SlideShare a Scribd company logo

CIS 558 Imagine Your Future/newtonhelp.com   

Download as DOC, PDF
B
bellflower51

The document discusses planning for COBIT compliance and establishing an effective enterprise risk management (ERM) program. It describes how organizations establish the five COBIT IT governance focus areas of strategic alignment, value delivery, risk management, resource management, and performance management. It also discusses developing an ERM plan, identifying key risks and controls, and determining auditing tasks for cloud computing environments. Establishing proper identity and access management, effective disaster recovery plans, and change and patch management processes are also covered.

Education
1 of 25
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
CIS 558 Week 1 Discussion COBIT Planning For more course tutorials visit www.newtonhelp.com “COBIT Planning” Please respond to the following: Describe how organizations establish the five (5) COBIT IT governance focus areas: strategic alignment, value delivery, risk management, resource management, and performance management Suppose senior management has tasked you with the planning of the COBIT compliance project. In terms of the COBIT framework, predict which key areas are likely to be problematic to implement. Suggest at least two (2) possible solutions to these problematic areas. ============================================ CIS 558 Week 1-11 All DQs For more course tutorials visit www.newtonhelp.com CIS 558 Week 1 Discussion COBIT Planning
CIS 558 Week 2 Discussion Question Developing an ERM plan CIS 558 Week 3 Discussion Mitigating Wireless Risk CIS 558 Week 4 Discussion Obstacles to CMMI Development CIS 558 Week 5 Discussion Automated Auditing CIS 558 Week 6 Discussion Audit Project Control” CIS 558 Week 7 Discussion Identity and Access Management CIS 558 Week 8 Discussion Effective Disaster Recovery Plans CIS 558 Week 9 Discussion Change and Patch management CIS 558 Week 10 Discussion Quality Assurance and Auditing Standards CIS 558 Week 11 Discussion Course Conclusion and Summary ============================================ CIS 558 Week 2 Discussion Question Developing an ERM plan For more course tutorials visit www.newtonhelp.com
“Developing an ERM plan” Please respond to the following: From a management perspective, decide which key policies and procedures one should consider as the starting point when developing an ERM plan for an organization. Defend your position. Provide a list of essential personnel whom you believe should be involved in creating and maintaining an ERM plan for an organization. Describe the role of each person. Suggest a timeline for establishing an ERM plan, giving your opinion on how frequently the plan should be reviewed. ============================================ CIS 558 Week 3 Assignment 1 ERM Roadmap (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 558 Week 3 Assignment 1 ERM Roadmap Week 3 Assignment 1
Students, please view the "Submit a Clickable Rubric Assignment" in the Student Center. Instructors, training on how to grade is within the Instructor Center. Assignment 1: ERM Roadmap Due Week 3 and worth 125 points The following material may be useful for the completion of this assignment. You may refer to the documents titled “Embracing Enterprise Risk Management: Practical Approaches for Getting Started” and “Developing Key Risk Indicators to Strengthen Enterprise Risk Management”, located at http://www.coso.org/-ERM.htm. Imagine you are an Information Technology Manager employed by a business that needs you to develop a plan for an effective Enterprise Risk Management (ERM) program. In the past, ERM has not been a priority for the organization. Failed corporate security audits, data breaches, and recent news stories have convinced the Board of Directors that they must address these weaknesses. As a result, the CEO has tasked you to create a brief overview of ERM and provide recommendations for establishing an effective ERM program that will be used as a basis to address this area moving forward. Write a three to four (3-4) page paper in which you: 1. Summarize the COSO Risk Management Framework and COSO’s ERM process. 2. Recommend to management the approach that they need to take to implement an effective ERM program.
Include the issues and organizational impact they might encounter if they do not implement an effective ERM program. 3. Analyze the methods for establishing key risk indicators (KRIs). 4. Suggest the approach that the organization needs to take in order to link the KRIs with the organization’s strategic initiatives. 5. Use at least three (3) quality resources in this assignment (in addition to and that support the documents from the COSO Website referenced in this assignment). Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: · Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. · Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are: · Describe the COSO enterprise risk management framework.
· Describe the process of performing effective information technology audits and general controls. · Use technology and information resources to research issues in information technology audit and control. · Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions. ============================================ CIS 558 Week 3 Discussion Mitigating Wireless Risk For more course tutorials visit www.newtonhelp.com “Mitigating Wireless Risk” Please respond to the following: Suggest two (2) of the risks and two (2) of the benefits associated with the implementation of wireless networks. For each of the risks, provide key suggestions for mitigating or eliminating those risks from an auditor’s perspective. Suggest key methods for measuring the effectiveness of your solutions. ============================================
CIS 558 Week 4 Case Study 1 Mitigating Cloud Computing Risks (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers Week 4 Case Study 1 Students, please view the "Submit a Clickable Rubric Assignment" in the Student Center. Instructors, training on how to grade is within the Instructor Center. Case Study 1: Mitigating Cloud Computing Risks Due Week 4 and worth 125 points Imagine you are an Information Security Manager in a medium-sized organization. Your CIO has asked you to prepare a case analysis report and presentation on establishing internal controls in cloud computing. The CIO has seen several resources online which discuss the security risks related to Cloud based computing and storage. One that stood out was located at http://www.isaca.org/Journal/Past-Issues/2011/Volume- 4/Pages/Cloud-Computing-Risk-Assessment-A-Case- Study.aspx. You are being asked to summarize the information you can find on the Internet and other sources
that are available. Moving forward, the CIO wants to have a firm grasp of the benefits and risks associated with public, private, and hybrid cloud usage. There is also concern over how these systems, if they were in place, should be monitored to ensure not only proper usage, but also that none of these systems or their data have been compromised. Write a three to four (3-4) page paper in which you: 1. Provide a summary analysis of the most recent research that is available in this area. 2. Examine the risks and vulnerabilities associated with public clouds, private clouds, and hybrids. Include primary examples applicable from the case studies you previously reviewed. 3. Suggest key controls that organizations could implement to mitigate these risks and vulnerabilities. 4. Develop a list of IT audit tasks that address a cloud computing environment based on the results from the analysis of the case studies, the risks and vulnerabilities, and the mitigation controls. 5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: · Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
· Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are: · Describe the process of performing effective information technology audits and general controls. · Describe the various general controls and audit approaches for software and architecture to include operating systems, telecommunication networks, cloud computing, service-oriented architecture and virtualization. · Use technology and information resources to research issues in information technology audit and control. · Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions ============================================ CIS 558 Week 4 Discussion Obstacles to CMMI Development For more course tutorials visit www.newtonhelp.com
“Obstacles to CMMI Development” Please respond to the following: Elaborate on three (3) of the obstacles that must be overcome as a business moves up the CMMI model. Suggest key methods for overcoming the obstacles you have identified. Describe the measurable benefits of progressing up the CMMI model. From an auditing perspective, determine the manner in which these benefits might be observed. ============================================ CIS 558 Week 5 Discussion Automated Auditing For more course tutorials visit www.newtonhelp.com “Automated Auditing” Please respond to the following: CAATTs can be helpful when dealing with immense amounts of data. However, developing a CAATT system can
be time consuming. Argue for or against the use of CAATT systems. Identify the key elements of building an effective CAATT system. Elaborate on two (2) challenges faced when designing an effective CAATT system, and suggest possible solutions to these problems. ============================================ CIS 558 Week 6 Assignment 2 Software Engineering, CMMI, and ITIL (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers Realizing that an organization’s CMMI level impacts an organization’ s success on requests for proposals (RFPs), your CIO wants to get the software development processes to CMMI level 3. Your organization has started developing software applications and database systems for their customers. The CIO wants to ensure that the software development and database development processes are being properly managed and audited, and he wants to ensure that the organization begins taking the necessary steps to progress to CMMI level 3. In preparation for your response,
review the CMMI information available at the Carnegie Mellon Website. IT managers will commonly manage software development and systems integration activities. Write a 3 page paper in which you: Describe the software engineering process, the challenges in managing software development activities, and the potential interface issues from the software development perspective. Analyze the CMMI levels and define a roadmap that the organization will ned to follow in order to get their software development processes to CMMI level three. Note: This is important because the CMMI level that an organization achieves impacts their software development reputation. Explain the auditing tasks that must be performed in order to achieve level 3. Determine the continuous assurance auditing activities that the organization will need to implement to help achieve CMMI level three. Analyze the ITIL service management guidelines and principles. Examine how ITIL service management practices relate to CMMI levels and continuous service auditing. Use at least four (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. ============================================ CIS 558 Week 6 Discussion Audit Project Control
For more course tutorials visit www.newtonhelp.com “Audit Project Control” Please respond to the following: Compare and contrast an IT Audit project with other projects which might be found in an IT department. Describe two (2) challenges that are unique to IT Audit projects. Suggest an approach to mitigate each challenge you selected. Based on the challenges identified, describe the controls that the project manager would need to implement in order to overcome potential project control issues. ============================================ CIS 558 Week 7 Case Study 2 HIPAA and IT Audits (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers
Case Study 2: HIPAA and IT Audits Due Week 7 and worth 75 points Imagine you are a CIO at a medium-sized hospital, and you have been asked by the CEO to provide a case analysis report that will be provided to the senior leadership in the organization. They are concerned about the HIPAA Security and Privacy Rules and its impact on the organization. Unfamiliar with the details of HIPAA, you begin looking at the information provided by the Department of Health and Human Services. Specifically, you are asked to provide an analysis on the summary of the cases. Section 1. Written Paper Many organizations have been fined significant amounts for non-compliance with HIPAA. To help ensure that your organization remains in compliance with HIPAA regulations you have been asked to write a three (3) page paper in which you: 1a. Create an overview of the HIPAA Security Rule and Privacy Rule. Include an explanation of the resolution process when a case is reported. 1b. Analyze the major types of incidents and breaches that occur based on the cases reported. 1c. Analyze the technical controls and the non-technical controls that are needed to mitigate the identified risks and vulnerabilities. 1d. Analyze and describe the network architecture that is
needed within an organization, including a medium-sized hospital, in order to be compliant with HIPAA regulations. 1e. Analyze how a medium-sized hospital is similar to and different from other non-medical organizations in regards to HIPAA compliance. 1f. List the IT audit steps that need to be included in the organization’s overall IT audit plan to ensure compliance with HIPAA rules and regulations. 1g. Use at least four (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Section 2. Network Architecture 2a. Create a network architecture diagram (using Visio or an open-source equivalent to Visio for creating diagrams), based on the description of the network architecture that you defined above for the organization to be compliant with HIPAA regulations. 2b. Include in the diagram the switches, routers, firewalls, IDS/IPS, and any other devices needed for a compliant network architecture. ============================================
CIS 558 Week 7 Discussion Identity and Access Management For more course tutorials visit www.newtonhelp.com “Identity and Access Management” Please respond to the following: Analyze the identity and access management approach that organizations need to implement to effectively control access to their systems. Explain how the identity and access management approach would be influenced by the type of organization and its size. For a small- to medium-sized business concerned about IT budget, determine the identity and access management practices you would recommend. In contrast, for a large organization that is extremely concerned about protecting corporate information assets, determine the identity and access management practices you would recommend. Provide a rationale for your responses. ============================================ CIS 558 Week 8 Discussion Effective Disaster Recovery Plans
For more course tutorials visit www.newtonhelp.com “Effective Disaster Recovery Plans” Please respond to the following: Disaster recovery planning is essential for a business to survive when unexpected events impact daily operations. Determine the areas of disaster recovery planning and preparedness you believe organizations are often lacking. Provide a rationale for your response. Analyze and describe the key controls, especially non- technical controls, which would ensure a business is prepared for a disaster. Elaborate on the impact that a disaster might have on the auditing process. ============================================ CIS 558 Week 9 Discussion Change and Patch management For more course tutorials visit www.newtonhelp.com
CIS 558 Week 9 Discussion “Change and Patch management” Analyze it change management and patch management processes needed within organization identify 3 challenges organizations face when implementing change and patch management processes for the first time, make suggestions to address these challenges ============================================ CIS 558 Week 10 Discussion Quality Assurance and Auditing Standards For more course tutorials visit www.newtonhelp.com “Quality Assurance and Auditing Standards” Please respond to the following: Describe the actions an organization needs to execute in order to improve their quality assurance and auditing processes within the organization.
Create a list of at least five (5) auditing best practices for organizations to follow when implementing their quality assurance auditing programs. Select the auditing best practices you feel are most difficult to implement and offer means of addressing them. ============================================= CIS 558 Week 10 Term Paper Managing an IT Infrastructure Audit (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Term Papers Term Paper: Managing an IT Infrastructure Audit This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan. You must submit all four (4) sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is
written for. Additionally, you may create and /or assume all necessary assumptions needed for the completion of this assignment. Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits. In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics: • They have a main office and 268 stores in the U.S. • They utilize a cloud computing environment for storage and applications. • Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012. • They have over 1000 desktops and approximately 500 organization-owned laptops in the main headquarters. • They allow employees to bring their own devices into the organization; however, they are subject to being searched upon entry and exit from the building.
• They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners. • They enable wireless access at the main office and the stores. • They process an average of 67.2 credit card transactions per hour every day at each location and via their corporate Website. • Section 1: Internal IT Audit Policy Write a three to four (3-4) page paper in which you: 1. Develop an Internal IT Audit Policy, which includes at a minimum: 2. Overview b. Scope c. Goals and objectives d. Compliance with applicable laws and regulations e. Management oversight and responsibility f. Areas covered in the IT audits g. Frequency of the audits h. Use at least two (2) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Section 2: Management Plan Write a four to six (4-6) page paper in which you: 2. Explain the management plan for conducting IT audits, including: 3. Risk management b. System Software and Applications
c. Wireless Networking d. Cloud Computing e. Virtualization f. Cybersecurity and Privacy g. BCP and DRP h. Network Security i. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Section 3: Project Plan Use Microsoft Project or an Open Source alternative, such as Open Project to: 3. Develop a project plan which includes the applicable tasks for each of the major areas listed below for each element of the IT audit mentioned above; plan for the audit to be a two (2) week audit. 4. Risk management b. System software and applications c. Wireless networking d. Cloud computing e. Virtualization f. Cybersecurity and privacy g. Network security Section 4: Disaster Recovery Plan Write a five to seven (5-7) page paper in which you: 4. Develop a disaster recovery plan (DRP) for recovering from a major incident or disaster affecting the organization.
5. The organization must have no data loss. b. The organization must have immediate access to organizational data in the event of a disaster. c. The organization must have critical systems operational within 48 hours. d. Include within the DRP the audit activities needed to ensure that the organization has an effective DRP and will be able to meet the requirements stated above. e. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. • ============================================== CIS 558 Week 11 Discussion Course Conclusion and Summary
For more course tutorials visit www.newtonhelp.com Course Conclusion and Summary” Please respond to the following: You have just completed 10 weeks of an information technology audit and control course. Imagine you have been asked to create a one (1) day training course highlighting the important elements of what you have just learned in the past ten weeks. Create a hierarchy of five (no more or no less) of the most important topics that you feel need to be addressed in this one (1) day course that best fits the course title of “Information Technology Audit and Control: The Essentials Presented in One Day.” Give a detailed rationale for each of the five (5) topics. Using 140 characters or less (the length of a Tweet), summarize the importance of this class to someone unfamiliar with th ==============================================
CIS 558 Imagine Your Future/newtonhelp.com   

More Related Content

DOCX
Cis 558 Extraordinary Success/newtonhelp.com
amaranthbeg152
 
DOCX
CIS 558 Inspiring Innovation/tutorialrank.com
jonhson114
 
DOCX
CIS 558 RANK Introduction Education--cis558rank.com
claric266
 
PDF
CIS 558 RANK Education Counseling--cis558rank.com
williamwordsworth36
 
DOCX
CIS 558 RANK Lessons in Excellence--cis558rank.com
RoelofMerwe143
 
PDF
CIS 558 RANK Education Planning--cis558rank.com
Shivendrasing2
 
DOCX
CIS 558 RANK Inspiring Innovation--cis558rank.com
KeatonJennings93
 
DOCX
CIS 558 RANK Redefined Education--cis558rank.com
claric196
 
Cis 558 Extraordinary Success/newtonhelp.com
amaranthbeg152
 
CIS 558 Inspiring Innovation/tutorialrank.com
jonhson114
 
CIS 558 RANK Introduction Education--cis558rank.com
claric266
 
CIS 558 RANK Education Counseling--cis558rank.com
williamwordsworth36
 
CIS 558 RANK Lessons in Excellence--cis558rank.com
RoelofMerwe143
 
CIS 558 RANK Education Planning--cis558rank.com
Shivendrasing2
 
CIS 558 RANK Inspiring Innovation--cis558rank.com
KeatonJennings93
 
CIS 558 RANK Redefined Education--cis558rank.com
claric196
 

What's hot (17)

DOCX
CIS 558 RANK Achievement Education--cis558rank.com
claric157
 
PDF
CIS 558 Effective Communication - tutorialrank.com
Bartholomew22
 
DOCX
CIS 558 Enhance teaching / snaptutorial.com
donaldzs56
 
DOC
Cis 558 Exceptional Education-snaptutorial.com
robertleses9
 
DOC
Cis 558 Education Specialist-snaptutorial.com
robertlesew96
 
DOCX
CMGT 442 Education Organization / snaptutorial.com
McdonaldRyan42
 
PDF
CIS 599 Education guide/Tutorialrank.com
nummaju
 
DOC
CIS 348 Imagine Your Future/newtonhelp.com   
bellflower46
 
PDF
CIS 348 Life of the Mind/newtonhelp.com   
bellflower3
 
DOC
Cis 498 Enhance teaching / snaptutorial.com
Baileyabr
 
DOC
CMGT 442 Imagine Your Future/newtonhelp.com   
bellflower65
 
DOCX
CIS 348 Inspiring Innovation/tutorialrank.com
jonhson111
 
DOCX
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
KeatonJennings98
 
PDF
Cis 498 Education Organization-snaptutorial.com
robertlesew2
 
DOCX
CIS 498 Effective Communication - snaptutorial.com
donaldzs1
 
PDF
Cis 498 Believe Possibilities / snaptutorial.com
Davis5a
 
DOCX
Cis 498 Exceptional Education - snaptutorial.com
DavisMurphyA87
 
CIS 558 RANK Achievement Education--cis558rank.com
claric157
 
CIS 558 Effective Communication - tutorialrank.com
Bartholomew22
 
CIS 558 Enhance teaching / snaptutorial.com
donaldzs56
 
Cis 558 Exceptional Education-snaptutorial.com
robertleses9
 
Cis 558 Education Specialist-snaptutorial.com
robertlesew96
 
CMGT 442 Education Organization / snaptutorial.com
McdonaldRyan42
 
CIS 599 Education guide/Tutorialrank.com
nummaju
 
CIS 348 Imagine Your Future/newtonhelp.com   
bellflower46
 
CIS 348 Life of the Mind/newtonhelp.com   
bellflower3
 
Cis 498 Enhance teaching / snaptutorial.com
Baileyabr
 
CMGT 442 Imagine Your Future/newtonhelp.com   
bellflower65
 
CIS 348 Inspiring Innovation/tutorialrank.com
jonhson111
 
CMGT 582 STUDY Inspiring Innovation--cmgt582study.com
KeatonJennings98
 
Cis 498 Education Organization-snaptutorial.com
robertlesew2
 
CIS 498 Effective Communication - snaptutorial.com
donaldzs1
 
Cis 498 Believe Possibilities / snaptutorial.com
Davis5a
 
Cis 498 Exceptional Education - snaptutorial.com
DavisMurphyA87
 
Ad

Similar to CIS 558 Imagine Your Future/newtonhelp.com    (20)

DOCX
CIS 558 Entire Course NEW
shyamuopuop
 
PDF
Cis 558 Effective Communication-snaptutorial.com
jhonklinz11
 
DOCX
CIS 558 RANK Remember Education--cis558rank.com
Jaseetha10
 
DOCX
CIS 558 Success Begins / snaptutorial.com
Robinson075
 
DOCX
Cis 558 Technology levels--snaptutorial.com
sholingarjosh63
 
DOCX
Cis 558 Enthusiastic Study / snaptutorial.com
Stephenson06
 
DOCX
CIS 558 Education Organization / snaptutorial.com
McdonaldRyan39
 
PPTX
CIS 558 RANK Education for Service--cis558rank.com
karthik10040
 
DOCX
Cis 599 Extraordinary Success/newtonhelp.com
amaranthbeg153
 
DOC
Strayer cis 558 week 3 assignment 1 erm roadmap
ElijahEthaan
 
DOC
Strayer cis 558 week 3 assignment 1 erm roadmap
vindaniel123
 
DOC
Strayer cis 558 week 3 assignment 1 erm roadmap
shyaminfotech
 
DOC
Strayer cis 558 week 3 assignment 1 erm roadmap
shyaminfopvtltd
 
DOC
CIS 599 Focus Dreams/newtonhelp.com
bellflower91
 
DOC
CIS 599 Life of the Mind/newtonhelp.com   
bellflower10
 
DOC
CIS 599 Imagine Your Future/newtonhelp.com   
bellflower51
 
DOCX
Cmgt 582 Effective Communication / snaptutorial.com
HarrisGeorg12
 
DOC
Cyb 610 Inspiring Innovation--tutorialrank.com
PrescottLunt386
 
DOCX
Cmgt 582 Education Specialist -snaptutorial.com
DavisMurphyC37
 
DOC
Cyb 610 Your world/newtonhelp.com
amaranthbeg95
 
CIS 558 Entire Course NEW
shyamuopuop
 
Cis 558 Effective Communication-snaptutorial.com
jhonklinz11
 
CIS 558 RANK Remember Education--cis558rank.com
Jaseetha10
 
CIS 558 Success Begins / snaptutorial.com
Robinson075
 
Cis 558 Technology levels--snaptutorial.com
sholingarjosh63
 
Cis 558 Enthusiastic Study / snaptutorial.com
Stephenson06
 
CIS 558 Education Organization / snaptutorial.com
McdonaldRyan39
 
CIS 558 RANK Education for Service--cis558rank.com
karthik10040
 
Cis 599 Extraordinary Success/newtonhelp.com
amaranthbeg153
 
Strayer cis 558 week 3 assignment 1 erm roadmap
ElijahEthaan
 
Strayer cis 558 week 3 assignment 1 erm roadmap
vindaniel123
 
Strayer cis 558 week 3 assignment 1 erm roadmap
shyaminfotech
 
Strayer cis 558 week 3 assignment 1 erm roadmap
shyaminfopvtltd
 
CIS 599 Focus Dreams/newtonhelp.com
bellflower91
 
CIS 599 Life of the Mind/newtonhelp.com   
bellflower10
 
CIS 599 Imagine Your Future/newtonhelp.com   
bellflower51
 
Cmgt 582 Effective Communication / snaptutorial.com
HarrisGeorg12
 
Cyb 610 Inspiring Innovation--tutorialrank.com
PrescottLunt386
 
Cmgt 582 Education Specialist -snaptutorial.com
DavisMurphyC37
 
Cyb 610 Your world/newtonhelp.com
amaranthbeg95
 
Ad

Recently uploaded (20)

PDF
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
PPTX
Chinmaya Tiranga Azadi Quiz (Class 7-8 )
Nitin Suresh
 
PPTX
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
PPTX
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
PPTX
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
PDF
SOIL: Factor, Horizon, Process, Classification, Degradation, Conservation
Sipra Biswas
 
PDF
advance database management system book.pdf
hinamannan364
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PPTX
History, Philosophy and sociology of education (1).pptx
tmdth1
 
PDF
LNK 2025 (2).pdf MWEHEHEHEHEHEHEHEHEHEHE
NielDestora
 
PPTX
Digestion and Absorption of Carbohydrates, Proteina and Fats
rekhapositivity
 
PPTX
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
PPTX
Radiologic_Anatomy_of_the_Brachial_plexus [final].pptx
atiaruhi95
 
PDF
What if we spent less time fighting change, and more time building what’s rig...
Derek Wenmoth
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PDF
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
Chinmaya Tiranga Azadi Quiz (Class 7-8 )
Nitin Suresh
 
CHAPTER IV. MAN AND BIOSPHERE AND ITS TOTALITY.pptx
greciamaycalambro
 
Orientation - ARALprogram of Deped to the Parents.pptx
JeromeTamayoSantiago1
 
Onco Emergencies - Spinal cord compression Superior vena cava syndrome Febr...
Medpopz
 
SOIL: Factor, Horizon, Process, Classification, Degradation, Conservation
Sipra Biswas
 
advance database management system book.pdf
hinamannan364
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
Hazard Identification & Risk Assessment .pdf
estagiarioprotegesms
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
History, Philosophy and sociology of education (1).pptx
tmdth1
 
LNK 2025 (2).pdf MWEHEHEHEHEHEHEHEHEHEHE
NielDestora
 
Digestion and Absorption of Carbohydrates, Proteina and Fats
rekhapositivity
 
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
Radiologic_Anatomy_of_the_Brachial_plexus [final].pptx
atiaruhi95
 
What if we spent less time fighting change, and more time building what’s rig...
Derek Wenmoth
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
Trump Administration's workforce development strategy
Mebane Rash
 
GENETICS IN BIOLOGY IN SECONDARY LEVEL FORM 3
ElishamichaelSamwel
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 

CIS 558 Imagine Your Future/newtonhelp.com   

  • 1. CIS 558 Week 1 Discussion COBIT Planning For more course tutorials visit www.newtonhelp.com “COBIT Planning” Please respond to the following: Describe how organizations establish the five (5) COBIT IT governance focus areas: strategic alignment, value delivery, risk management, resource management, and performance management Suppose senior management has tasked you with the planning of the COBIT compliance project. In terms of the COBIT framework, predict which key areas are likely to be problematic to implement. Suggest at least two (2) possible solutions to these problematic areas. ============================================ CIS 558 Week 1-11 All DQs For more course tutorials visit www.newtonhelp.com CIS 558 Week 1 Discussion COBIT Planning
  • 2. CIS 558 Week 2 Discussion Question Developing an ERM plan CIS 558 Week 3 Discussion Mitigating Wireless Risk CIS 558 Week 4 Discussion Obstacles to CMMI Development CIS 558 Week 5 Discussion Automated Auditing CIS 558 Week 6 Discussion Audit Project Control” CIS 558 Week 7 Discussion Identity and Access Management CIS 558 Week 8 Discussion Effective Disaster Recovery Plans CIS 558 Week 9 Discussion Change and Patch management CIS 558 Week 10 Discussion Quality Assurance and Auditing Standards CIS 558 Week 11 Discussion Course Conclusion and Summary ============================================ CIS 558 Week 2 Discussion Question Developing an ERM plan For more course tutorials visit www.newtonhelp.com
  • 3. “Developing an ERM plan” Please respond to the following: From a management perspective, decide which key policies and procedures one should consider as the starting point when developing an ERM plan for an organization. Defend your position. Provide a list of essential personnel whom you believe should be involved in creating and maintaining an ERM plan for an organization. Describe the role of each person. Suggest a timeline for establishing an ERM plan, giving your opinion on how frequently the plan should be reviewed. ============================================ CIS 558 Week 3 Assignment 1 ERM Roadmap (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 558 Week 3 Assignment 1 ERM Roadmap Week 3 Assignment 1
  • 4. Students, please view the "Submit a Clickable Rubric Assignment" in the Student Center. Instructors, training on how to grade is within the Instructor Center. Assignment 1: ERM Roadmap Due Week 3 and worth 125 points The following material may be useful for the completion of this assignment. You may refer to the documents titled “Embracing Enterprise Risk Management: Practical Approaches for Getting Started” and “Developing Key Risk Indicators to Strengthen Enterprise Risk Management”, located at http://www.coso.org/-ERM.htm. Imagine you are an Information Technology Manager employed by a business that needs you to develop a plan for an effective Enterprise Risk Management (ERM) program. In the past, ERM has not been a priority for the organization. Failed corporate security audits, data breaches, and recent news stories have convinced the Board of Directors that they must address these weaknesses. As a result, the CEO has tasked you to create a brief overview of ERM and provide recommendations for establishing an effective ERM program that will be used as a basis to address this area moving forward. Write a three to four (3-4) page paper in which you: 1. Summarize the COSO Risk Management Framework and COSO’s ERM process. 2. Recommend to management the approach that they need to take to implement an effective ERM program.
  • 5. Include the issues and organizational impact they might encounter if they do not implement an effective ERM program. 3. Analyze the methods for establishing key risk indicators (KRIs). 4. Suggest the approach that the organization needs to take in order to link the KRIs with the organization’s strategic initiatives. 5. Use at least three (3) quality resources in this assignment (in addition to and that support the documents from the COSO Website referenced in this assignment). Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: · Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. · Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are: · Describe the COSO enterprise risk management framework.
  • 6. · Describe the process of performing effective information technology audits and general controls. · Use technology and information resources to research issues in information technology audit and control. · Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions. ============================================ CIS 558 Week 3 Discussion Mitigating Wireless Risk For more course tutorials visit www.newtonhelp.com “Mitigating Wireless Risk” Please respond to the following: Suggest two (2) of the risks and two (2) of the benefits associated with the implementation of wireless networks. For each of the risks, provide key suggestions for mitigating or eliminating those risks from an auditor’s perspective. Suggest key methods for measuring the effectiveness of your solutions. ============================================
  • 7. CIS 558 Week 4 Case Study 1 Mitigating Cloud Computing Risks (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers Week 4 Case Study 1 Students, please view the "Submit a Clickable Rubric Assignment" in the Student Center. Instructors, training on how to grade is within the Instructor Center. Case Study 1: Mitigating Cloud Computing Risks Due Week 4 and worth 125 points Imagine you are an Information Security Manager in a medium-sized organization. Your CIO has asked you to prepare a case analysis report and presentation on establishing internal controls in cloud computing. The CIO has seen several resources online which discuss the security risks related to Cloud based computing and storage. One that stood out was located at http://www.isaca.org/Journal/Past-Issues/2011/Volume- 4/Pages/Cloud-Computing-Risk-Assessment-A-Case- Study.aspx. You are being asked to summarize the information you can find on the Internet and other sources
  • 8. that are available. Moving forward, the CIO wants to have a firm grasp of the benefits and risks associated with public, private, and hybrid cloud usage. There is also concern over how these systems, if they were in place, should be monitored to ensure not only proper usage, but also that none of these systems or their data have been compromised. Write a three to four (3-4) page paper in which you: 1. Provide a summary analysis of the most recent research that is available in this area. 2. Examine the risks and vulnerabilities associated with public clouds, private clouds, and hybrids. Include primary examples applicable from the case studies you previously reviewed. 3. Suggest key controls that organizations could implement to mitigate these risks and vulnerabilities. 4. Develop a list of IT audit tasks that address a cloud computing environment based on the results from the analysis of the case studies, the risks and vulnerabilities, and the mitigation controls. 5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: · Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • 9. · Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are: · Describe the process of performing effective information technology audits and general controls. · Describe the various general controls and audit approaches for software and architecture to include operating systems, telecommunication networks, cloud computing, service-oriented architecture and virtualization. · Use technology and information resources to research issues in information technology audit and control. · Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions ============================================ CIS 558 Week 4 Discussion Obstacles to CMMI Development For more course tutorials visit www.newtonhelp.com
  • 10. “Obstacles to CMMI Development” Please respond to the following: Elaborate on three (3) of the obstacles that must be overcome as a business moves up the CMMI model. Suggest key methods for overcoming the obstacles you have identified. Describe the measurable benefits of progressing up the CMMI model. From an auditing perspective, determine the manner in which these benefits might be observed. ============================================ CIS 558 Week 5 Discussion Automated Auditing For more course tutorials visit www.newtonhelp.com “Automated Auditing” Please respond to the following: CAATTs can be helpful when dealing with immense amounts of data. However, developing a CAATT system can
  • 11. be time consuming. Argue for or against the use of CAATT systems. Identify the key elements of building an effective CAATT system. Elaborate on two (2) challenges faced when designing an effective CAATT system, and suggest possible solutions to these problems. ============================================ CIS 558 Week 6 Assignment 2 Software Engineering, CMMI, and ITIL (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers Realizing that an organization’s CMMI level impacts an organization’ s success on requests for proposals (RFPs), your CIO wants to get the software development processes to CMMI level 3. Your organization has started developing software applications and database systems for their customers. The CIO wants to ensure that the software development and database development processes are being properly managed and audited, and he wants to ensure that the organization begins taking the necessary steps to progress to CMMI level 3. In preparation for your response,
  • 12. review the CMMI information available at the Carnegie Mellon Website. IT managers will commonly manage software development and systems integration activities. Write a 3 page paper in which you: Describe the software engineering process, the challenges in managing software development activities, and the potential interface issues from the software development perspective. Analyze the CMMI levels and define a roadmap that the organization will ned to follow in order to get their software development processes to CMMI level three. Note: This is important because the CMMI level that an organization achieves impacts their software development reputation. Explain the auditing tasks that must be performed in order to achieve level 3. Determine the continuous assurance auditing activities that the organization will need to implement to help achieve CMMI level three. Analyze the ITIL service management guidelines and principles. Examine how ITIL service management practices relate to CMMI levels and continuous service auditing. Use at least four (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. ============================================ CIS 558 Week 6 Discussion Audit Project Control
  • 13. For more course tutorials visit www.newtonhelp.com “Audit Project Control” Please respond to the following: Compare and contrast an IT Audit project with other projects which might be found in an IT department. Describe two (2) challenges that are unique to IT Audit projects. Suggest an approach to mitigate each challenge you selected. Based on the challenges identified, describe the controls that the project manager would need to implement in order to overcome potential project control issues. ============================================ CIS 558 Week 7 Case Study 2 HIPAA and IT Audits (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers
  • 14. Case Study 2: HIPAA and IT Audits Due Week 7 and worth 75 points Imagine you are a CIO at a medium-sized hospital, and you have been asked by the CEO to provide a case analysis report that will be provided to the senior leadership in the organization. They are concerned about the HIPAA Security and Privacy Rules and its impact on the organization. Unfamiliar with the details of HIPAA, you begin looking at the information provided by the Department of Health and Human Services. Specifically, you are asked to provide an analysis on the summary of the cases. Section 1. Written Paper Many organizations have been fined significant amounts for non-compliance with HIPAA. To help ensure that your organization remains in compliance with HIPAA regulations you have been asked to write a three (3) page paper in which you: 1a. Create an overview of the HIPAA Security Rule and Privacy Rule. Include an explanation of the resolution process when a case is reported. 1b. Analyze the major types of incidents and breaches that occur based on the cases reported. 1c. Analyze the technical controls and the non-technical controls that are needed to mitigate the identified risks and vulnerabilities. 1d. Analyze and describe the network architecture that is
  • 15. needed within an organization, including a medium-sized hospital, in order to be compliant with HIPAA regulations. 1e. Analyze how a medium-sized hospital is similar to and different from other non-medical organizations in regards to HIPAA compliance. 1f. List the IT audit steps that need to be included in the organization’s overall IT audit plan to ensure compliance with HIPAA rules and regulations. 1g. Use at least four (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Section 2. Network Architecture 2a. Create a network architecture diagram (using Visio or an open-source equivalent to Visio for creating diagrams), based on the description of the network architecture that you defined above for the organization to be compliant with HIPAA regulations. 2b. Include in the diagram the switches, routers, firewalls, IDS/IPS, and any other devices needed for a compliant network architecture. ============================================
  • 16. CIS 558 Week 7 Discussion Identity and Access Management For more course tutorials visit www.newtonhelp.com “Identity and Access Management” Please respond to the following: Analyze the identity and access management approach that organizations need to implement to effectively control access to their systems. Explain how the identity and access management approach would be influenced by the type of organization and its size. For a small- to medium-sized business concerned about IT budget, determine the identity and access management practices you would recommend. In contrast, for a large organization that is extremely concerned about protecting corporate information assets, determine the identity and access management practices you would recommend. Provide a rationale for your responses. ============================================ CIS 558 Week 8 Discussion Effective Disaster Recovery Plans
  • 17. For more course tutorials visit www.newtonhelp.com “Effective Disaster Recovery Plans” Please respond to the following: Disaster recovery planning is essential for a business to survive when unexpected events impact daily operations. Determine the areas of disaster recovery planning and preparedness you believe organizations are often lacking. Provide a rationale for your response. Analyze and describe the key controls, especially non- technical controls, which would ensure a business is prepared for a disaster. Elaborate on the impact that a disaster might have on the auditing process. ============================================ CIS 558 Week 9 Discussion Change and Patch management For more course tutorials visit www.newtonhelp.com
  • 18. CIS 558 Week 9 Discussion “Change and Patch management” Analyze it change management and patch management processes needed within organization identify 3 challenges organizations face when implementing change and patch management processes for the first time, make suggestions to address these challenges ============================================ CIS 558 Week 10 Discussion Quality Assurance and Auditing Standards For more course tutorials visit www.newtonhelp.com “Quality Assurance and Auditing Standards” Please respond to the following: Describe the actions an organization needs to execute in order to improve their quality assurance and auditing processes within the organization.
  • 19. Create a list of at least five (5) auditing best practices for organizations to follow when implementing their quality assurance auditing programs. Select the auditing best practices you feel are most difficult to implement and offer means of addressing them. ============================================= CIS 558 Week 10 Term Paper Managing an IT Infrastructure Audit (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Term Papers Term Paper: Managing an IT Infrastructure Audit This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan. You must submit all four (4) sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is
  • 20. written for. Additionally, you may create and /or assume all necessary assumptions needed for the completion of this assignment. Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits. In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics: • They have a main office and 268 stores in the U.S. • They utilize a cloud computing environment for storage and applications. • Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012. • They have over 1000 desktops and approximately 500 organization-owned laptops in the main headquarters. • They allow employees to bring their own devices into the organization; however, they are subject to being searched upon entry and exit from the building.
  • 21. • They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners. • They enable wireless access at the main office and the stores. • They process an average of 67.2 credit card transactions per hour every day at each location and via their corporate Website. • Section 1: Internal IT Audit Policy Write a three to four (3-4) page paper in which you: 1. Develop an Internal IT Audit Policy, which includes at a minimum: 2. Overview b. Scope c. Goals and objectives d. Compliance with applicable laws and regulations e. Management oversight and responsibility f. Areas covered in the IT audits g. Frequency of the audits h. Use at least two (2) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Section 2: Management Plan Write a four to six (4-6) page paper in which you: 2. Explain the management plan for conducting IT audits, including: 3. Risk management b. System Software and Applications
  • 22. c. Wireless Networking d. Cloud Computing e. Virtualization f. Cybersecurity and Privacy g. BCP and DRP h. Network Security i. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Section 3: Project Plan Use Microsoft Project or an Open Source alternative, such as Open Project to: 3. Develop a project plan which includes the applicable tasks for each of the major areas listed below for each element of the IT audit mentioned above; plan for the audit to be a two (2) week audit. 4. Risk management b. System software and applications c. Wireless networking d. Cloud computing e. Virtualization f. Cybersecurity and privacy g. Network security Section 4: Disaster Recovery Plan Write a five to seven (5-7) page paper in which you: 4. Develop a disaster recovery plan (DRP) for recovering from a major incident or disaster affecting the organization.
  • 23. 5. The organization must have no data loss. b. The organization must have immediate access to organizational data in the event of a disaster. c. The organization must have critical systems operational within 48 hours. d. Include within the DRP the audit activities needed to ensure that the organization has an effective DRP and will be able to meet the requirements stated above. e. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. • ============================================== CIS 558 Week 11 Discussion Course Conclusion and Summary
  • 24. For more course tutorials visit www.newtonhelp.com Course Conclusion and Summary” Please respond to the following: You have just completed 10 weeks of an information technology audit and control course. Imagine you have been asked to create a one (1) day training course highlighting the important elements of what you have just learned in the past ten weeks. Create a hierarchy of five (no more or no less) of the most important topics that you feel need to be addressed in this one (1) day course that best fits the course title of “Information Technology Audit and Control: The Essentials Presented in One Day.” Give a detailed rationale for each of the five (5) topics. Using 140 characters or less (the length of a Tweet), summarize the importance of this class to someone unfamiliar with th ==============================================