CIS 558 Full Course IT Audit and Control Strayer

Students, please view the “Submit a Clickable Rubric Assignment” in the Student Center.
Instructors, training on how to grade is within the Instructor Center.

CIS 558 Week 1 uCertify Assessment 1 Pre-Assessment (160 items)
Worth  10 points

Note: You are encouraged to complete the Week 1 uCertify Assessment during the first week of class. However, you may submit the completion of uCertify Assessment 1 up to the end of Week 2. This extension is designed to allow for any issues you may have purchasing, registering for, and / or accessing required materials during the first week of class.

Note: You are allotted 120 minutes to complete each uCertify Assessment.

For help on utilizing uCertify, please review the walk-through video located here.

Grading for uCertify assessments is based on student participation and is not scored on the objective performance of the actual test results. Review the setup requirements, submission requirements, and grading rubric below for additional grading details.

uCertify Setup Requirements

• uCertify Assessments
  • You must use the preset options for the graded submission of the pre-assessment, post-assessment, and weekly quizzes.

Note: You are encouraged to submit the results of your first attempt at completing the assessment(s).

uCertify Submission Requirements

1. Complete the assessment; your results will be displayed.
2. Select “Share your result” from the results page menu items.
3. Copy the URL and paste it into the assignment submission area in the Blackboard online course shell.
4. Summarize, in two to three (2-3) sentences, both your strengths and weaknesses with respect to the topics you covered in the assessment. Note: The written summary may be submitted in the assignment submission area along with the results URL, or it may be submitted as a separate attachment.
5. Once you have successfully pasted the results URL and included the assessment summary, you may submit your assignment for grading.   Note: Failure to submit the results URL into the assignment submission area within the Blackboard online shell will result in zero (0) points for the assignment. Evidence of purposely skipped answers, incomplete answers, or limited effort is at the instructor’s discretion and may result in partial or incomplete credit for the assignment.

Click here to view the grading rubric.

Students, please view the “Submit a Clickable Rubric Assignment” in the Student Center.
Instructors, training on how to grade is within the Instructor Center.

CIS 558 Week 3 uCertify Assessment 5: Quiz – Chapter 2 (3 items)
Worth 10 points

Note: You are allotted 120 minutes to complete each uCertify Assessment.

For help on utilizing uCertify, please review the walk-through video located here.

Grading for uCertify assessments is based on student participation and is not scored on the objective performance of the actual test results. Review the setup requirements, submission requirements, and grading rubric below for additional grading details.

uCertify Setup Requirements

• uCertify Assessments
  • You must use the preset options for the graded submission of the pre-assessment, post-assessment, and weekly quizzes.

Note: You are encouraged to submit the results of your first attempt at completing the assessment(s).

uCertify Submission Requirements

1. Complete the assessment; your results will be displayed.
2. Select “Share your result” from the results page menu items.
3. Copy the URL and paste it into the assignment submission area in the Blackboard online course shell.
4. Summarize, in two to three (2-3) sentences, both your strengths and weaknesses with respect to the topics you covered in the assessment. Note: The written summary may be submitted in the assignment submission area along with the results URL, or it may be submitted as a separate attachment.
5. Once you have successfully pasted the results URL and included the assessment summary, you may submit your assignment for grading. Note: Failure to submit the results URL into the assignment submission area within the Blackboard online shell will result in zero (0) points for the assignment. Evidence of purposely skipped answers, incomplete answers, or limited effort is at the instructor’s discretion and may result in partial or incomplete credit for the assignment.

Click here to view the grading rubric.

Students, please view the “Submit a Clickable Rubric Assignment” in the Student Center.
Instructors, training on how to grade is within the Instructor Center.

CIS 558 Assignment 1 ERM Roadmap
Due Week 3 and worth 125 points

The following material may be useful for the completion of this assignment. You may refer to the documents titled “Embracing Enterprise Risk Management: Practical Approaches for Getting Started” and “Developing Key Risk Indicators to Strengthen Enterprise Risk Management”, located at http://www.coso.org/-ERM.htm.

Imagine you are an Information Technology Manager employed by a business that needs you to develop a plan for an effective Enterprise Risk Management (ERM) program. In the past, ERM has not been a priority for the organization. Failed corporate security audits, data breaches, and recent news stories have convinced the Board of Directors that they must address these weaknesses. As a result, the CEO has tasked you to create a brief overview of ERM and provide recommendations for establishing an effective ERM program that will be used as a basis to address this area moving forward.

Write a three to four (3-4) page paper in which you:

1. Summarize the COSO Risk Management Framework and COSO’s ERM process.
2. Recommend to management the approach that they need to take to implement an effective ERM program. Include the issues and organizational impact they might encounter if they do not implement an effective ERM program.
3. Analyze the methods for establishing key risk indicators (KRIs).
4. Suggest the approach that the organization needs to take in order to link the KRIs with the organization’s strategic initiatives.
5. Use at least three (3) quality resources in this assignment (in addition to and that support the documents from the COSO Website referenced in this assignment). Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

• Describe the COSO enterprise risk management framework.
• Describe the process of performing effective information technology audits and general controls.
• Use technology and information resources to research issues in information technology audit and control.
• Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.

Click here to view the grading rubric for this assignment.

Students, please view the “Submit a Clickable Rubric Assignment” in the Student Center.
Instructors, training on how to grade is within the Instructor Center.

Case Study 1: Mitigating Cloud Computing Risks
Due Week 4 and worth 125 points

Imagine you are an Information Security Manager in a medium-sized organization. Your CIO has asked you to prepare a case analysis report and presentation on establishing internal controls in cloud computing. The CIO has seen several resources online which discuss the security risks related to Cloud based computing and storage. One that stood out was located at http://www.isaca.org/Journal/Past-Issues/2011/Volume-4/Pages/Cloud-Computing-Risk-Assessment-A-Case-Study.aspx. You are being asked to summarize the information you can find on the Internet and other sources that are available.  Moving forward, the CIO wants to have a firm grasp of the benefits and risks associated with public, private, and hybrid cloud usage. There is also concern over how these systems, if they were in place, should be monitored to ensure not only proper usage, but also that none of these systems or their data have been compromised.

Write a three to four (3-4) page paper in which you:

1. Provide a summary analysis of the most recent research that is available in this area.
2. Examine the risks and vulnerabilities associated with public clouds, private clouds, and hybrids. Include primary examples applicable from the case studies you previously reviewed.
3. Suggest key controls that organizations could implement to mitigate these risks and vulnerabilities.
4. Develop a list of IT audit tasks that address a cloud computing environment based on the results from the analysis of the case studies, the risks and vulnerabilities, and the mitigation controls.
5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

• Describe the process of performing effective information technology audits and general controls.
• Describe the various general controls and audit approaches for software and architecture to include operating systems, telecommunication networks, cloud computing, service-oriented architecture and virtualization.
• Use technology and information resources to research issues in information technology audit and control.
• Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions

Click here to view the grading rubric for the case study.

Students, please view the “Submit a Clickable Rubric Assignment” in the Student Center.
Instructors, training on how to grade is within the Instructor Center.

Term Paper: Managing an IT Infrastructure Audit
Due Week 10 and worth 210 points

This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan. You must submit all four (4) sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and /or assume all necessary assumptions needed for the completion of this assignment.

Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits.
In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics:

• They have a main office and 268 stores in the U.S.
• They utilize a cloud computing environment for storage and applications.
• Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012.
• They have over 1000 desktops and approximately 500 organization-owned laptops in the main headquarters.
• They allow employees to bring their own devices into the organization; however, they are subject to being searched upon entry and exit from the building.
• They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners.
• They enable wireless access at the main office and the stores.
• They process an average of 67.2 credit card transactions per hour every day at each location and via their corporate Website.

Section 1: Internal IT Audit Policy
Write a three to four (3-4) page paper in which you:

1.    Develop an Internal IT Audit Policy, which includes at a minimum:

a.    Overview
b.    Scope
c.    Goals and objectives
d.    Compliance with applicable laws and regulations
e.    Management oversight and responsibility
f.    Areas covered in the IT audits
g.    Frequency of the audits
h.    Use at least two (2) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Section 2: Management Plan
Write a four to six (4-6) page paper in which you:

2.    Explain the management plan for conducting IT audits, including:

a.    Risk management
b.    System Software and Applications
c.    Wireless Networking
d.    Cloud Computing
e.    Virtualization
f.    Cybersecurity and Privacy
g.    BCP and DRP
h.    Network Security
i.    Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Section 3: Project Plan
Use Microsoft Project or an Open Source alternative, such as Open Project to:

3.    Develop a project plan which includes the applicable tasks for each of the major areas listed below for each element of the IT audit mentioned above; plan for the audit to be a two (2) week audit.

a.    Risk management
b.    System software and applications
c.    Wireless networking
d.    Cloud computing
e.    Virtualization
f.    Cybersecurity and privacy
g.    Network security

Section 4: Disaster Recovery Plan
Write a five to seven (5-7) page paper in which you:

4.    Develop a disaster recovery plan (DRP) for recovering from a major incident or disaster affecting the organization.

a.    The organization must have no data loss.
b.    The organization must have immediate access to organizational data in the event of a disaster.
c.    The organization must have critical systems operational within 48 hours.
d.    Include within the DRP the audit activities needed to ensure that the organization has an effective DRP and will be able to meet the requirements stated above.
e.    Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

• Describe the Sarbanes-Oxley (SOX) act and Committee of Sponsoring Organizations (COSO) framework.
• Describe the process of performing effective information technology audits and general controls.
• Describe the various general controls and audit approaches for software and architecture to include operating systems, telecommunication networks, cloud computing, service-oriented architecture and virtualization.
• Explain the role of cybersecurity privacy controls in the review of system processes.
• Discuss and develop strategies that detect and prevent fraudulent business practices.
• Describe and create an information technology disaster recovery plan.
• Develop an audit plan and control framework that addresses and solves a proposed business problem.
• Use technology and information resources to research issues in information technology audit and control.
• Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.

Click here to view the grading rubric for this assignment.

Students, please view the “Submit a Clickable Rubric Assignment” in the Student Center.
Instructors, training on how to grade is within the Instructor Center.

Week 11 uCertify Assessment 9: Post Assessment (150 items)
Worth 10 points

Note: You are allotted 120 minutes to complete each uCertify Assessment.

For help on utilizing uCertify, please review the walk-through video located here.

Grading for uCertify assessments is based on student participation and is not scored on the objective performance of the actual test results. Review the setup requirements, submission requirements, and grading rubric below for additional grading details.

uCertify Setup Requirements

• uCertify Assessments
  • You must use the preset options for the graded submission of the pre-assessment, post-assessment, and weekly quizzes.

Note: You are encouraged to submit the results of your first attempt at completing the assessment(s).

uCertify Submission Requirements

1. Complete the assessment; your results will be displayed.
2. Select “Share your result” from the results page menu items.
3. Copy the URL and paste it into the assignment submission area in the Blackboard online course shell.
4. Summarize, in two to three (2-3) sentences, both your strengths and weaknesses with respect to the topics you covered in the assessment. Note: The written summary may be submitted in the assignment submission area along with the results URL, or it may be submitted as a separate attachment.
5. Once you have successfully pasted the results URL and included the assessment summary, you may submit your assignment for grading. Note: Failure to submit the results URL into the assignment submission area within the Blackboard online shell will result in zero (0) points for the assignment. Evidence of purposely skipped answers, incomplete answers, or limited effort is at the instructor’s discretion and may result in partial or incomplete credit for the assignment.

Click here to view the grading rubric.