CMGT 582 Assignment Audit of the HR Department

FOR MORE CLASSES VISIT

www.cmgt582study.com

You are part of a team has been selected by the Chief Information
Officer (CIO) to perform an audit of the HR Department.

Create a 10- to 12-slide presentation (not including the title and

reference slides) that examines the specific audit steps that should be
performed to evaluate the following areas:

Handling of ethical issues, including security-related

legal/regulatory compliance (non-privacy related), intellectual property
and licensing

Compliance with privacy related laws and regulations

Adequacy of security policies and security awareness training

Identification of security related risks/threats

Include a minimum of two audit steps for each of the areas listed above.
The audit steps should follow the following format:

Area: From the list above

Example: Security related risks/threats

Potential Risk to be Reviewed: Describe the risk

Example: Viruses and malware can negatively impact the

confidentiality, integrity, and availability of organizational data
 Evaluation of Tools and Methods: Describe the control objective
and the specific controls you will evaluate to determine potential risk is
mitigated. Please note that typically, there will be more than one control
that should be reviewed for a potential risk.

Example: Determine whether anti-virus software is in use

Example: Determine whether virus signatures are periodically

updated

Example: Determine whether periodic virus scans are performed

Criteria/Measures to be Used: Describe the criteria/measures that

you will use to evaluate the adequacy of each area/review step that you
review (i.e., what criteria will you use to perform your evaluation/how
will you determine that the risk has been mitigated to an acceptable
level).

Example: 100% of servers and PCs have virus software installed

Example: 100% of the virus software installed is set to

automatically update, including virus signatures.

Example: 100% of the virus software installed is set to

automatically perform a scan at least weekly

Your grade on the assignment will be based on how well you address:

The identification of potential ethical, legal/regulatory, privacy,

and security related issues (20%)

The evaluation of the tools and methods used to mitigate any

ethical, legal/regulatory, and privacy related issues identified, as well as
the tools and methods used to perform the review steps (20%)
 The evaluation of the tools and methods used to mitigate any
security-related issues identified, as well as the tools and methods used
to perform the review steps (25%)

Criteria/measures that you will use to evaluate the adequacy of

each area/review step that you review (i.e., how will you determine that
the risk has been mitigated to an acceptable level) (20%)

Quality of written communication

Use of APA format/style

Include a 1/2- to 1-page executive summary and support your

presentation with appropriate references.

---------------------------------------------------------------------------------

CMGT 582 Week 1 Individual Assignment Getting Involved

FOR MORE CLASSES VISIT
www.cmgt582study.com

Assignment Preparation: Activities include watching the SkillSoft

videos, completing the SkillSoft course, independent student reading,
and research.

Watch the "Fostering Collective Responsibility for IT Risk" video.

Watch the "Balancing Security with User Convenience" video.

Complete "Introduction to Information Security Governance" topic of

the Skillsoft course "CISM 2012: Information Security Governance
(Part 1)."
Assignment: Situation: You have just joined an organization that
depends on the use of the web to perform most of its major tasks. You
have noticed that information security is mostly ignored by those
performing the work tasks and it is not a priority with management or
executive leadership.

Write a 1- to 2-page memo to the Chief Executive Officer (CEO) that is

designed to increase the priority of information security. Include a
convincing argument of why the survival of the organization may
depend on information security. Include these topics:

Confidentiality, integrity, and availability

Authenticity

Accountability

Threats from malicious software

Security challenges of cloud computing

Cyberterrorism and information warfare

---------------------------------------------------------------------------------

CMGT 582 Week 2 Individual Assignment Security Within

My Organization
FOR MORE CLASSES VISIT
www.cmgt582study.com

Assignment Preparation: Activities include watching the SkillSoft

videos, completing the SkillSoft course, independent student reading,
and research.
Watch the "Technology and the Impact on Business and the
Environment" Skillsoft video.

Complete "Defining law and ethics" point of topic "The Relationship

Between Law and Ethics" of the Skillsoft course "Business Law and
Ethics."

Complete "Recognize the Effect of Laws and Regulations on Audit

Planning," point of topic "Management of an IS Audit Function," of the
lesson "Information Systems and the IS Audit Function" of the
Skillsoft course "CISA Domain: The Process of Auditing Information
Systems - Part 1."

Write a 3- to 4-page analysis of ethical considerations for maintaining

confidentiality and customer data.

Address the following issues in your analysis:

Define ethics.

Apply ethics to information systems.

Discuss the constituent parts IT/IS professional ethics.

Connect or relate the discussed constituent parts into an overall structure

that may relate to an IT/IS code of conduct or ethics.

Discuss the rules produced by the Ad Hoc Committee on Responsible

Computing.

Describe the privacy regulations or laws related to the identified ethical

issues

---------------------------------------------------------------------------------

CMGT 582 Week 3 Assignment Privacy with Ethics

Considerations
 FOR MORE CLASSES VISIT
www.cmgt582study.com

Create a 10- to 12-slide presentation evaluating the three areas of

privacy issues specific to FERPA, HIPAA, and EEA. Develop scenarios
in all of the three areas that you feel are most important to the recipients
protected by these laws and the methodology used in each.

Include how each of these laws affects the requirements of companies or

colleges and how each manages their security strategy to enforce
compliance.

Compare the effectiveness of each industry's efforts to ensure privacy

issues are addressed and protected.

Address and comment on the following issues in your analysis:

Define privacy in the three areas

Apply privacy and privacy protection to Information Systems

Repercussions to the companies protected by the three laws

Differences in the protection methodologies used by the 3

industries represented by these laws

Differences in security strategies used by the three industries

Describe how these three laws can change a company's security

policies and mitigation plans

Explain why public corporations have the same privacy issues (for
intellectual property) as people do (for personal information)
 Conclude your assignment with ideas regarding how each law can
be improved

Include detailed speakers notes within your presentation.

---------------------------------------------------------------------------------

CMGT 582 Week 3 Individual Assignment Risk Assessment

FOR MORE CLASSES VISIT
www.cmgt582study.com

Assignment Preparation: Activities include watching the SkillSoft

videos, completing the SkillSoft course, independent student reading,
and research.

Watch the "QuickTalks: David Bach: Nonmarket Strategy: The Next

Frontier of Competitive Advantage" Skillsoft video.

Complete the "Intrusion Prevention Technologies" topic of the lesson

"Understanding IPS Fundamentals" in the Skillsoft course "Cisco IINS
2.0: Implementing IPS."

Complete slides 1 to 3 of the "Risk Response Strategies" topic of the

Skillsoft lesson "Plan Risk Responses" of the course "Risk response
and Control (PMBOK Guide Fifth Edition)."

Prepare a 3- to 5-page risk assessment of your organization or an

organization with which you are familiar.

Include how the formula for risk can be applied to the organization.

Describe how risk assessment is related to security controls or

safeguards.
Include the following in your assessment that is part of Figure 14.3, Risk
Assessment Methodology, of the Stallings and Brown
textbookComputer Security (p. 478):

System characterization

Threat identification

Vulnerability identification

Control analysis

Likelihood determination

Impact analysis

Risk determination

---------------------------------------------------------------------------------

CMGT 582 Week 4 Individual Assignment Technologies and

Methodologies Evaluation
FOR MORE CLASSES VISIT
www.cmgt582study.com

Assignment Preparation: Activities include watching the SkillSoft

videos, completing the SkillSoft course, independent student reading,
and research.

Watch the "Creating an Actionable Risk Management Strategy"

SkillSoft video.
Complete the "Network Security Appliances and Methods" topic of the
Skillsoft course "CompTIA Network+ 2012: Network Security Part 3."

Complete the "Firewalls, IDS and Network Security Solutions" topic of

the Skillsoftcourse "CompTIA Network+ 2012: Network Security Part
3."

Consider information management risks to include cybercrime and

cyber-related crimes.

Write a 3- to 5-page evaluation of security technologies and

methodologies used to mitigate information management risks. An
evaluation is generally based on specific criteria and standards.

Include at least the following:

Firewalls

Intrusion prevention systems

Intrusion detection systems

Access control

Cryptographic tools and processes

---------------------------------------------------------------------------------

CMGT 582 Week 5 Assignment Mitigating Information

Management Risk
FOR MORE CLASSES VISIT
www.cmgt582study.com
Consider information security risks, including:

Cybercrime and cyber-related crimes

Social engineering

Mobile computing

BYOD (Bring your own device).

Write a 3 full page evaluation (not including the title and reference
pages) of security technologies and methodologies that can be used to
mitigate each of the above information security risks. Support your
paper with appropriate references and follow APA format.

Include the following for each type of risk:

Description of the risk

Security technologies and methodologies that can be used to mitigate

them

Rationale describing how the risks are mitigated to an acceptable level

Include a Turnitin report.

Submit your assignment and Turnitin report using the Assignment Files
tab.

---------------------------------------------------------------------------------

CMGT 582 Week 5 Individual Assignment Policy

Implementation Presentation
 FOR MORE CLASSES VISIT
www.cmgt582study.com

Assignment Preparation: Activities include watching the completing the

SkillSoftcourse, independent student reading, and research.

Complete the "Security Policy Documents and Life Cycle" topic of the
Skillsoft course "SSCP Domain: Security Operations and
Administration Part 1."

Complete the "Risk Management and Regulatory Compliance" topic of

the "Security Policies and Life-Cycle Approach" lesson of the Skillsoft
course "Cisco IINS 2.0: Security and Strategies."

Consider security planning policies, procedures, and models to include

multilevel and cryptographic processes.

Prepare 10-12 Slides Presentation

Include the following:

Description of security planning policies

Description of how human resources security is included in security

planning

Description of how cryptographic tools may be included in security

planning

Application of security planning policies to manage security

Evaluation of how specific policies are used to implement security plans

---------------------------------------------------------------------------------

CMGT 582 Week 5 Individual Assignment Policy

Implementation
FOR MORE CLASSES VISIT
www.cmgt582study.com

Assignment Preparation: Activities include watching the completing the

SkillSoftcourse, independent student reading, and research.

Complete the "Security Policy Documents and Life Cycle" topic of the
Skillsoft course "SSCP Domain: Security Operations and
Administration Part 1."

Complete the "Risk Management and Regulatory Compliance" topic of

the "Security Policies and Life-Cycle Approach" lesson of the Skillsoft
course "Cisco IINS 2.0: Security and Strategies."

Consider security planning policies, procedures, and models to include

multilevel and cryptographic processes.

Write 3-5 Page Paper

Include the following:

Description of security planning policies

Description of how human resources security is included in security
planning

Description of how cryptographic tools may be included in security

planning

Application of security planning policies to manage security

Evaluation of how specific policies are used to implement security plans

---------------------------------------------------------------------------------

CMGT 582 Week 6 Individual Assignment Systems

Development Life Cycle (SDLC)
FOR MORE CLASSES VISIT
www.cmgt582study.com

Assignment Preparation: Activities include watching the completing the

SkillSoftcourse, independent student reading, and research.

Complete the "Information Risk Management Overview" topic of the

"Information Risk Management Program" lesson of the Skillsoft
course "CISM 2012: Information Risk Management and Compliance
(Part 1)."

Completethe "Auditing and Testing IS Security" topic of the "Auditing

Internal and External Security" lesson of the Skillsoft course "CISA
Domain: Protection of Information Assets - Part 2."

Consider the systems development life cycle (SDLC), security systems

life cycle, and information systems security certification and
accreditation.
Write a 3- to 5-page evaluation of the use of the security life cycle.
Include the following:

All six phases

Review of steps unique to the security life cycle, not in common with
SDLC

Applicable criteria and standards, such as certification and accreditation,

used in your evaluation
---------------------------------------------------------------------------------