Audit, Control, Compliance

Week 1 Project

Preliminary Review of Enterprise IT

This week, your task for the final project is to research in the South University Online Library and the Internet to identify a case study of your choice with a pertinent IT/IS capability, either as an essential asset in support of your case study’s business mission or as an integral part of your case study’s critical mission.

Some examples could be a healthcare organization, such as a healthcare insurance company, a major hospital, or medical laboratory; an academic institution, such as a university or a professional institute; a commerce and transportation center, for example, a major airport or a maritime port; a transportation carrier, such as an airline company, a railroad company, or even a car transportation service; a network service provider, such as a telecommunications service carrier/provider, an Internet and voice digital service provider, or a cloud service provider; a major media organization, such as television network or a multimedia service operator; an industry firm that manufactures products, such as a computer products manufacturer, a car manufacturer, or a hardware manufacturer; a major retailer, for example, a food retailer, a home maintenance retailer, or clothing outlet; an entertainment complex, such as a hotel, a vacation resort, or a large recreation and entertainment complex; and a financial institution, for example, a banking system, a credit card service, or an investment trading service.

The above are examples to guide you with your research, but you are not limited to these areas. It is important that you arrive at your own case study, based on your personal interests, and one that is well suited to explore from an IT/IS auditing perspective for this course. Some criteria that you should consider in arriving at your case study are listed below:

  1. Your case study may be based on an actual company, or organization, using facts from research, or it may be fictional. In either case, you will have to make a number of assumptions about your case study’s organizational system (principles, policies and frameworks, processes, organizational structures, culture, ethics and behavior, information, services, infrastructure and applications, people, skills, and competencies) to complement the facts from your research.
  2. Your case study must require a nontrivial underlying IT/IS as an essential capability for its operation. The IT/IS capability must be reasonably complex. One way to determine whether an IT/IS capability is reasonably complex is to think in terms of entities and relationships for your case study’s model. A reasonable IS complexity is at least ten entities and ten relationships. You may have to make assumptions to complement your facts.
  3. For your underlying IT infrastructure, consider the different IT teams. Is there a Chief Information Officer (CIO)? Is there a Chief Technology Officer (CTO)? Is there an IT planning and management team, including a program management office (PMO) and project managers? Is there an R&D team? Is there an IT testing team? Is there an IT operations and deployment team? Is there an IT support and maintenance team? Is there an IT-related customer product or service team? What does the IT infrastructure consist of? Consider hardware, including servers, network elements, and interconnection devices and media; platforms, such as database management systems, and IS/networking security systems; software, including systems software and application software; and the IT needs for engineering services and support. You may have to make assumptions to complement your facts.
  4. In your research, you may want to think in terms of use cases for your IS (whether it is internal as an essential support IS or part of the core products and services sold to customers). Think of use cases as transactions that different end users will invoke when interacting with your case study’s IS.
  5. Finally, you must submit your area of study to the professor via e-mail and have your professor’s approval that you may go ahead with your selection.

Once you have selected your study area and case and have received approval from your professor, you may proceed to the next steps described below. Create a report that focuses on the IT/IS used to support the operation of your organization in your case study and answer the following questions.

  • Conduct a preliminary review of your case study’s organization. This review should include business mission, organizational structures, culture, IS, products and services, infrastructure and applications, people, skills, and competencies.
  • Explain the need for an IT audit of your organization. Support your analysis in IT governance terms. Identify the stakeholders for your case study.
  • Identify enterprise goals and IT-related goals for your case study and then create a mapping of the two sets, indicating primary relationships and secondary relationships.
  • Start developing an IT audit plan that addresses the following components: Define scope, state objectives, structure approach, provide for measurement of achievement (identify the areas you intend to measure; specific metrics will be addressed later), address how you will assure comprehensiveness, and address how you will provide approach flexibility.

Discussion 5 hacking Responses

Respond to at least 2 of your fellow classmates with at least a 100-word reply about his or her Primary Task Response regarding items you found to be compelling and enlightening. To help you with your discussion, please consider the following questions:

  • What did you learn from your classmates’ postings?
  • What additional questions do you have after reading the postings?
  • What clarification do you need regarding the postings?
  • What differences or similarities do you see between your posting and other classmates’ postings?

Please provide responses to the following two Posts.

 

James’s Post

Before this course, I only had a surface-level idea of what it took to hack. As I mentioned in my first discussion most of what I saw was “Hollywood hacking” and now I know it was incorrect. There is quite of bit of skill that goes into hacking, one must understand networking, various computer systems, and even the laws. Nevertheless, the amount of knowledge and skill isn’t what stood out to me the most. That crown belongs to the billion-dollar industry surrounding hacking and how much financial damage it causes.    The ability to interact with my peers was a great help in understanding the process of hacking. Many of them had refreshing takes on the topics of discussion and challenged my way of thinking. However, not as impactful as the labs, which allowed the use of the applications and processes a hacker would use. The first-hand experience is priceless, seeing as there could be severe legal or financial ramifications for trying out some of this software for yourself, even if it’s just for “learning purposes”.    Overall, the course was a joy to be a part of. I acquired a mass of valuable information, that is going to help me on my journey to becoming a security professional. I do believe they could have updated the labs, seeing as these labs have been around for a while. A quick Duck duck go search was all it took to spoil the learning challenge, but I knew better than to do that. I wish everyone here much success on their journey and I hope to see you all at the finish line. Lastly, thank you, Prof. Deleeuw, your live chats were great to re-watch, I wish I attended more of them in person.

 

Lonnie’s Post

I think the most compelling topic for this session was awareness of how closely my current position aligns with cybersecurity tools, methods, and topics.  Maybe the culture at my current employer is more advanced than previous jobs, but I literally use every tool we discussed during this session in my current position and it seems as though a security mindset is embraced throughout my current organization rather than just at the perimeter or in IT.  Down to the end-user, everyone understands the importance of security and safe practices and I’m very thankful I have the opportunity to learn in CTU’s environment and correlate or apply what I’m learning in a functional capacity.  

I always look forward to reading my fellow classmates’ posts on the discussion board as we all bring unique experiences to the table.  In my current line of work, I’m exposed to a lot more scenarios and technologies than some, just as there are certain things I’ll never see outside of the textbook.  It’s good seeing different approaches and experiences we can share in the DB posts.

Going forward, I would encourage anyone reading this post, to keep an open mind when dealing with anything related to network security.  In terms of approach or bearing, don’t be afraid to say “I don’t know” but follow it up with, “I’ll find the answer for you.”  Also, immediately remove “It’s not my job” from your vocabulary.  As your responsibility level grows, everything becomes “your job”.  I can tell you from personal experience, as a network analyst/engineer,  you’re expected to know your job and the jobs of every department that interfaces with the network or devices you manage.  Gaining perspective from the security and vulnerability portion of my career field from these CTU classes has helped me grasp a better understanding of my current position and what my contribution potential is.  I wish you all the best in your endeavors and hope to see you all finish strong!

Duane

Criminal Justice Trends Paper

Select one of the components of the criminal justice system (law enforcement, courts, or corrections).

Write a 1,400- to 1,750-word paper in which you evaluate past, present, and future trends of the criminal justice component you select. Discuss the budgetary and managerial impact that future trends will likely have not only on the component you select but also on the other components of the criminal justice system. Be sure to include current research data (qualitative and quantitative) in your analysis.

Include at least four peer-reviewed references.

Format your paper according to APA guidelines

The book  \”No Rules Rules: Netflix and the Culture of Reinvention\” by Reed Hastings

 

The book  \”No Rules Rules: Netflix and the Culture of Reinvention\” by Reed Hastings. This book was published in September 2020, and contains many insights that are relevant to our course. CAN you please read chapter #7 and Chapter #8.AND then can you make a four slide total,  first two slide review the each chapter then next two slide about theory and application about chapter #7 #8 , AND EACH SLIDE SHOULD BE WITH IN ONE HUNDRED WORD THANK YOU ,

Computers

In this assignment, you will explore the role of cloud computing in boosting business intelligence (BI) tools. You will learn about different types of cloud computing architectures that can provide value-adding services for organizations. As a manager, you must understand the different service types needed to run on the different cloud-based applications in order to make the right decision.

Tasks

  • Data mining relies heavily on massive amounts of data in order to train, improve, and build models. Knowing this, discuss the following:
    • What role does cloud computing play in improving data mining models?
    • What ethical and security concerns should be considered when adopting cloud computing for a business?

discussion 4 Hacking

Within the Discussion Board area, write 400–600 words that respond to the following questions with your thoughts, ideas, and comments. This will be the foundation for future discussions by your classmates. Be substantive and clear, and use examples to reinforce your ideas:

  • Discuss the importance of having a signed agreement, and give the implications of conducting a pen test without one.
  • Many organizations employ intrusion detection systems (IDS) or even intrusion prevention systems (IPS). It is important to understand how these tools protect the organization.
  • Describe how footprinting the stages of an attack might not be detected by an IDS.
  • Recommend an IDS for your organization and include the pros and cons behind your recommendation.