracing
Enterprise Risk Management: Practical Approaches for Getting Started”
and “Developing Key Risk Indicators to Strengthen Enterprise Risk
Management”, located at http://www.coso.org/-ERM.htm.
Imagine you are an Information Technology Manager employed by a
business that needs you to develop a plan for an effective Enterprise
Risk Management (ERM) program. In the past, ERM has not been a
2. priority for the organization. Failed corporate security audits, data
breaches, and recent news stories have convinced the Board of Directors
that they must address these weaknesses. As a result, the CEO has
tasked you to create a brief overview of ERM and provide
recommendations for establishing an effective ERM program that will
be used as a basis to address this area moving forward.
Write a three to four (3-4) page paper in which you:
1. Summarize the COSO Risk Management Framework and COSO’s
ERM process.
2. Recommend to management the approach that they need to take to
implement an effective ERM program. Include the issues and
organizational impact they might encounter if they do not implement an
effective ERM program.
3. Analyze the methods for establishing key risk indicators (KRIs).
4. Suggest the approach that the organization needs to take in order to
link the KRIs with the organization’s strategic initiatives.
5. Use at least three (3) quality resources in this assignment (in addition
to and that support the documents from the COSO Website referenced in
this assignment). Note: Wikipedia and similar Websites do not qualify as
quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional
instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date. The
cover page and the reference page are not included in the required
assignment page length.
The specific course learning outcomes associated with this assignment
are:
• Describe the COSO enterprise risk management framework.
• Describe the process of performing effective information technology
audits and general controls.
3. • Use technology and information resources to research issues in
information technology audit and control.
• Write clearly and concisely about topics related to information
technology audit and control using proper writing mechanics and
technical style conventions.
*************************************
CIS 558 Week 4 Case Study 1 Mitigating Cloud
Computing Risks (2 Papers)
For more classes visit
www.snaptutorial.com
This Tutorial contains 2 Papers
Week 4 Case Study 1
Students, please view the "Submit a Clickable Rubric Assignment" in
the Student Center.
Instructors, training on how to grade is within the Instructor Center.
Case Study 1: Mitigating Cloud Computing Risks
Due Week 4 and worth 125 points
Imagine you are an Information Security Manager in a medium-sized
organization. Your CIO has asked you to prepare a case analysis report
and presentation on establishing internal controls in cloud computing.
The CIO has seen several resources online which discuss the security
risks related to Cloud based computing and storage. One that stood out
4. was located at http://www.isaca.org/Journal/Past-Issues/2011/Volume-
4/Pages/Cloud-Computing-Risk-Assessment-A-Case-Study.aspx. You
are being asked to summarize the information you can find on the
Internet and other sources that are available. Moving forward, the CIO
wants to have a firm grasp of the benefits and risks associated with
public, private, and hybrid cloud usage. There is also concern over how
these systems, if they were in place, should be monitored to ensure not
only proper usage, but also that none of these systems or their data have
been compromised.
Write a three to four (3-4) page paper in which you:
1. Provide a summary analysis of the most recent research that is
available in this area.
2. Examine the risks and vulnerabilities associated with public clouds,
private clouds, and hybrids. Include primary examples applicable from
the case studies you previously reviewed.
3. Suggest key controls that organizations could implement to mitigate
these risks and vulnerabilities.
4. Develop a list of IT audit tasks that address a cloud computing
environment based on the results from the analysis of the case studies,
the risks and vulnerabilities, and the mitigation controls.
5. Use at least three (3) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional
instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date. The
cover page and the reference page are not included in the required
assignment page length.
The specific course learning outcomes associated with this assignment
are:
5. • Describe the process of performing effective information technology
audits and general controls.
• Describe the various general controls and audit approaches for
software and architecture to include operating systems,
telecommunication networks, cloud computing, service-oriented
architecture and virtualization.
• Use technology and information resources to research issues in
information technology audit and control.
• Write clearly and concisely about topics related to information
technology audit and control using proper writing mechanics and
technical style conventions
*************************************
CIS 558 Week 6 Assignment 2 Software
Engineering, CMMI, and ITIL (2 Papers)
For more classes visit
www.snaptutorial.com
This Tutorial contains 2 Papers
Realizing that an organization’s CMMI level impacts an organization’ s
success on requests for proposals (RFPs), your CIO wants to get the
software development processes to CMMI level 3. Your organization
has started developing software applications and database systems for
their customers. The CIO wants to ensure that the software development
6. and database development processes are being properly managed and
audited, and he wants to ensure that the organization begins taking the
necessary steps to progress to CMMI level 3. In preparation for your
response, review the CMMI information available at the Carnegie
Mellon Website.
IT managers will commonly manage software development and systems
integration activities. Write a 3 page paper in which you:
Describe the software engineering process, the challenges in managing
software development activities, and the potential interface issues from
the software development perspective.
Analyze the CMMI levels and define a roadmap that the organization
will ned to follow in order to get their software development processes
to CMMI level three. Note: This is important because the CMMI level
that an organization achieves impacts their software development
reputation.
Explain the auditing tasks that must be performed in order to achieve
level 3.
Determine the continuous assurance auditing activities that the
organization will need to implement to help achieve CMMI level three.
Analyze the ITIL service management guidelines and principles.
Examine how ITIL service management practices relate to CMMI levels
and continuous service auditing.
Use at least four (4) quality resources in this assignment.
Note: Wikipedia and similar Websites do not qualify as quality
resources.
*************************************
CIS 558 Week 7 Case Study 2 HIPAA and IT
Audits (2 Papers)
7. For more classes visit
www.snaptutorial.com
This Tutorial contains 2 Papers
Case Study 2: HIPAA and IT Audits
Due Week 7 and worth 75 points
Imagine you are a CIO at a medium-sized hospital, and you have been
asked by the CEO to provide a case analysis report that will be provided
to the senior leadership in the organization. They are concerned about
the HIPAA Security and Privacy Rules and its impact on the
organization. Unfamiliar with the details of HIPAA, you begin looking
at the information provided by the Department of Health and Human
Services. Specifically, you are asked to provide an analysis on the
summary of the cases.
Section 1. Written Paper
Many organizations have been fined significant amounts for non-
compliance with HIPAA. To help ensure that your organization remains
in compliance with HIPAA regulations you have been asked to write a
three (3) page paper in which you:
1a. Create an overview of the HIPAA Security Rule and Privacy Rule.
Include an explanation of the resolution process when a case is reported.
8. 1b. Analyze the major types of incidents and breaches that occur based
on the cases reported.
1c. Analyze the technical controls and the non-technical controls that are
needed to mitigate the identified risks and vulnerabilities.
1d. Analyze and describe the network architecture that is needed within
an organization, including a medium-sized hospital, in order to be
compliant with HIPAA regulations.
1e. Analyze how a medium-sized hospital is similar to and different
from other non-medical organizations in regards to HIPAA compliance.
1f. List the IT audit steps that need to be included in the organization’s
overall IT audit plan to ensure compliance with HIPAA rules and
regulations.
1g. Use at least four (4) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional
instructions.
Section 2. Network Architecture
2a. Create a network architecture diagram (using Visio or an open-
source equivalent to Visio for creating diagrams), based on the
description of the network architecture that you defined above for the
organization to be compliant with HIPAA regulations.
2b. Include in the diagram the switches, routers, firewalls, IDS/IPS, and
any other devices needed for a compliant network architecture.
*************************************
CIS 558 Week 10 Term Paper Managing an IT
Infrastructure Audit (2 Papers)
9. For more classes visit
www.snaptutorial.com
This Tutorial contains 2 Term Papers
Term Paper: Managing an IT Infrastructure Audit
This assignment consists of four (4) sections: an internal IT audit policy,
a management plan, a project plan, and a disaster recovery plan. You
must submit all four (4) sections as separate files for the completion of
this assignment. Label each file name according to the section of the
assignment it is written for. Additionally, you may create and /or assume
all necessary assumptions needed for the completion of this assignment.
Imagine you are an Information Security Manager for a large national
retailer. You have been hired to be directly responsible for the planning
and oversight of IT audits. At the request of the Board of Directors, the
CEO has tasked you with developing a plan for conducting regular
audits of the IT infrastructure. The planning and management aspects of
IT audit are critical to the overall success of the audit, and as a result, the
overall success of the systems implemented within the organization. You
must develop a policy for conducting IT audits and develop a project
plan for conducting two week IT audits.
In addition to the typical networking and Internetworking infrastructure
of a medium-sized organization, the organization has the following
characteristics:
• They have a main office and 268 stores in the U.S.
• They utilize a cloud computing environment for storage and
applications.
10. • Their IT infrastructure includes Cisco workgroup and core switches,
Cisco routers, Cisco firewalls and intrusion prevention systems, and
servers running Microsoft Windows Server 2012.
• They have over 1000 desktops and approximately 500 organization-
owned laptops in the main headquarters.
• They allow employees to bring their own devices into the organization;
however, they are subject to being searched upon entry and exit from the
building.
• They enable remote access to corporate information assets for
employees and limited access to extranet resources for contractors and
other business partners.
• They enable wireless access at the main office and the stores.
• They process an average of 67.2 credit card transactions per hour every
day at each location and via their corporate Website.
•
Section 1: Internal IT Audit Policy
Write a three to four (3-4) page paper in which you:
1. Develop an Internal IT Audit Policy, which includes at a minimum:
2. Overview
b. Scope
c. Goals and objectives
d. Compliance with applicable laws and regulations
e. Management oversight and responsibility
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Section 2: Management Plan
Write a four to six (4-6) page paper in which you:
2. Explain the management plan for conducting IT audits, including:
3. Risk management
b. System Software and Applications
c. Wireless Networking
d. Cloud Computing
e. Virtualization
11. f. Cybersecurity and Privacy
g. BCP and DRP
h. Network Security
i. Use at least three (3) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
Section 3: Project Plan
Use Microsoft Project or an Open Source alternative, such as Open
Project to:
3. Develop a project plan which includes the applicable tasks for each of
the major areas listed below for each element of the IT audit mentioned
above; plan for the audit to be a two (2) week audit.
4. Risk management
b. System software and applications
c. Wireless networking
d. Cloud computing
e. Virtualization
f. Cybersecurity and privacy
g. Network security
Section 4: Disaster Recovery Plan
Write a five to seven (5-7) page paper in which you:
4. Develop a disaster recovery plan (DRP) for recovering from a major
incident or disaster affecting the organization.
5. The organization must have no data loss.
b. The organization must have immediate access to organizational data
in the event of a disaster.
c. The organization must have critical systems operational within 48
hours.
d. Include within the DRP the audit activities needed to ensure that the
organization has an effective DRP and will be able to meet the
requirements stated above.
e. Use at least three (3) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality resources.
12. Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12), with
one-inch margins on all sides; citations and references must follow APA
or school-specific format. Check with your professor for any additional
instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date. The
cover page and the reference page are not included in the required
assignment page length.
*************************************