This document provides information on several topics relating to IT auditing and governance frameworks:
1. It describes COBIT's five IT governance focus areas of strategic alignment, value delivery, risk management, resource management, and performance management.
2. It asks the reader to predict problematic areas of implementing COBIT compliance and suggest solutions.
3. It discusses developing an ERM plan, including important policies, procedures, personnel, and review timelines.
4. It provides information on assignments relating to developing an ERM roadmap, mitigating cloud computing risks, obstacles to CMMI development, automated auditing, software engineering and CMMI/ITIL frameworks, HIPAA compliance and
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
COBIT Planning and ERM Plan Development
1. STRAYER CIS 558 Week 1 Discussion COBIT
Planning NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-1-discussion-cobit-
planning-recent
For more classes visit
http://www.uopassignments.com
“COBIT Planning” Please respond to the following:
Describe how organizations establish the five (5)
COBIT IT governance focus areas: strategic
alignment, value delivery, risk management,
resource management, and performance
management
Suppose senior management has tasked you with
the planning of the COBIT compliance project. In
terms of the COBIT framework, predict which key
areas are likely to be problematic to implement.
Suggest at least two (2) possible solutions to these
problematic areas.
2. STRAYER CIS 558 Week 2 Discussion Question
Developing an ERM plan NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-2-discussion-question-
developing-an-erm-plan-recent
For more classes visit
http://www.uopassignments.com
“Developing an ERM plan” Please respond to the
following:
From a management perspective, decide which
key policies and procedures one should consider
as the starting point when developing an ERM plan
for an organization. Defend your position.
Provide a list of essential personnel whom you
believe should be involved in creating and
maintaining an ERM plan for an organization.
Describe the role of each person. Suggest a
timeline for establishing an ERM plan, giving your
opinion on how frequently the plan should be
reviewed.
3. STRAYER CIS 558 Week 3 Assignment 1 ERM
Roadmap (2 Papers) NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-3-assignment-1-erm-
roadmap-recent
For more classes visit
http://www.uopassignments.com
This Tutorial contains 2 Papers
CIS 558 Week 3 Assignment 1 ERM Roadmap
Week 3 Assignment 1
Students, please view the "Submit a Clickable
Rubric Assignment" in the Student Center.
Instructors, training on how to grade is within the
Instructor Center.
Assignment 1: ERM Roadmap
Due Week 3 and worth 125 points
The following material may be useful for the
4. completion of this assignment. You may refer to
the documents titled “Embracing Enterprise Risk
Management: Practical Approaches for Getting
Started” and “Developing Key Risk Indicators to
Strengthen Enterprise Risk Management”, located
at http://www.coso.org/-ERM.htm.
Imagine you are an Information Technology
Manager employed by a business that needs you to
develop a plan for an effective Enterprise Risk
Management (ERM) program. In the past, ERM has
not been a priority for the organization. Failed
corporate security audits, data breaches, and
recent news stories have convinced the Board of
Directors that they must address these
weaknesses. As a result, the CEO has tasked you to
create a brief overview of ERM and provide
recommendations for establishing an effective
ERM program that will be used as a basis to
address this area moving forward.
Write a three to four (3-4) page paper in which
you:
1. Summarize the COSO Risk Management
Framework and COSO’s ERM process.
2. Recommend to management the approach that
they need to take to implement an effective ERM
5. program. Include the issues and organizational
impact they might encounter if they do not
implement an effective ERM program.
3. Analyze the methods for establishing key risk
indicators (KRIs).
4. Suggest the approach that the organization
needs to take in order to link the KRIs with the
organization’s strategic initiatives.
5. Use at least three (3) quality resources in this
assignment (in addition to and that support the
documents from the COSO Website referenced in
this assignment). Note: Wikipedia and similar
Websites do not qualify as quality resources.
Your assignment must follow these formatting
requirements:
• Be typed, double spaced, using Times New
Roman font (size 12), with one-inch margins on all
sides; citations and references must follow APA or
school-specific format. Check with your professor
for any additional instructions.
• Include a cover page containing the title of the
assignment, the student’s name, the professor’s
name, the course title, and the date. The cover
page and the reference page are not included in
the required assignment page length.
The specific course learning outcomes associated
with this assignment are:
6. • Describe the COSO enterprise risk management
framework.
• Describe the process of performing effective
information technology audits and general
controls.
• Use technology and information resources to
research issues in information technology audit
and control.
• Write clearly and concisely about topics related
to information technology audit and control using
proper writing mechanics and technical style
conventions.
7. STRAYER CIS 558 Week 3 Discussion Mitigating
Wireless Risk NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-3-discussion-mitigating-
wireless-risk-recent
For more classes visit
http://www.uopassignments.com
“Mitigating Wireless Risk” Please respond to the
following:
Suggest two (2) of the risks and two (2) of the
benefits associated with the implementation of
wireless networks.
For each of the risks, provide key suggestions for
mitigating or eliminating those risks from an
auditor’s perspective. Suggest key methods for
measuring the effectiveness of your solutions.
8. STRAYER CIS 558 Week 4 Case Study 1 Mitigating
Cloud Computing Risks (2 Papers) NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-4-case-study-1-
mitigating-cloud-computing-risks-new
For more classes visit
http://www.uopassignments.com
This Tutorial contains 2 Papers
Week 4 Case Study 1
Students, please view the "Submit a Clickable
Rubric Assignment" in the Student Center.
Instructors, training on how to grade is within the
Instructor Center.
Case Study 1: Mitigating Cloud Computing Risks
Due Week 4 and worth 125 points
Imagine you are an Information Security Manager
in a medium-sized organization. Your CIO has
asked you to prepare a case analysis report and
9. presentation on establishing internal controls in
cloud computing. The CIO has seen several
resources online which discuss the security risks
related to Cloud based computing and storage. One
that stood out was located at
http://www.isaca.org/Journal/Past-
Issues/2011/Volume-4/Pages/Cloud-Computing-
Risk-Assessment-A-Case-Study.aspx. You are being
asked to summarize the information you can find
on the Internet and other sources that are
available. Moving forward, the CIO wants to have a
firm grasp of the benefits and risks associated with
public, private, and hybrid cloud usage. There is
also concern over how these systems, if they were
in place, should be monitored to ensure not only
proper usage, but also that none of these systems
or their data have been compromised.
Write a three to four (3-4) page paper in which
you:
1. Provide a summary analysis of the most recent
research that is available in this area.
2. Examine the risks and vulnerabilities associated
with public clouds, private clouds, and hybrids.
Include primary examples applicable from the
case studies you previously reviewed.
3. Suggest key controls that organizations could
10. implement to mitigate these risks and
vulnerabilities.
4. Develop a list of IT audit tasks that address a
cloud computing environment based on the results
from the analysis of the case studies, the risks and
vulnerabilities, and the mitigation controls.
5. Use at least three (3) quality resources in this
assignment. Note: Wikipedia and similar Websites
do not qualify as quality resources.
Your assignment must follow these formatting
requirements:
• Be typed, double spaced, using Times New
Roman font (size 12), with one-inch margins on all
sides; citations and references must follow APA or
school-specific format. Check with your professor
for any additional instructions.
• Include a cover page containing the title of the
assignment, the student’s name, the professor’s
name, the course title, and the date. The cover
page and the reference page are not included in
the required assignment page length.
The specific course learning outcomes associated
with this assignment are:
• Describe the process of performing effective
information technology audits and general
controls.
• Describe the various general controls and audit
11. approaches for software and architecture to
include operating systems, telecommunication
networks, cloud computing, service-oriented
architecture and virtualization.
• Use technology and information resources to
research issues in information technology audit
and control.
• Write clearly and concisely about topics related
to information technology audit and control using
proper writing mechanics and technical style
conventions
12. STRAYER CIS 558 Week 4 Discussion Obstacles to
CMMI Development NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-4-discussion-obstacles-
to-cmmi-development-recent
For more classes visit
http://www.uopassignments.com
“Obstacles to CMMI Development” Please respond
to the following:
Elaborate on three (3) of the obstacles that must
be overcome as a business moves up the CMMI
model. Suggest key methods for overcoming the
obstacles you have identified.
Describe the measurable benefits of progressing
up the CMMI model. From an auditing perspective,
determine the manner in which these benefits
might be observed.
13. STRAYER CIS 558 Week 5 Discussion Automated
Auditing NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-5-discussion-automated-
auditing-recent
For more classes visit
http://www.uopassignments.com
“Automated Auditing” Please respond to the
following:
CAATTs can be helpful when dealing with immense
amounts of data. However, developing a CAATT
system can be time consuming. Argue for or
against the use of CAATT systems.
Identify the key elements of building an effective
CAATT system. Elaborate on two (2) challenges
faced when designing an effective CAATT system,
and suggest possible solutions to these problems.
14. STRAYER CIS 558 Week 6 Assignment 2 Software
Engineering, CMMI, and ITIL (2 Papers) NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-6-assignment-2-software-
engineering,cmmi,and-itil-recent
For more classes visit
http://www.uopassignments.com
This Tutorial contains 2 Papers
Realizing that an organization’s CMMI level
impacts an organization’ s success on requests for
proposals (RFPs), your CIO wants to get the
software development processes to CMMI level 3.
Your organization has started developing software
applications and database systems for their
customers. The CIO wants to ensure that the
software development and database development
processes are being properly managed and
audited, and he wants to ensure that the
organization begins taking the necessary steps to
progress to CMMI level 3. In preparation for your
response, review the CMMI information available
at the Carnegie Mellon Website.
15. IT managers will commonly manage software
development and systems integration activities.
Write a 3 page paper in which you:
Describe the software engineering process, the
challenges in managing software development
activities, and the potential interface issues from
the software development perspective.
Analyze the CMMI levels and define a roadmap that
the organization will ned to follow in order to get
their software development processes to CMMI
level three. Note: This is important because the
CMMI level that an organization achieves impacts
their software development reputation.
Explain the auditing tasks that must be performed
in order to achieve level 3.
Determine the continuous assurance auditing
activities that the organization will need to
implement to help achieve CMMI level three.
Analyze the ITIL service management guidelines
and principles.
Examine how ITIL service management practices
relate to CMMI levels and continuous service
auditing.
Use at least four (4) quality resources in this
assignment.
17. STRAYER CIS 558 Week 7 Case Study 2 HIPAA and
IT Audits (2 Papers) NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-7-case-study-2-hipaa-and-it-
audits-recent
For more classes visit
http://www.uopassignments.com
This Tutorial contains 2 Papers
Case Study 2: HIPAA and IT Audits
Due Week 7 and worth 75 points
Imagine you are a CIO at a medium-sized hospital,
and you have been asked by the CEO to provide a
case analysis report that will be provided to the
senior leadership in the organization. They are
concerned about the HIPAA Security and Privacy
Rules and its impact on the organization.
Unfamiliar with the details of HIPAA, you begin
18. looking at the information provided by the
Department of Health and Human Services.
Specifically, you are asked to provide an analysis
on the summary of the cases.
Section 1. Written Paper
Many organizations have been fined significant
amounts for non-compliance with HIPAA. To help
ensure that your organization remains in
compliance with HIPAA regulations you have been
asked to write a three (3) page paper in which you:
1a. Create an overview of the HIPAA Security Rule
and Privacy Rule. Include an explanation of the
resolution process when a case is reported.
1b. Analyze the major types of incidents and
breaches that occur based on the cases reported.
1c. Analyze the technical controls and the non-
technical controls that are needed to mitigate the
identified risks and vulnerabilities.
1d. Analyze and describe the network architecture
that is needed within an organization, including a
medium-sized hospital, in order to be compliant
with HIPAA regulations.
1e. Analyze how a medium-sized hospital is similar
to and different from other non-medical
19. organizations in regards to HIPAA compliance.
1f. List the IT audit steps that need to be included
in the organization’s overall IT audit plan to
ensure compliance with HIPAA rules and
regulations.
1g. Use at least four (4) quality resources in this
assignment. Note: Wikipedia and similar Websites
do not qualify as quality resources.
Your assignment must follow these formatting
requirements:
Be typed, double spaced, using Times New Roman
font (size 12), with one-inch margins on all sides;
citations and references must follow APA or
school-specific format. Check with your professor
for any additional instructions.
Section 2. Network Architecture
2a. Create a network architecture diagram (using
Visio or an open-source equivalent to Visio for
creating diagrams), based on the description of the
network architecture that you defined above for
the organization to be compliant with HIPAA
regulations.
2b. Include in the diagram the switches, routers,
21. STRAYER CIS 558 Week 7 Discussion Identity and
Access Management NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-7-discussion-identity-and-
access-management-recent
For more classes visit
http://www.uopassignments.com
“Identity and Access Management” Please respond
to the following:
Analyze the identity and access management
approach that organizations need to implement to
effectively control access to their systems. Explain
how the identity and access management
approach would be influenced by the type of
organization and its size.
For a small- to medium-sized business concerned
about IT budget, determine the identity and access
management practices you would recommend. In
contrast, for a large organization that is extremely
concerned about protecting corporate information
22. assets, determine the identity and access
management practices you would recommend.
Provide a rationale for your responses.
23. STRAYER CIS 558 Week 8 Discussion Effective
Disaster Recovery Plans NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-8-discussion-effective-
disaster-recovery-plans-recent
For more classes visit
http://www.uopassignments.com
“Effective Disaster Recovery Plans” Please
respond to the following:
Disaster recovery planning is essential for a
business to survive when unexpected events
impact daily operations. Determine the areas of
disaster recovery planning and preparedness you
believe organizations are often lacking. Provide a
rationale for your response.
Analyze and describe the key controls, especially
non-technical controls, which would ensure a
business is prepared for a disaster. Elaborate on
24. the impact that a disaster might have on the
auditing process
25. STRAYER CIS 558 Week 9 Discussion NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-9-discussion-recent
For more classes visit
http://www.uopassignments.com
CIS 558 Week 9 Discussion NEW
26. STRAYER CIS 558 Week 10 Discussion Quality
Assurance and Auditing Standards NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-10-discussion-quality-
assurance-and-auditing-standards-recent
For more classes visit
http://www.uopassignments.com
“Quality Assurance and Auditing
Standards” Please respond to the following:
Describe the actions an organization needs to
execute in order to improve their quality
assurance and auditing processes within the
organization.
Create a list of at least five (5) auditing best
practices for organizations to follow when
implementing their quality assurance auditing
programs.
27. Select the auditing best practices you feel are most
difficult to implement and offer means of
addressing them.
28. STRAYER CIS 558 Week 10 Term Paper Managing
an IT Infrastructure Audit (2 Papers) NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-10-term-paper-managing-
an-it-infrastructure-audit-recent
For more classes visit
http://www.uopassignments.com
This Tutorial contains 2 Term Papers
Term Paper: Managing an IT Infrastructure Audit
This assignment consists of four (4) sections: an
internal IT audit policy, a management plan, a
project plan, and a disaster recovery plan. You
must submit all four (4) sections as separate files
for the completion of this assignment. Label each
file name according to the section of the
assignment it is written for. Additionally, you may
create and /or assume all necessary assumptions
needed for the completion of this assignment.
Imagine you are an Information Security Manager
for a large national retailer. You have been hired
29. to be directly responsible for the planning and
oversight of IT audits. At the request of the Board
of Directors, the CEO has tasked you with
developing a plan for conducting regular audits of
the IT infrastructure. The planning and
management aspects of IT audit are critical to the
overall success of the audit, and as a result, the
overall success of the systems implemented within
the organization. You must develop a policy for
conducting IT audits and develop a project plan for
conducting two week IT audits.
In addition to the typical networking and
Internetworking infrastructure of a medium-sized
organization, the organization has the following
characteristics:
• They have a main office and 268 stores in the U.S.
• They utilize a cloud computing environment for
storage and applications.
• Their IT infrastructure includes Cisco workgroup
and core switches, Cisco routers, Cisco firewalls
and intrusion prevention systems, and servers
running Microsoft Windows Server 2012.
• They have over 1000 desktops and
approximately 500 organization-owned laptops in
the main headquarters.
• They allow employees to bring their own devices
into the organization; however, they are subject to
30. being searched upon entry and exit from the
building.
• They enable remote access to corporate
information assets for employees and limited
access to extranet resources for contractors and
other business partners.
• They enable wireless access at the main office
and the stores.
• They process an average of 67.2 credit card
transactions per hour every day at each location
and via their corporate Website.
•
Section 1: Internal IT Audit Policy
Write a three to four (3-4) page paper in which
you:
1. Develop an Internal IT Audit Policy, which
includes at a minimum:
2. Overview
b. Scope
c. Goals and objectives
d. Compliance with applicable laws and
regulations
e. Management oversight and responsibility
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this
assignment. Note: Wikipedia and similar Websites
31. do not qualify as quality resources.
Section 2: Management Plan
Write a four to six (4-6) page paper in which you:
2. Explain the management plan for conducting IT
audits, including:
3. Risk management
b. System Software and Applications
c. Wireless Networking
d. Cloud Computing
e. Virtualization
f. Cybersecurity and Privacy
g. BCP and DRP
h. Network Security
i. Use at least three (3) quality resources in this
assignment. Note: Wikipedia and similar Websites
do not qualify as quality resources.
Section 3: Project Plan
Use Microsoft Project or an Open Source
alternative, such as Open Project to:
3. Develop a project plan which includes the
applicable tasks for each of the major areas listed
below for each element of the IT audit mentioned
above; plan for the audit to be a two (2) week
audit.
4. Risk management
b. System software and applications
32. c. Wireless networking
d. Cloud computing
e. Virtualization
f. Cybersecurity and privacy
g. Network security
Section 4: Disaster Recovery Plan
Write a five to seven (5-7) page paper in which
you:
4. Develop a disaster recovery plan (DRP) for
recovering from a major incident or disaster
affecting the organization.
5. The organization must have no data loss.
b. The organization must have immediate access
to organizational data in the event of a disaster.
c. The organization must have critical systems
operational within 48 hours.
d. Include within the DRP the audit activities
needed to ensure that the organization has an
effective DRP and will be able to meet the
requirements stated above.
e. Use at least three (3) quality resources in this
assignment. Note: Wikipedia and similar Websites
do not qualify as quality resources.
Your assignment must follow these formatting
requirements:
33. • Be typed, double spaced, using Times New
Roman font (size 12), with one-inch margins on all
sides; citations and references must follow APA or
school-specific format. Check with your professor
for any additional instructions.
• Include a cover page containing the title of the
assignment, the student’s name, the professor’s
name, the course title, and the date. The cover
page and the reference page are not included in
the required assignment page length.
34. STRAYER CIS 558 Week 11 Discussion Course
Conclusion and Summary NEW
http://www.uopassignments.com/cis-558-
strayer/cis-558-week-11-discussion-course-
conclusion-and-summary-recent
For more classes visit
http://www.uopassignments.com
"Course Conclusion and Summary” Please respond
to the following:
You have just completed 10 weeks of an
information technology audit and control course.
Imagine you have been asked to create a one (1)
day training course highlighting the important
elements of what you have just learned in the past
ten weeks.
Create a hierarchy of five (no more or no less) of
the most important topics that you feel need to be
addressed in this one (1) day course that best fits
the course title of “Information Technology Audit
and Control: The Essentials Presented in One Day.”
35. Give a detailed rationale for each of the five (5)
topics.
Using 140 characters or less (the length of a
Tweet), summarize the importance of this class to
someone unfamiliar with th