For more course tutorials visit
www.newtonhelp.com
“COBIT Planning” Please respond to the following:
Describe how organizations establish the five (5) COBIT IT governance focus areas: strategic alignment, value delivery, risk management, resource management, and performance management
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
CIS 558 Focus Dreams/newtonhelp.com
1. CIS 558 Week 1 Discussion COBIT Planning
For more course tutorials visit
www.newtonhelp.com
“COBIT Planning” Please respond to the following:
Describe how organizations establish the five (5) COBIT IT
governance focus areas: strategic alignment, value delivery,
risk management, resource management, and performance
management
Suppose senior management has tasked you with the
planning of the COBIT compliance project. In terms of the
COBIT framework, predict which key areas are likely to be
problematic to implement. Suggest at least two (2) possible
solutions to these problematic areas.
============================================
CIS 558 Week 1-11 All DQs
For more course tutorials visit
www.newtonhelp.com
CIS 558 Week 1 Discussion COBIT Planning
2. CIS 558 Week 2 Discussion Question Developing an ERM
plan
CIS 558 Week 3 Discussion Mitigating Wireless Risk
CIS 558 Week 4 Discussion Obstacles to CMMI
Development
CIS 558 Week 5 Discussion Automated Auditing
CIS 558 Week 6 Discussion Audit Project Control”
CIS 558 Week 7 Discussion Identity and Access
Management
CIS 558 Week 8 Discussion Effective Disaster Recovery
Plans
CIS 558 Week 9 Discussion Change and Patch management
CIS 558 Week 10 Discussion Quality Assurance and
Auditing Standards
CIS 558 Week 11 Discussion Course Conclusion and
Summary
============================================
CIS 558 Week 2 Discussion Question Developing an ERM
plan
For more course tutorials visit
www.newtonhelp.com
3. “Developing an ERM plan” Please respond to the following:
From a management perspective, decide which key policies
and procedures one should consider as the starting point
when developing an ERM plan for an organization. Defend
your position.
Provide a list of essential personnel whom you believe should
be involved in creating and maintaining an ERM plan for an
organization. Describe the role of each person. Suggest a
timeline for establishing an ERM plan, giving your opinion
on how frequently the plan should be reviewed.
============================================
CIS 558 Week 3 Assignment 1 ERM Roadmap (2 Papers)
For more course tutorials visit
www.newtonhelp.com
This Tutorial contains 2 Papers
CIS 558 Week 3 Assignment 1 ERM Roadmap
Week 3 Assignment 1
4. Students, please view the "Submit a Clickable Rubric
Assignment" in the Student Center.
Instructors, training on how to grade is within the Instructor
Center.
Assignment 1: ERM Roadmap
Due Week 3 and worth 125 points
The following material may be useful for the completion of
this assignment. You may refer to the documents titled
“Embracing Enterprise Risk Management: Practical
Approaches for Getting Started” and “Developing Key Risk
Indicators to Strengthen Enterprise Risk Management”,
located at http://www.coso.org/-ERM.htm.
Imagine you are an Information Technology Manager
employed by a business that needs you to develop a plan for
an effective Enterprise Risk Management (ERM) program.
In the past, ERM has not been a priority for the
organization. Failed corporate security audits, data
breaches, and recent news stories have convinced the Board
of Directors that they must address these weaknesses. As a
result, the CEO has tasked you to create a brief overview of
ERM and provide recommendations for establishing an
effective ERM program that will be used as a basis to
address this area moving forward.
Write a three to four (3-4) page paper in which you:
1. Summarize the COSO Risk Management Framework
and COSO’s ERM process.
2. Recommend to management the approach that they
need to take to implement an effective ERM program.
5. Include the issues and organizational impact they might
encounter if they do not implement an effective ERM
program.
3. Analyze the methods for establishing key risk indicators
(KRIs).
4. Suggest the approach that the organization needs to take
in order to link the KRIs with the organization’s strategic
initiatives.
5. Use at least three (3) quality resources in this assignment
(in addition to and that support the documents from the
COSO Website referenced in this assignment). Note:
Wikipedia and similar Websites do not qualify as quality
resources.
Your assignment must follow these formatting
requirements:
· Be typed, double spaced, using Times New Roman font
(size 12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
· Include a cover page containing the title of the
assignment, the student’s name, the professor’s name, the
course title, and the date. The cover page and the reference
page are not included in the required assignment page
length.
The specific course learning outcomes associated with this
assignment are:
· Describe the COSO enterprise risk management
framework.
6. · Describe the process of performing effective information
technology audits and general controls.
· Use technology and information resources to research
issues in information technology audit and control.
· Write clearly and concisely about topics related to
information technology audit and control using proper
writing mechanics and technical style conventions.
============================================
CIS 558 Week 3 Discussion Mitigating Wireless Risk
For more course tutorials visit
www.newtonhelp.com
“Mitigating Wireless Risk” Please respond to the following:
Suggest two (2) of the risks and two (2) of the benefits
associated with the implementation of wireless networks.
For each of the risks, provide key suggestions for mitigating
or eliminating those risks from an auditor’s perspective.
Suggest key methods for measuring the effectiveness of your
solutions.
============================================
7. CIS 558 Week 4 Case Study 1 Mitigating Cloud
Computing Risks (2 Papers)
For more course tutorials visit
www.newtonhelp.com
This Tutorial contains 2 Papers
Week 4 Case Study 1
Students, please view the "Submit a Clickable Rubric
Assignment" in the Student Center.
Instructors, training on how to grade is within the Instructor
Center.
Case Study 1: Mitigating Cloud Computing Risks
Due Week 4 and worth 125 points
Imagine you are an Information Security Manager in a
medium-sized organization. Your CIO has asked you to
prepare a case analysis report and presentation on
establishing internal controls in cloud computing. The CIO
has seen several resources online which discuss the security
risks related to Cloud based computing and storage. One
that stood out was located
at http://www.isaca.org/Journal/Past-Issues/2011/Volume-
4/Pages/Cloud-Computing-Risk-Assessment-A-Case-
Study.aspx. You are being asked to summarize the
information you can find on the Internet and other sources
8. that are available. Moving forward, the CIO wants to have
a firm grasp of the benefits and risks associated with public,
private, and hybrid cloud usage. There is also concern over
how these systems, if they were in place, should be
monitored to ensure not only proper usage, but also that
none of these systems or their data have been compromised.
Write a three to four (3-4) page paper in which you:
1. Provide a summary analysis of the most recent research
that is available in this area.
2. Examine the risks and vulnerabilities associated with
public clouds, private clouds, and hybrids. Include primary
examples applicable from the case studies you previously
reviewed.
3. Suggest key controls that organizations could implement
to mitigate these risks and vulnerabilities.
4. Develop a list of IT audit tasks that address a cloud
computing environment based on the results from the
analysis of the case studies, the risks and vulnerabilities, and
the mitigation controls.
5. Use at least three (3) quality resources in this
assignment. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting
requirements:
· Be typed, double spaced, using Times New Roman font
(size 12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
9. · Include a cover page containing the title of the
assignment, the student’s name, the professor’s name, the
course title, and the date. The cover page and the reference
page are not included in the required assignment page
length.
The specific course learning outcomes associated with this
assignment are:
· Describe the process of performing effective information
technology audits and general controls.
· Describe the various general controls and audit
approaches for software and architecture to include
operating systems, telecommunication networks, cloud
computing, service-oriented architecture and virtualization.
· Use technology and information resources to research
issues in information technology audit and control.
· Write clearly and concisely about topics related to
information technology audit and control using proper
writing mechanics and technical style conventions
============================================
CIS 558 Week 4 Discussion Obstacles to CMMI
Development
For more course tutorials visit
www.newtonhelp.com
10. “Obstacles to CMMI Development” Please respond to the
following:
Elaborate on three (3) of the obstacles that must be
overcome as a business moves up the CMMI model. Suggest
key methods for overcoming the obstacles you have
identified.
Describe the measurable benefits of progressing up the
CMMI model. From an auditing perspective, determine the
manner in which these benefits might be observed.
============================================
CIS 558 Week 5 Discussion Automated Auditing
For more course tutorials visit
www.newtonhelp.com
“Automated Auditing” Please respond to the following:
CAATTs can be helpful when dealing with immense
amounts of data. However, developing a CAATT system can
11. be time consuming. Argue for or against the use of CAATT
systems.
Identify the key elements of building an effective CAATT
system. Elaborate on two (2) challenges faced when
designing an effective CAATT system, and suggest possible
solutions to these problems.
============================================
CIS 558 Week 6 Assignment 2 Software Engineering,
CMMI, and ITIL (2 Papers)
For more course tutorials visit
www.newtonhelp.com
This Tutorial contains 2 Papers
Realizing that an organization’s CMMI level impacts an
organization’ s success on requests for proposals (RFPs),
your CIO wants to get the software development processes
to CMMI level 3. Your organization has started developing
software applications and database systems for their
customers. The CIO wants to ensure that the software
development and database development processes are being
properly managed and audited, and he wants to ensure that
the organization begins taking the necessary steps to
progress to CMMI level 3. In preparation for your response,
12. review the CMMI information available at the Carnegie
Mellon Website.
IT managers will commonly manage software development
and systems integration activities. Write a 3 page paper in
which you:
Describe the software engineering process, the challenges in
managing software development activities, and the potential
interface issues from the software development perspective.
Analyze the CMMI levels and define a roadmap that the
organization will ned to follow in order to get their software
development processes to CMMI level three. Note: This is
important because the CMMI level that an organization
achieves impacts their software development reputation.
Explain the auditing tasks that must be performed in order
to achieve level 3.
Determine the continuous assurance auditing activities that
the organization will need to implement to help achieve
CMMI level three.
Analyze the ITIL service management guidelines and
principles.
Examine how ITIL service management practices relate to
CMMI levels and continuous service auditing.
Use at least four (4) quality resources in this assignment.
Note: Wikipedia and similar Websites do not qualify as
quality resources.
============================================
CIS 558 Week 6 Discussion Audit Project Control
13. For more course tutorials visit
www.newtonhelp.com
“Audit Project Control” Please respond to the following:
Compare and contrast an IT Audit project with other
projects which might be found in an IT department.
Describe two (2) challenges that are unique to IT Audit
projects. Suggest an approach to mitigate each challenge you
selected.
Based on the challenges identified, describe the controls that
the project manager would need to implement in order to
overcome potential project control issues.
============================================
CIS 558 Week 7 Case Study 2 HIPAA and IT Audits (2
Papers)
For more course tutorials visit
www.newtonhelp.com
This Tutorial contains 2 Papers
14. Case Study 2: HIPAA and IT Audits
Due Week 7 and worth 75 points
Imagine you are a CIO at a medium-sized hospital, and you
have been asked by the CEO to provide a case analysis
report that will be provided to the senior leadership in the
organization. They are concerned about the HIPAA Security
and Privacy Rules and its impact on the organization.
Unfamiliar with the details of HIPAA, you begin looking at
the information provided by the Department of Health and
Human Services. Specifically, you are asked to provide an
analysis on the summary of the cases.
Section 1. Written Paper
Many organizations have been fined significant amounts for
non-compliance with HIPAA. To help ensure that your
organization remains in compliance with HIPAA regulations
you have been asked to write a three (3) page paper in which
you:
1a. Create an overview of the HIPAA Security Rule and
Privacy Rule. Include an explanation of the resolution
process when a case is reported.
1b. Analyze the major types of incidents and breaches that
occur based on the cases reported.
1c. Analyze the technical controls and the non-technical
controls that are needed to mitigate the identified risks and
vulnerabilities.
1d. Analyze and describe the network architecture that is
15. needed within an organization, including a medium-sized
hospital, in order to be compliant with HIPAA regulations.
1e. Analyze how a medium-sized hospital is similar to and
different from other non-medical organizations in regards to
HIPAA compliance.
1f. List the IT audit steps that need to be included in the
organization’s overall IT audit plan to ensure compliance
with HIPAA rules and regulations.
1g. Use at least four (4) quality resources in this assignment.
Note: Wikipedia and similar Websites do not qualify as
quality resources.
Your assignment must follow these formatting
requirements:
Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
Section 2. Network Architecture
2a. Create a network architecture diagram (using Visio or
an open-source equivalent to Visio for creating diagrams),
based on the description of the network architecture that
you defined above for the organization to be compliant with
HIPAA regulations.
2b. Include in the diagram the switches, routers, firewalls,
IDS/IPS, and any other devices needed for a compliant
network architecture.
============================================
16. CIS 558 Week 7 Discussion Identity and Access
Management
For more course tutorials visit
www.newtonhelp.com
“Identity and Access Management” Please respond to the
following:
Analyze the identity and access management approach that
organizations need to implement to effectively control access
to their systems. Explain how the identity and access
management approach would be influenced by the type of
organization and its size.
For a small- to medium-sized business concerned about IT
budget, determine the identity and access management
practices you would recommend. In contrast, for a large
organization that is extremely concerned about protecting
corporate information assets, determine the identity and
access management practices you would recommend.
Provide a rationale for your responses.
============================================
CIS 558 Week 8 Discussion Effective Disaster Recovery
Plans
17. For more course tutorials visit
www.newtonhelp.com
“Effective Disaster Recovery Plans” Please respond to the
following:
Disaster recovery planning is essential for a business to
survive when unexpected events impact daily operations.
Determine the areas of disaster recovery planning and
preparedness you believe organizations are often lacking.
Provide a rationale for your response.
Analyze and describe the key controls, especially non-
technical controls, which would ensure a business is
prepared for a disaster. Elaborate on the impact that a
disaster might have on the auditing process.
============================================
CIS 558 Week 9 Discussion Change and Patch
management
For more course tutorials visit
www.newtonhelp.com
18. CIS 558 Week 9 Discussion “Change and Patch
management”
Analyze it change management and patch management
processes needed within organization identify 3 challenges
organizations face when implementing change and patch
management processes for the first time, make suggestions
to address these challenges
============================================
CIS 558 Week 10 Discussion Quality Assurance and
Auditing Standards
For more course tutorials visit
www.newtonhelp.com
“Quality Assurance and Auditing Standards” Please
respond to the following:
Describe the actions an organization needs to execute in
order to improve their quality assurance and auditing
processes within the organization.
19. Create a list of at least five (5) auditing best practices for
organizations to follow when implementing their quality
assurance auditing programs.
Select the auditing best practices you feel are most difficult
to implement and offer means of addressing them.
=============================================
CIS 558 Week 10 Term Paper Managing an IT
Infrastructure Audit (2 Papers)
For more course tutorials visit
www.newtonhelp.com
This Tutorial contains 2 Term Papers
Term Paper: Managing an IT Infrastructure Audit
This assignment consists of four (4) sections: an internal IT
audit policy, a management plan, a project plan, and a
disaster recovery plan. You must submit all four (4) sections
as separate files for the completion of this assignment. Label
each file name according to the section of the assignment it is
20. written for. Additionally, you may create and /or assume all
necessary assumptions needed for the completion of this
assignment.
Imagine you are an Information Security Manager for a
large national retailer. You have been hired to be directly
responsible for the planning and oversight of IT audits. At
the request of the Board of Directors, the CEO has tasked
you with developing a plan for conducting regular audits of
the IT infrastructure. The planning and management
aspects of IT audit are critical to the overall success of the
audit, and as a result, the overall success of the systems
implemented within the organization. You must develop a
policy for conducting IT audits and develop a project plan
for conducting two week IT audits.
In addition to the typical networking and Internetworking
infrastructure of a medium-sized organization, the
organization has the following characteristics:
They have a main office and 268 stores in the U.S.
They utilize a cloud computing environment for storage and
applications.
Their IT infrastructure includes Cisco workgroup and core
switches, Cisco routers, Cisco firewalls and intrusion
prevention systems, and servers running Microsoft Windows
Server 2012.
They have over 1000 desktops and approximately 500
organization-owned laptops in the main headquarters.
They allow employees to bring their own devices into the
organization; however, they are subject to being searched
upon entry and exit from the building.
21. They enable remote access to corporate information assets
for employees and limited access to extranet resources for
contractors and other business partners.
They enable wireless access at the main office and the stores.
They process an average of 67.2 credit card transactions per
hour every day at each location and via their corporate
Website.
Section 1: Internal IT Audit Policy
Write a three to four (3-4) page paper in which you:
1. Develop an Internal IT Audit Policy, which includes at a
minimum:
2. Overview
b. Scope
c. Goals and objectives
d. Compliance with applicable laws and regulations
e. Management oversight and responsibility
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this
assignment. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Section 2: Management Plan
Write a four to six (4-6) page paper in which you:
2. Explain the management plan for conducting IT audits,
including:
3. Risk management
b. System Software and Applications
22. c. Wireless Networking
d. Cloud Computing
e. Virtualization
f. Cybersecurity and Privacy
g. BCP and DRP
h. Network Security
i. Use at least three (3) quality resources in this
assignment. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Section 3: Project Plan
Use Microsoft Project or an Open Source alternative, such
as Open Project to:
3. Develop a project plan which includes the applicable tasks
for each of the major areas listed below for each element of
the IT audit mentioned above; plan for the audit to be a two
(2) week audit.
4. Risk management
b. System software and applications
c. Wireless networking
d. Cloud computing
e. Virtualization
f. Cybersecurity and privacy
g. Network security
Section 4: Disaster Recovery Plan
Write a five to seven (5-7) page paper in which you:
4. Develop a disaster recovery plan (DRP) for recovering from
a major incident or disaster affecting the organization.
23. 5. The organization must have no data loss.
b. The organization must have immediate access to
organizational data in the event of a disaster.
c. The organization must have critical systems operational
within 48 hours.
d. Include within the DRP the audit activities needed to
ensure that the organization has an effective DRP and will
be able to meet the requirements stated above.
e. Use at least three (3) quality resources in this
assignment. Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting
requirements:
Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title,
and the date. The cover page and the reference page are not
included in the required assignment page length.
==============================================
CIS 558 Week 11 Discussion Course Conclusion and
Summary
24. For more course tutorials visit
www.newtonhelp.com
Course Conclusion and Summary” Please respond to the
following:
You have just completed 10 weeks of an information
technology audit and control course. Imagine you have been
asked to create a one (1) day training course highlighting the
important elements of what you have just learned in the past
ten weeks.
Create a hierarchy of five (no more or no less) of the most
important topics that you feel need to be addressed in this
one (1) day course that best fits the course title of
“Information Technology Audit and Control: The Essentials
Presented in One Day.” Give a detailed rationale for each of
the five (5) topics.
Using 140 characters or less (the length of a Tweet),
summarize the importance of this class to someone
unfamiliar with th
==============================================