BSA/505 v4
Gail Industries Case Study
BSA/505 v4
Page of
Gail Industries Case Study
This case study is used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.Introduction to Gail Industries
Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts.
One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a large metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people. Smallville’s IT department follows the NIST 800-53 standards, and the city requires that all IT service organizations, whether run by city staff or vendors such as Gail Industries, follow these standards.
For this case study, you are to assume the following dates:
· Audit Period: 1/1/2018 – 12/31/2018
· Audit Field Work Dates: 1/3/2019 – 1/24/2019Overview of the Operations of Smallville Collections Processing Entity (SCOPE)
Summary of Services Provided
Collections Processing
The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality. The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks, debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city.
SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide:
1. Assurances for proper segregation of duties
2. The design and use of satisfactory documentation to ensure proper recording of transactions
3. The safeguarding of access to and use of all assets and records
4. Independent checks on performance
Payment Receipt
The purpose of collections processing is to receive and process various types of payments, post the payment data to the Central Collections System (CCS), and deposit the accompanying funds in the Smallville bank account. This process includes the following types of payment receipt ...
BSA520 v4Gail Industries Case StudyBSA520 v4Page 6 of 6.docxcurwenmichaela
BSA/520 v4
Gail Industries Case Study
BSA/520 v4
Page 6 of 6
Gail Industries: Smallville Collections Processing Entity Case Study
This case study will be used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.Introduction to Gail Industries
Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts.
One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people.Overview of the Operations of Smallville Collections Processing Entity (SCOPE) Summary of Services Provided
Collections Processing
The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality. The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks, debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city.
SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide:
1. Assurances for proper segregation of duties
2. The design and use of satisfactory documentation to ensure proper recording of transactions
3. The safeguarding of access to and use of all assets and records
4. Independent checks on performance
Payment Receipt
The purpose of collections processing is to receive and process various types of payments, post the payment data to the Central Collections System (CCS), and deposit the accompanying funds in the Smallville bank account. This process includes the following types of payment receipts:
· Regular mail – paper checks only
· Website – credit and debit card payments; electronic checks
· IVR – credit and debit card payments
Mail Delivery
A bonded courier picks up the payments from the United States Postal Service (USPS) facility in Smallville. SCOPE uses a subcontractor for courier servic.
BSA520 v4Gail Industries Case StudyBSA520 v4Page 6 of 6.docxjasoninnes20
BSA/520 v4
Gail Industries Case Study
BSA/520 v4
Page 6 of 6
Gail Industries: Smallville Collections Processing Entity Case Study
This case study will be used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.Introduction to Gail Industries
Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts.
One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people.Overview of the Operations of Smallville Collections Processing Entity (SCOPE) Summary of Services Provided
Collections Processing
The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality. The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks, debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city.
SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide:
1. Assurances for proper segregation of duties
2. The design and use of satisfactory documentation to ensure proper recording of transactions
3. The safeguarding of access to and use of all assets and records
4. Independent checks on performance
Payment Receipt
The purpose of collections processing is to receive and process various types of payments, post the payment data to the Central Collections System (CCS), and deposit the accompanying funds in the Smallville bank account. This process includes the following types of payment receipts:
· Regular mail – paper checks only
· Website – credit and debit card payments; electronic checks
· IVR – credit and debit card payments
Mail Delivery
A bonded courier picks up the payments from the United States Postal Service (USPS) facility in Smallville. SCOPE uses a subcontractor for courier servic ...
L {M,s s ∈ L(M), L(M) = 2}. Prove that L ∉ SD by a reduc.docxcroysierkathey
L {<M,s> : s ∈ L(M), |L(M)| = 2}. Prove that L ∉ SD by a reduction from ¬H}
R(<M,w>) =
1. Define M#(x):
1.a If x = a or x = b accept
1.b Save x
1.b Replace x with w
1.c Run M on w
1.d Restore x
1.e Accept x
2. Return <M#,a>
If there were an Oracle Mₒ that could semidecide L, then C = Mₒ(R(<M,w>)) =
Mₒ(<M#,a>) could semidecide ¬H:
<M,w> ∈ ¬H: M# would accept a and b at 1.a, and then loop forever at 1.c. Thus
L(M#) = {a,b}, and Mₒ would accept <M#,a> because a ∈ {a,b}, and |{a,b}| = 2
<M,w> ∉ ¬H: M# would accept a and b at 1.a, proceed through 1.c, and accept
everything else at 1.e. Thus L(M#) = ∑*, and Mₒ would not accept <M#,a> because
|∑*| != 2.
But no TM could semidecide ¬H, so Mₒ could not possibly exist.
BSA/520 v4
Gail Industries Case Study
BSA/520 v4
Page 6 of 6
Gail Industries: Smallville Collections Processing Entity Case Study
This case study will be used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.Introduction to Gail Industries
Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts.
One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people.Overview of the Operations of Smallville Collections Processing Entity (SCOPE) Summary of Services Provided
Collections Processing
The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality. The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks, debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city.
SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide:
1. Assurances for proper segregation of duties
2. The design and use ...
BSA520 v4Gail Industries Case StudyBSA520 v4Page 6 of 6.docxcurwenmichaela
BSA/520 v4
Gail Industries Case Study
BSA/520 v4
Page 6 of 6
Gail Industries: Smallville Collections Processing Entity Case Study
This case study will be used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.Introduction to Gail Industries
Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts.
One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people.Overview of the Operations of Smallville Collections Processing Entity (SCOPE) Summary of Services Provided
Collections Processing
The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality. The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks, debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city.
SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide:
1. Assurances for proper segregation of duties
2. The design and use of satisfactory documentation to ensure proper recording of transactions
3. The safeguarding of access to and use of all assets and records
4. Independent checks on performance
Payment Receipt
The purpose of collections processing is to receive and process various types of payments, post the payment data to the Central Collections System (CCS), and deposit the accompanying funds in the Smallville bank account. This process includes the following types of payment receipts:
· Regular mail – paper checks only
· Website – credit and debit card payments; electronic checks
· IVR – credit and debit card payments
Mail Delivery
A bonded courier picks up the payments from the United States Postal Service (USPS) facility in Smallville. SCOPE uses a subcontractor for courier servic.
BSA520 v4Gail Industries Case StudyBSA520 v4Page 6 of 6.docxjasoninnes20
BSA/520 v4
Gail Industries Case Study
BSA/520 v4
Page 6 of 6
Gail Industries: Smallville Collections Processing Entity Case Study
This case study will be used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.Introduction to Gail Industries
Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts.
One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people.Overview of the Operations of Smallville Collections Processing Entity (SCOPE) Summary of Services Provided
Collections Processing
The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality. The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks, debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city.
SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide:
1. Assurances for proper segregation of duties
2. The design and use of satisfactory documentation to ensure proper recording of transactions
3. The safeguarding of access to and use of all assets and records
4. Independent checks on performance
Payment Receipt
The purpose of collections processing is to receive and process various types of payments, post the payment data to the Central Collections System (CCS), and deposit the accompanying funds in the Smallville bank account. This process includes the following types of payment receipts:
· Regular mail – paper checks only
· Website – credit and debit card payments; electronic checks
· IVR – credit and debit card payments
Mail Delivery
A bonded courier picks up the payments from the United States Postal Service (USPS) facility in Smallville. SCOPE uses a subcontractor for courier servic ...
L {M,s s ∈ L(M), L(M) = 2}. Prove that L ∉ SD by a reduc.docxcroysierkathey
L {<M,s> : s ∈ L(M), |L(M)| = 2}. Prove that L ∉ SD by a reduction from ¬H}
R(<M,w>) =
1. Define M#(x):
1.a If x = a or x = b accept
1.b Save x
1.b Replace x with w
1.c Run M on w
1.d Restore x
1.e Accept x
2. Return <M#,a>
If there were an Oracle Mₒ that could semidecide L, then C = Mₒ(R(<M,w>)) =
Mₒ(<M#,a>) could semidecide ¬H:
<M,w> ∈ ¬H: M# would accept a and b at 1.a, and then loop forever at 1.c. Thus
L(M#) = {a,b}, and Mₒ would accept <M#,a> because a ∈ {a,b}, and |{a,b}| = 2
<M,w> ∉ ¬H: M# would accept a and b at 1.a, proceed through 1.c, and accept
everything else at 1.e. Thus L(M#) = ∑*, and Mₒ would not accept <M#,a> because
|∑*| != 2.
But no TM could semidecide ¬H, so Mₒ could not possibly exist.
BSA/520 v4
Gail Industries Case Study
BSA/520 v4
Page 6 of 6
Gail Industries: Smallville Collections Processing Entity Case Study
This case study will be used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.Introduction to Gail Industries
Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts.
One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people.Overview of the Operations of Smallville Collections Processing Entity (SCOPE) Summary of Services Provided
Collections Processing
The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality. The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks, debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city.
SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide:
1. Assurances for proper segregation of duties
2. The design and use ...
Bullzeye is a discount retailer offering a wide range of products,.docxCruzIbarra161
Bullzeye is a discount retailer offering a wide range of products, including: home goods, clothing, toys, and food. The company is a regional retailer with 10 brick-and-mortar stores as well as a popular online store. Due to the recent credit card data breaches of various prominent national retail companies (e.g., Target, Home Depot, Staples), the Bullzeye Board of Directors has taken particular interest in information security, especially as it pertains to the protection of credit cardholder data within the Bullzeye environment. The Board has asked executive management to evaluate and strengthen the enterprise’s information security infrastructure, where needed.
In order to respond to the Board regarding their preparedness for a cyber-security attack, the Chief Financial Officer (CFO) has engaged your IT consulting firm to identify the inherent risks and recommend control remediation strategies to prevent or to detect and appropriately respond to data breaches. Your firm has been requested to liaison with the Internal Audit Department during the engagement. Your first step is to gain an understanding of Bullzeye’s IT environment. The Chief Audit Executive (CAE) schedules a meeting with key Bullzeye leadership personnel, including the CFO, Chief Information Officer (CIO), and Chief Information Security Officer (CISO).
The following key information was obtained.
Background
IT Security Framework/Policy -
Bullzeye has an information security policy, which was developed by the CISO. The policy was developed in response to an internal audit conducted by an external firm hired by the CAE. The policy is not based on one specific IT control framework but considers elements contained within several frameworks. An information security committee has been recently formed to discuss new security risks and to develop mitigation strategies.
The meeting will be held monthly and include the CISO and other key IT Directors reporting to the CIO.
In addition, a training program was implemented last year in order to provide education on various information security topics (e.g., social engineering, malware, etc.). The program requires that all staff within the IT department complete an annual information security training webinar and corresponding quiz. The training program is complemented by a monthly e-mail sent to IT staff, which highlights relevant information security topics.
General IT Environment -
Most employees in the corporate office are assigned a standard desktop computer, although certain management personnel in the corporate and retail locations are issued a laptop if they can demonstrate their need to work remotely. The laptops are given a standard Microsoft Windows operating system image, which includes anti-malware/anti-virus software and patch update software among others. In addition, new laptops are now encrypted; however, desktops and existing laptops are not currently encrypted due to budget concerns. The user provisioning.
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
ControlCase discusses the following:
•What is “One Audit” for multiple assessments
•Current Research
•Zero Trust Principles for IT security
•Remote Assessment Methodology
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docxalfred4lewis58146
Page 1 of 4
Bullzeye Data Breach Readiness Assessment
IIA Case Study
Bullzeye is a discount retailer offering a wide range of products, including: home goods, clothing, toys,
and food. The company is a regional retailer with 10 brick-and-mortar stores as well as a popular online
store. Due to the recent credit card data breaches of various prominent national retail companies (e.g.,
Target, Home Depot, Staples), the Bullzeye Board of Directors has taken particular interest in information
security, especially as it pertains to the protection of credit cardholder data within the Bullzeye
environment. The Board has asked executive management to evaluate and strengthen the enterprise’s
information security infrastructure, where needed.
In order to respond to the Board regarding their preparedness for a cyber-security attack, the Chief
Financial Officer (CFO) has engaged your IT consulting firm to identify the inherent risks and
recommend control remediation strategies to prevent or to detect and appropriately respond to data
breaches. Your firm has been requested to liaison with the Internal Audit Department during the
engagement. Your first step is to gain an understanding of Bullzeye’s IT environment. The Chief Audit
Executive (CAE) schedules a meeting with key Bullzeye leadership personnel, including the CFO, Chief
Information Officer (CIO), and Chief Information Security Officer (CISO). The following key
information was obtained.
Background
IT Security Framework/Policy - Bullzeye has an information security policy, which was developed by the
CISO. The policy was developed in response to an internal audit conducted by an external firm hired by
the CAE. The policy is not based on one specific IT control framework but considers elements contained
within several frameworks. An information security committee has been recently formed to discuss new
security risks and to develop mitigation strategies. The meeting will be held monthly and include the
CISO and other key IT Directors reporting to the CIO. In addition, a training program was implemented
last year in order to provide education on various information security topics (e.g., social engineering,
malware, etc.). The program requires that all staff within the IT department complete an annual
information security training webinar and corresponding quiz. The training program is complemented by
a monthly e-mail sent to IT staff, which highlights relevant information security topics.
General IT Environment - Most employees in the corporate office are assigned a standard desktop
computer, although certain management personnel in the corporate and retail locations are issued a laptop
if they can demonstrate their need to work remotely. The laptops are given a standard Microsoft Windows
operating system image, which includes anti-malware/anti-virus software and patch update software
among others. In addition, new laptops are .
Informasoft isa TÜBİTAK (Scientific and Technological Research Council of Turkey)fundedHR Management Software Platformwith features such asCV sortingand social networking, while utilizing OCR techologies and smart encryption 714091.
The main purpose of this project is to deliver solutions to global companies,specifically those operating inTurkey that experience problems due to the incompatibility of their HR structures with local systemsand regulations. This is the first cloud based HR solution in Turkey to be developed in its field.
A Banking Management system is an application that gives functionality like sending money, bill payment, taking a loan, check balance, see all transaction history and many more.
1-2paragraphsapa formatWelcome to Module 6. Divers.docxjasoninnes20
1-2
paragraphs
apa format
Welcome to Module 6. Diversity can help ensure that a team has the skills and knowledge necessary for the successful completion of tasks. Diverse teams, as long as they are well managed, tend to be more creative and achieve goals more efficiently. Leaders must understand and appreciate the diversity that exists in their team. Answer the following question as you think about the diversity that exists within your own organization.
How does this diversity help your team achieve its goals?
Have you noticed any barriers to team unity that may be attributed to the diversity of team members' backgrounds?
How has your background and experience prepared you to be an effective leader in an organization that holds diversity and inclusion as core to its mission and values?
.
1-Post a two-paragraph summary of the lecture; 2- Review the li.docxjasoninnes20
1-Post a two-paragraph summary of the lecture;
2- Review the links and select one. Briefly explain how they support our curse.
http://www.fldoe.org/
http://www.eric.ed.gov/ERICWebPortal/Home.portal
http://firn.edu/doe/sas/ftce/ftcecomp.htm
Use APA 7.
each work separately.
.
More Related Content
Similar to BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
Bullzeye is a discount retailer offering a wide range of products,.docxCruzIbarra161
Bullzeye is a discount retailer offering a wide range of products, including: home goods, clothing, toys, and food. The company is a regional retailer with 10 brick-and-mortar stores as well as a popular online store. Due to the recent credit card data breaches of various prominent national retail companies (e.g., Target, Home Depot, Staples), the Bullzeye Board of Directors has taken particular interest in information security, especially as it pertains to the protection of credit cardholder data within the Bullzeye environment. The Board has asked executive management to evaluate and strengthen the enterprise’s information security infrastructure, where needed.
In order to respond to the Board regarding their preparedness for a cyber-security attack, the Chief Financial Officer (CFO) has engaged your IT consulting firm to identify the inherent risks and recommend control remediation strategies to prevent or to detect and appropriately respond to data breaches. Your firm has been requested to liaison with the Internal Audit Department during the engagement. Your first step is to gain an understanding of Bullzeye’s IT environment. The Chief Audit Executive (CAE) schedules a meeting with key Bullzeye leadership personnel, including the CFO, Chief Information Officer (CIO), and Chief Information Security Officer (CISO).
The following key information was obtained.
Background
IT Security Framework/Policy -
Bullzeye has an information security policy, which was developed by the CISO. The policy was developed in response to an internal audit conducted by an external firm hired by the CAE. The policy is not based on one specific IT control framework but considers elements contained within several frameworks. An information security committee has been recently formed to discuss new security risks and to develop mitigation strategies.
The meeting will be held monthly and include the CISO and other key IT Directors reporting to the CIO.
In addition, a training program was implemented last year in order to provide education on various information security topics (e.g., social engineering, malware, etc.). The program requires that all staff within the IT department complete an annual information security training webinar and corresponding quiz. The training program is complemented by a monthly e-mail sent to IT staff, which highlights relevant information security topics.
General IT Environment -
Most employees in the corporate office are assigned a standard desktop computer, although certain management personnel in the corporate and retail locations are issued a laptop if they can demonstrate their need to work remotely. The laptops are given a standard Microsoft Windows operating system image, which includes anti-malware/anti-virus software and patch update software among others. In addition, new laptops are now encrypted; however, desktops and existing laptops are not currently encrypted due to budget concerns. The user provisioning.
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
ControlCase discusses the following:
•What is “One Audit” for multiple assessments
•Current Research
•Zero Trust Principles for IT security
•Remote Assessment Methodology
Page 1 of 4 Bullzeye Data Breach Readiness Assessment .docxalfred4lewis58146
Page 1 of 4
Bullzeye Data Breach Readiness Assessment
IIA Case Study
Bullzeye is a discount retailer offering a wide range of products, including: home goods, clothing, toys,
and food. The company is a regional retailer with 10 brick-and-mortar stores as well as a popular online
store. Due to the recent credit card data breaches of various prominent national retail companies (e.g.,
Target, Home Depot, Staples), the Bullzeye Board of Directors has taken particular interest in information
security, especially as it pertains to the protection of credit cardholder data within the Bullzeye
environment. The Board has asked executive management to evaluate and strengthen the enterprise’s
information security infrastructure, where needed.
In order to respond to the Board regarding their preparedness for a cyber-security attack, the Chief
Financial Officer (CFO) has engaged your IT consulting firm to identify the inherent risks and
recommend control remediation strategies to prevent or to detect and appropriately respond to data
breaches. Your firm has been requested to liaison with the Internal Audit Department during the
engagement. Your first step is to gain an understanding of Bullzeye’s IT environment. The Chief Audit
Executive (CAE) schedules a meeting with key Bullzeye leadership personnel, including the CFO, Chief
Information Officer (CIO), and Chief Information Security Officer (CISO). The following key
information was obtained.
Background
IT Security Framework/Policy - Bullzeye has an information security policy, which was developed by the
CISO. The policy was developed in response to an internal audit conducted by an external firm hired by
the CAE. The policy is not based on one specific IT control framework but considers elements contained
within several frameworks. An information security committee has been recently formed to discuss new
security risks and to develop mitigation strategies. The meeting will be held monthly and include the
CISO and other key IT Directors reporting to the CIO. In addition, a training program was implemented
last year in order to provide education on various information security topics (e.g., social engineering,
malware, etc.). The program requires that all staff within the IT department complete an annual
information security training webinar and corresponding quiz. The training program is complemented by
a monthly e-mail sent to IT staff, which highlights relevant information security topics.
General IT Environment - Most employees in the corporate office are assigned a standard desktop
computer, although certain management personnel in the corporate and retail locations are issued a laptop
if they can demonstrate their need to work remotely. The laptops are given a standard Microsoft Windows
operating system image, which includes anti-malware/anti-virus software and patch update software
among others. In addition, new laptops are .
Informasoft isa TÜBİTAK (Scientific and Technological Research Council of Turkey)fundedHR Management Software Platformwith features such asCV sortingand social networking, while utilizing OCR techologies and smart encryption 714091.
The main purpose of this project is to deliver solutions to global companies,specifically those operating inTurkey that experience problems due to the incompatibility of their HR structures with local systemsand regulations. This is the first cloud based HR solution in Turkey to be developed in its field.
A Banking Management system is an application that gives functionality like sending money, bill payment, taking a loan, check balance, see all transaction history and many more.
Similar to BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx (20)
1-2paragraphsapa formatWelcome to Module 6. Divers.docxjasoninnes20
1-2
paragraphs
apa format
Welcome to Module 6. Diversity can help ensure that a team has the skills and knowledge necessary for the successful completion of tasks. Diverse teams, as long as they are well managed, tend to be more creative and achieve goals more efficiently. Leaders must understand and appreciate the diversity that exists in their team. Answer the following question as you think about the diversity that exists within your own organization.
How does this diversity help your team achieve its goals?
Have you noticed any barriers to team unity that may be attributed to the diversity of team members' backgrounds?
How has your background and experience prepared you to be an effective leader in an organization that holds diversity and inclusion as core to its mission and values?
.
1-Post a two-paragraph summary of the lecture; 2- Review the li.docxjasoninnes20
1-Post a two-paragraph summary of the lecture;
2- Review the links and select one. Briefly explain how they support our curse.
http://www.fldoe.org/
http://www.eric.ed.gov/ERICWebPortal/Home.portal
http://firn.edu/doe/sas/ftce/ftcecomp.htm
Use APA 7.
each work separately.
.
1-What are the pros and cons of parole. Discuss!2-Discuss ways t.docxjasoninnes20
1-What are the pros and cons of parole. Discuss!
2-Discuss ways to improve parole so that offenders have a better chance of being successful in the community
3-What are the barriers that parolees face when they return to the community that contribute to them failing. Give a relative example!
Submit in 3 paragraphs
.
1-page (max) proposal including a Title, Executive Summary, Outline,.docxjasoninnes20
1-page (max) proposal including a Title, Executive Summary, Outline, Team members, Task Assignment and Duration (who is doing what part). Include your anticipated dataset(s) and techniques/software. Please provide a list of the main references you want to use for your project in any appropriate format, e.g. Vancouver or APA style.
proposal is due by october 7th 2020 at 12pm est
project by 25th october
instructions for project are in the folder
.
1-Identify the benefits of sharing your action research with oth.docxjasoninnes20
1-Identify the benefits of sharing your action research with others.
-How does sharing your action research assist you in achieving your goal to improve the lives of your students?
2-Describe the criteria used to judge action research.
-What determines if your action research study gets published?
3-Identify one Web site resource (ERIC)and describe how it assisted you in designing, implementing, evaluating, writing and/or sharing your action research. Choose any one of the Web site sources listed in chapter 10(last page of attachment)
4-Why does Mills suggest in the last chapter of his book that this is really the beginning of your work?( start page 291)
Source:
Mills, G. E. (2000). Action research: A guide for the teacher researcher. Prentice-Hall, Inc., One Lake Street, Upper Saddle River, New Jersey 07458.
.
1-page APA 7 the edition No referenceDescription of Personal a.docxjasoninnes20
1-page APA 7 the edition / No reference
Description of Personal and Professional Goals My personal goal within the health care field is to become a successful and exceptional
nurse.
1-page APA 7 the edition / No reference
Reflection of the program Discussions about the program has helped my growth as a capable nurse. And talk about how good the program.
.
1-Pretend that you are a new teacher. You see that one of your st.docxjasoninnes20
1-Pretend that you are a new teacher. You see that one of your students likes to tease and joke on the other students. This student targets some students more than others and is meaner to them. The students who are targeted most often are those who appear to be less socially adept than some of the others. They may be younger, seem to have a more obvious disability or be overweight, wear glasses or not dress in trendy clothes. The student's behavior goes well beyond "friendly banter" and often leaves the other students feeling hurt and ashamed. How do you stop the student from bullying his or her peers and work to build the self-esteem of the students who have been picked on? What could be some of the causes of the student's bullying behavior and how might you work to address the root of the behavior?
2-Tiered Behavior Management and Response to Intervention (RtI
Please share a situation where you have worked with a challenging or difficult student. Was a tiered program or RtI a part of the program used to work with the student? How does a tiered program encourage student success? What are some of the challenges you have experienced while working with a tiered program? How have your students responded to the program or programs?
3-Special education teachers may work at different education levels at various points in their careers. Inclusion will be different in the lower grades than it would be in a high school classroom. How do you think that inclusion may look different for students at the elementary level as opposed to the high school level? What are some of the methods used to include students at all educational levels? What are some of the benefits and challenges you can see of the different inclusion models used with the different age students?
4-As a teacher of students with mild disabilities your class may be a diverse mix of students with various abilities and disabilities. How might inclusion and classroom management change when working with students with Autism and Autism Spectrum Disorders or other specific disabilities such as Down Syndrome? What would you need to take into account when developing behavior intervention plans (BIPs) and Individual Education Plans (IEPs)? How do you think these would change as the student grew and progressed through school?
5- This week you have a special task for the discussion. You will need to read about a disability category or specific disability that is of interest to you. Many of you may have a student, friend or family member with a specific disability we have not talked about so far in class. Use what you learn in the materials you read, the professional organization's website you visit or the videos you watch to talk about the specific inclusion and behavior management needs of students with that disability.
Example: My niece has ADHD and Asperger's Syndrome. She has been receiving services part time since she was in kindergarten. She also sees a counselor a.
1- What is the difference between a multi-valued attribute and a.docxjasoninnes20
1- What is the difference between a multi-valued attribute and a composite attribute? Give examples.
2- Create an ERD for the following requirements (You can use Dia diagramming tool to create your ERD):
Some Tiny College staff employees are information technology (IT) personnel. Some IT personnel provide technology support for academic programs, some provide technology infrastructure support, and some provide support for both. IT personnel are not professors; they are required to take periodic training to retain their technical expertise. Tiny College tracks all IT personnel training by date, type, and results (completed vs. not completed).
.
1- What is a Relational Algebra What are the operators. Explain.docxjasoninnes20
1- What is a Relational Algebra? What are the operators. Explain each.
2- What is the
INNER JOIN
operation between the following two relations (data sets or tables of data).
Hint: Use OWNER_ID column as common column between the two tables and list all columns of the two tables that have common OWNER_ID.
.
1- Watch the movie Don Quixote, which is an adaptation of Cerv.docxjasoninnes20
1-
Watch the movie
Don Quixote
, which is an adaptation of Cervantes' novel
Don Quixote
. Then, write at least two paragraphs (minimum five well-developed sentences per paragraph) to explain a lesson one could learn from the characters. You need to incorporate at least three of the ideas provided below:
The value of friendship
Humility and nobility
Importance of time
Importance of reading
Importance of optimism
The role of imagination and vision
Justifying commitment
Sense of self and disciple
Building leadership
.
1- reply to both below, no more than 75 words per each. PSY 771.docxjasoninnes20
1- reply to both below, no more than 75 words per each.
PSY 7710
4 days ago
Karissa Milano
unit 9 discussion scenario 3
COLLAPSE
ABA Procedure: A DRO (differential reinforcement of other behavior) to address SIB exhibited by a toddler in a home setting.
Special Methods: Any appropriate behaviors other than SIB will be reinforced through a specific amount of time (every five minutes). Reinforcement is only given when the individual does not engage in SIB behaviors.
Risks
Notes
1 Implementing the plan at home can be difficult.
1 The family might be concerned with their safety and the safety of the child. There should be a protocol before implementing this intervention.
2 Family members and client could be at risk for danger.
2 The parents might be concerned for the safety of themselves and their child.
3 Possible increase in SIB
3 SIB behaviors might increase before it decreases due to an extinction burst. The behavior analyst should have a protocol before implementing this intervention.
4 SIB behaviors could remain the same.
4 If there is no change in the clients SIB behaviors then a preference test should be conducted to determine motivating reinfoncers.
Benefits
Notes
1 Generalization
1 The client will learn to use this skill at home as well as be able generalize this skill into other settings.
2 Improved learning environment
2 SIB behaviors will decrease and appropriate behavior will be taught. SIB will no longer impact the client and family in the future.
3 Increase in appropriate behaviors
3 Appropriate behaviors will be taught and replace the SIB behavior.
4 Least intrusive intervention
4 Using reinforcement to decrease the problem behavior and increase appropriate behaviors. This is a least restrictive method of treatment.
5 Parent training and involvement
5 Parents will feel confident about implementing this evidence based treatment at home. This will can lead to an increase a buy in from the family and they will feel comfortable implementing other interventions in the future.
Summary: DRO is an intervention that is used when the client does not engage in the problem behavior (SIB) (Bailey & Burch, 2016). Reinforcement should only be given to the individual after a certain amount of time that the client is not engaging in the problem behavior; in this case it should be after five minutes of the client not engaging in SIB. The person who is implementing this treatment should not reinforce the problem behavior. The benefits of implementing DRO outweigh the risks of implementing DRO. DRO is a good intervention to use when decreasing SIB behavior. Although there are some risks, the individual who is implementing DRO should have the knowledge, training and experience and be confident when implementing DRO ( Bailey & Burch, 2016).
Reference
Bailey, J. S., & Burch, M. R. (2016).
Ethics for behavior analysts
(3rd ed.). New York, NY: Routledge.
PSY 7711
3 days ago
Emily Gentile
Unit 9 Discussion
C.
1- Pathogenesis 2- Organs affected in the body 3- Chain of i.docxjasoninnes20
1- Pathogenesis
2- Organs affected in the body
3- Chain of infection and its Links associated: Infectious agent, Reservoirs, Portal of Exit, Route of Transmission, portal of Entry, and Susceptible Host. All must to be defined in the chosen agent.
4- Incidence, Prevalence, and Prevention of this infectious disease
5- Treatment if possible
6- Please answer, being a Nurse. “How are you going to break down the chain of infection of the selected microorganisms, to avoid Cross Contamination ?
.
1- I can totally see where there would be tension between.docxjasoninnes20
1- I can totally see where there would be tension between these two, especially in today’s world. I am no expert on religion or science for that matter, but I do feel like some of the tension is unnecessary. I feel that the two can work to benefit our patients by balancing them with the needs of the patient. Let’s take my kids for instance, if they were sick with some known treatable disease there would be no other option in my mind to treat them with science and medicine that has been proven to work. I wouldn’t only pray for them to get better and not do anything about it, but I would pray for them and do whatever was necessary to help my family deal with the stress and worry of a child being sick. Here we have used them both to our benefit and they each serve a different purpose and effectiveness. Thanks again for your post!
2-My perception of the tension between science and religion is founded at first glance and then not when looked at more closely. Science and religion can coincide in health care if respected for their own strengths and limitations. I feel that a healthy balance of both can benefit our patients providing different needs when they’re needed. I have seen with my own eyes CRP markers drop in an infant receiving antibiotic treatment and I have also seen an infant that wasn’t supposed to live by scientific probability actually make it and thrive with prayer being the only obvious intervention. So, trying to single out one over the other as more effective than the other seems less beneficial than trying to work them both in when the patient requires such help.
I feel that science is good for some of the more usual cases and things we feel we can help with its information, and I also feel that we can use religion to help a patient with their mental aspects of healing. We can quantify an improvement in a patient through lab levels and such, but it's hard to do the same with religion and how a patient uses that tool as comfort or however they use it in their lives. “Some observational studies suggest that people who have regular spiritual practices tend to live longer. Another study points to a possible mechanism: interleukin (IL)-6. Increased levels of IL-6 are associated with an increased incidence of disease. A research study involving 1700 older adults showed that those who attended church were half as likely to have elevated levels of IL-6. The authors hypothesized that religious commitment may improve stress control by offering better coping mechanisms, richer social support, and the strength of personal values and worldview” (NCBI, 2001). In this example we see the benefits were surveyed to be founded, but the exact workings aren’t exactly known. The great thing about science is that usually we have some tangible results that are repeatable and there’s safety to be found in that. The great thing about religion is that we can have faith in whatever we believe in and that’s all that’s needed. It's our.
1- One of the most difficult challenges leaders face is to integrate.docxjasoninnes20
1- One of the most difficult challenges leaders face is to integrate their task and relationship behaviors. Do you see this as a challenge in your own leadership? How do you integrate task and relationship behaviors?
2- If you were to change in an effort to improve your leadership, what aspect of your style would you change? Would you try to be more task oriented or more relationship oriented?
.
1- Design one assignment of the Word Find (education word) and the o.docxjasoninnes20
1- Design one assignment of the Word Find (education word) and the one of Using Digital Technology in two separate attachments, each named. Note that a sample of each is located in attachment.
2- Read the lecture and post a one-paragraph summary of the lecture. (Graphic organizers).
.
1- This chapter suggests that emotional intelligence is an interpers.docxjasoninnes20
1- This chapter suggests that emotional intelligence is an interpersonal leadership whether you agree or disagree with this assumption. As you think about your own leadership, do emotions help or hinder your role as a leader? Discuss.
2- One unique aspect of leadership skills is that they can be practiced. List and briefly describe three things you could do to improve administrative skills.
.
1-2 pages APA format1. overall purpose of site 2. resources .docxjasoninnes20
1-2 pages APA format
1. overall purpose of site
2. resources available to social workers on the site and
3. how these resources can be specifically used in either the social worker assessment of or the social work intervention with children. Make certain to fully reference the site in a separate page. must include 3 headings that address Each requiremen.
.
1-Define Energy.2- What is Potential energy3- What is K.docxjasoninnes20
1-Define Energy.
2- What is Potential energy?
3- What is Kinetic energy?
4-Define Metabolism and name the two main types of metabolism.
5-Define an Enzyme and name the most important classes of Enzymes.
6- Name the three Metabolic Pathways.
7-What is Aerobic cellular respiration?
8-What is Anaerobic respiration?
9- Define Fermentation.
10.Name the final Products of Anaerobic Respiration.
1. - What is the main function of enzymes in our body?
2. - Please name the 6 types of enzymes:
3. - What is Energy of Activation, for the enzymes?
4. - Factors that affect enzyme activity include:
5. - What is a cofactor:
.
1- Find one quote from chapter 7-9. Explain why this quote stood.docxjasoninnes20
1- Find one quote from chapter 7-9. Explain why this quote stood out to you. What is its importance?
2- Discussion 7-9
1-Share your quote and ideas.
2- “violence is the only lever big enough to move the world”
3-Compare and contrast Elwood and Turner.
4-Why is Turner right? Why is he wrong?
5- Theme. reading vs reals world, inside vs outside, optimism vs pessimism, violence, division of lower class among racial lines.
7- “violence is the only lever big enough to move the world”
.
1-Confucianism2-ShintoChoose one of the religious system.docxjasoninnes20
1-Confucianism
2-Shinto
Choose one of the religious systems above; find some point of interest to discuss (350 wds). You may use your textbook OR any other reputable encyclopedia or source. ALWAYS CITE your source.
To support your response you are required to provide at least one supporting reference with proper citation
.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
How to Build a Module in Odoo 17 Using the Scaffold MethodCeline George
Odoo provides an option for creating a module by using a single line command. By using this command the user can make a whole structure of a module. It is very easy for a beginner to make a module. There is no need to make each file manually. This slide will show how to create a module using the scaffold method.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
MATATAG CURRICULUM: ASSESSING THE READINESS OF ELEM. PUBLIC SCHOOL TEACHERS I...NelTorrente
In this research, it concludes that while the readiness of teachers in Caloocan City to implement the MATATAG Curriculum is generally positive, targeted efforts in professional development, resource distribution, support networks, and comprehensive preparation can address the existing gaps and ensure successful curriculum implementation.
Thinking of getting a dog? Be aware that breeds like Pit Bulls, Rottweilers, and German Shepherds can be loyal and dangerous. Proper training and socialization are crucial to preventing aggressive behaviors. Ensure safety by understanding their needs and always supervising interactions. Stay safe, and enjoy your furry friends!
Landownership in the Philippines under the Americans-2-pptx.pptx
BSA505 v4Gail Industries Case StudyBSA505 v4Page of G.docx
1. BSA/505 v4
Gail Industries Case Study
BSA/505 v4
Page of
Gail Industries Case Study
This case study is used to complete your assignments
throughout the course. Some sections of the case study will be
necessary in multiple assignments. See the assignment
instructions for specific assignment requirements.Introduction
to Gail Industries
Gail Industries is a partner to many Fortune 1000 companies
and governments around the world. Gail Industries’ role is to
manage essential aspects of their clients’ operations while
interacting with and supporting the people their clients serve.
They manage millions of digital transactions every day for
various back office processing contracts.
One of Gail Industries’ clients is the city of Smallville.
Smallville, despite its name, is a large metropolis seated in the
heart of the nation. The city has 2.5 million residents, and the
greater Smallville metropolitan area has a population of about 4
million people. Smallville’s IT department follows the NIST
800-53 standards, and the city requires that all IT service
organizations, whether run by city staff or vendors such as Gail
Industries, follow these standards.
For this case study, you are to assume the following dates:
· Audit Period: 1/1/2018 – 12/31/2018
· Audit Field Work Dates: 1/3/2019 – 1/24/2019Overview of the
Operations of Smallville Collections Processing Entity (SCOPE)
Summary of Services Provided
Collections Processing
The Smallville Collections Processing Entity (SCOPE) provides
collections processing services to the city of Smallville. SCOPE
2. receives tax payments, licensing fees, parking tickets, and court
costs for this major municipality. The city of Smallville sends
out invoices and other collections notices, and SCOPE
processes payments received through the mail, through an
online payment website, and through an interactive voice
response (IVR) system. Payments are in the form of checks,
debit cards, and credit cards. After processing invoices, SCOPE
deposits the monies into the bank account for the city.
SCOPE is responsible for ensuring the security of the mail that
comes into the possession of all employees, subcontractors, and
agents at its processing facility, located within Smallville.
Controls and procedures for money and mail handling are
established by SCOPE to ensure payments are accounted for,
from the earliest point received through processing and deposit.
These controls and procedures provide:
1. Assurances for proper segregation of duties
2. The design and use of satisfactory documentation to ensure
proper recording of transactions
3. The safeguarding of access to and use of all assets and
records
4. Independent checks on performance
Payment Receipt
The purpose of collections processing is to receive and process
various types of payments, post the payment data to the Central
Collections System (CCS), and deposit the accompanying funds
in the Smallville bank account. This process includes the
following types of payment receipts:
· Regular mail – paper checks only
· Website – credit and debit card payments, electronic checks
· IVR – credit and debit card payments
Mail Delivery
A bonded courier picks up the payments from the United States
Postal Service (USPS) facility in Smallville. SCOPE uses a
subcontractor for courier services. This courier is dedicated,
picking up and delivering mail only for SCOPE. This courier is
also required to sign for registered, certified, and express
3. delivery envelopes.
Opening and Sorting Mail
The daily success of payment processing depends on receiving
mail quickly from the postal service, opening that mail, and
properly sorting the contents for processing. Batches contain
similar payment types: tax payments are processed together,
court collections together, and so forth.
Deposits
Deposits are made daily into the Smallville bank account.
Electronic payments (debit cards, credit cards, and paperless
checks) are deposited through an interface between CCSys and
the bank. Checks are converted to electronic debits and
deposited electronically. However, those that cannot be
converted to electronic form are deposited in physical form.
Functional Areas of Operations
Gail Industries uses the following specific functional roles of
operations:
· Contract manager – responsible for the overall management of
contract deliverables of the payment processing operation,
including the monitoring of financial expenditures to ensure
compliance with contract budgets.
· Operations manager – responsible for planning, managing, and
controlling the day-to-day activities of the team that provides
operational support for the business unit, including the
establishment of operational objectives and work plans and
delegation of assignments to subordinate managers.
· Information technology manager – responsible for developing
and maintaining the strategy of the future direction of IT
infrastructure, including developing plan for the implementation
of new IT projects and managing relationships with IT-related
vendors and subcontractors.
· Accounting – responsible for performing a variety of routine
clerical and accounting functions within the accounting
department, including daily balancing of receipts. In addition,
4. the accountant resolves exception transactions, including
charged back checks (bounced checks), forgery affidavits, and
recoupment.
· Call center – the city of Smallville does not have a centralized
call center for handling questions relating to payments and
invoices. It is considering adding one to the scope of services
offered by Gail Industries.
Information Systems
Services
Gail Industries services are designed around the following tools
and technologies:
· Data Capture and Imaging – real-time instrument imaging and
data capture—provides imaging, accountability and reporting of
checks and remitted payments.
· Invoice Management and Reporting – data correction and
maintenance utilizing automated payment auditing and
historical analysis. A browser-based application is available for
internal SCOPE and Smallville staff to perform administrative
functions. A separate internet-accessible payment portal allows
for citizens, business owners, and others to view invoices and
make payments.
Processing Platforms
Gail Industries currently utilizes cloud-based servers on the
Amazon Web Services (AWS) platform for internet-accessible
application. Data capture, imaging, and the payment processing
application run on local servers in a secured computer room.
Local servers run both Linux and Windows Server operating
systems. Data is stored on Microsoft SQL Server to provide
storage of payment, image, and balancing data.
The servers supporting the CCS are housed within the SCOPE
server room (also known as the data center) and are managed by
Gail Industries’ IT staff. The IT staff provides the following
services:
· Firewall management – monitoring and management of the
firewall systems and networks on a 24/7/365 basis.
5. · Network monitoring – proactive network and server
monitoring services to help maximize system performance and
uptime.
· Data backup – data backup services for the production,
payment, imaging, and balancing data.
· Incident management – IT incident monitoring,
documentation, and resolution management.Control Objectives
and Related Controls
Physical Security (Datacenter)
Control Objective 1: The controls provide reasonable assurance
that physical access to computer resources within Gail
Industries’ data center is restricted to authorized and
appropriate personnel.
To protect physical assets, management has documented and
implemented physical access procedures to grant, control,
monitor, and revoke access to the on-site SCOPE datacenter.
The datacenter requires two-factor authentication: a biometric
credential via retinal eye scanner and a badge access card.
Individuals requesting badge access document the request on a
standardized employee management form that must be approved
by departmental management. Administrative access to the
badge access system is restricted to authorized IT personnel.
When an employee is terminated, IT personnel revoke the badge
access privileges as a component of the termination process. In
addition, the IT manager performs a review of badge access
privileges on a monthly basis to help ensure that terminated
employees do not retain badge access.
All visitors must sign a logbook upon entering the datacenter,
with a picture ID presented to their escort. Access is restricted
to authorized IT personnel and equipment technicians.
CCTV surveillance cameras are utilized throughout the facility
and the datacenter to record activity; these images are retained
for a minimum of 45 days.
Physical Security (Facilities)
6. Control Objective 2: Controls provide reasonable assurance that
physical access to assets within Gail Industries’ facilities is
restricted to authorized and appropriate personnel.
To protect physical assets, management has documented and
implemented physical access procedures to grant, control,
monitor, and revoke access to the on-site SCOPE facility.
A door badge access system is employed to control access to
areas within the facility (including the datacenter) through the
use of predefined security zones.
Individuals requesting badge access to the facility document the
request on a standardized employee management form,
accessible through Gail Industries’ employee on-boarding
system (known as GEO). All requests must be approved by
departmental management. Administrative access to the badge
access system is restricted to authorized IT personnel.
Upon termination (voluntary or involuntary), SCOPE IT
personnel revoke the badge access privileges as a task in the
termination process. In addition, the IT manager performs a
monthly review of badge access privileges to ensure that
terminated employees do not retain badge access.
Both entrances into the facility are locked and are monitored by
administrative personnel. The receptionist must unlock the door
for visitor access. Visitors are required to ring a video door bell
and announce themselves to the receptionist. Visitors sign a
logbook when entering the facility, and they are required to
wear a visitor’s badge at all times. Visitors must be escorted by
an authorized employee when accessing sensitive facility areas
such as the mail room and server room.
CCTV surveillance cameras are utilized throughout the facility
and server room to record activity. Video images are retained
for a minimum of 45 days.
Environmental Safeguards
Control Objective 3: Controls provide reasonable assurance that
environmental safeguards protect physical assets and the data
that resides on those assets.
7. Management has implemented environmental controls to protect
physical assets within the datacenter and office facility,
including fire detection and suppression controls. The office
facility is protected by audible and visual alarms, fire and
smoke detectors, a sprinkler system, and hand-held fire
extinguishers. A halon-free fire suppression system and smoke
detectors protect the datacenter. An uninterruptible power
supply (UPS) is in place to provide temporary electricity in the
event of a power outage and mitigate the risk of power surges
impacting infrastructure to the data center.
Management retains the following inspection reports completed
by the third party vendors as evidence of their completion:
· Annual inspection of the fire detection and sprinkler fire
suppression system
· Annual inspection of hand-held fire extinguishers located
throughout the facility
· Annual inspection of the fire suppression system
· Semi-annual inspection of the UPS systems
Change Management
Control Objective 4: Controls provide reasonable assurance that
changes to network infrastructure and system software are
documented, tested, approved, and properly implemented to
protect data from unauthorized changes and to support user
entities’ internal control over financial reporting.
Documented change management policies and procedures are in
place to address change management activities. Further, there
are provisions for emergency changes to the infrastructure and
operating systems. Change requests are documented via a
change request (CR) form. CRs include details of the change,
including the change requestor, the date of the request, the
change description, and change specifications. Management,
through the Change Advisory Board (CAB), holds a weekly
meeting to review and prioritize change requests. During this
meeting, management authorizes change requests by signing off
on the CR form.
8. Detailed testing is performed prior to implementation of the
change in test environments that are logically separated from
the production environment. The CAB approves the changes
prior to implementation. The ability to implement infrastructure
and operating system updates to the production systems is
restricted to user accounts of authorized IT personnel.
Logical Security
Control Objective 5: Controls provide reasonable assurance that
administrative access to network infrastructure and operating
system resources is restricted to authorized and appropriate
users to support user entities’ internal control over financial
reporting.
Information security policies have been documented and are
updated annually to assist personnel in the modification of
access privileges to information systems and guide them in
safeguarding system infrastructure, information assets, and data.
Infrastructure and operating system users are authenticated via
user account and password prior to being granted access.
Password requirements are configured to enforce minimum
password length, password expiration intervals, password
complexity, password history requirements, and invalid
password account lockout threshold, as documented in the IT
Procedures and Policies document.
The CCS application authenticates users through the use of
individual user accounts and password before granting access to
the applications. CCS utilizes predefined security groups for
role-based access privileges. The application enforces password
requirements of password minimum length, password expiration
intervals, password complexity, password history, and invalid
password account lockout threshold.
Payment Processing
Control Objective 6: Controls provide reasonable assurance that
payments received are processed accurately and timely, and
processing exceptions are resolved.
9. Documented payment processing policies and procedures are in
place to guide personnel in the following activities:
· Mailroom processing
· Identification and posting of payments
· Research and processing of unidentified payments
· Financial reporting
· Bank reconciliations
Financial instruments are required to remain within the
mailroom during payment processing. When mail is delivered
by the courier, both the courier and the mail room supervisor
initial the mail receipt log to verify the envelope count
received.
Physical access privileges of data entry personnel are
segregated from balancing and mailroom personnel. Logical
access to processing systems are segregated between data entry,
balancing, and mailroom personnel.
Data Transmission
Control Objective 7: Controls provide reasonable assurance that
transmitted payment data is complete, accurate, and timely.
SCOPE exchanges payment and invoice information
electronically with Smallville via scheduled inbound and
outbound data transmissions each day. Smallville provides a list
of newly created invoices that were issued on the previous
business day. SCOPE receives this information in the CCS
application and uses this for processing payments. Each day, all
payments processed by SCOPE are sent back to the city of
Smallville, which imports this data into its systems.
Deposits
Control Objective 8: Controls provide reasonable assurance that
deposits are processed completely, accurately, and in a timely
manner.
Documented procedures are in place that addresses the transfer
and security of financial instruments, including delivery of the
mail from the Post Office (P.O) boxes to the SCOPE mailroom
10. and the delivery of deposits from the SCOPE mailroom to the
bank processing center.
A courier pickup and delivery schedule, outlining the date/times
of scheduled mail deliveries by the third party courier, is
maintained and posted in the mailroom. SCOPE utilizes a third-
party courier service for delivery of financial instruments to the
city of Smallville’s bank.Partially Collected Audit Evidence
GEO/SCOPE Active Employees Report
Generated 1/3/2019 8:26 AM
Employee ID
Full Name
Department
Status
Door Badge
10001438
Andrea Bradley
Administrator
Active
1902
10001337
Cesar Lynch
Administrator
Active
1904
10001232
Darin Young
Administrator
Active
2048
10000006
Gina Carmack
Administrator
Active
1900
10000001
15. Datacenter Visitor's Log
Date
Name
Title
Organization
ID presented
Escorted By
3/12/2018
Gail Lucas
President
Gail Industries
Alan, IT Specialist
7/2/2018
Kerry Lark
IT Director
City of Smallville
Driver's Lic.
Ken, IT Manager
7/31/2018
B. Smith
Technician
UPS Fixit
Driver's Lic.
Susan, IT Specialist
9/8/2018
B. Smith
Technician
UPS Fixit
Driver's Lic.
Susan, IT Specialist
11/13/2018
16. John Wilson
Technician
Fire Suppression Inc.
Business Card
Susan, IT Specialist
Windows Domain Group Policy for Passwords
CCS Active Users Report
Generated 1/3/2019 8:26 AM
User ID
Full Name
System Rights
Status
Email
ABradley
Andrea Bradley
Administrator
Active
[email protected]
AMcdonald
Alan McDonald
Administrator
Active
[email protected]
CLynch
Cesar Lynch
Administrator
Active
[email protected]
DYoung
Darin Young
Administrator
Active
[email protected]
GCarmack
Gina Carmack
17. Administrator
Active
[email protected]
GLucas
Gail Lucas
Administrator
Active
[email protected]
KSmith
Ken Smith
Administrator
Active
[email protected]
MAdams
Michelle Adams
Administrator
Active
[email protected]
SLarame
Susan Larame
Administrator
Active
[email protected]
SLenzi
Steve Lenzi
Administrator
Active
[email protected]
THAMMER
Tessa Hammer
Administrator
Active
[email protected]
VBrown
Victoria Brown
Administrator
18. Active
[email protected]
YVasquez
Yvonne Vasquez
Administrator
Active
[email protected]
Excerpt from IT Policies and Procedures Manual
Version 1.0, 12/31/2016
Revision History
Date
Author
Notes
12/31/2016
Ken Smith
Version 1.0, accepted by client
Overview
This policy is intended to establish guidelines for effectively
creating, maintaining, and protecting passwords at SCOPE.
Scope
This policy shall apply to all employees, contractors, and
affiliates of SCOPE, and shall govern acceptable password use
on all systems that connect to SCOPE network or access or store
SCOPE, city of Smallville, or Gail Industries data.
19. Policy
Password Creation
1. All user and admin passwords must be at least [8] characters
in length. Longer passwords and passphrases are strongly
encouraged.
2. Where possible, password dictionaries should be utilized to
prevent the use of common and easily cracked passwords.
3. Passwords must be completely unique, and not used for any
other system, application, or personal account.
4. Default installation passwords must be changed immediately
after installation is complete.
Password Aging
1. User passwords must be changed every 60 days. Previously
used passwords may not be reused.
2. System-level passwords must be changed on a monthly basis.
Password Protection
1. Passwords must not be shared with anyone (including
coworkers and supervisors), and must not be revealed or sent
electronically.
2. Passwords shall not be written down or physically stored
anywhere in the office.
3. When configuring password “hints,” do not hint at the format
of your password (e.g., “zip + middle name”)
4. User IDs and passwords must not be stored in an unencrypted
format.
5. User IDs and passwords must not be scripted to enable
automatic login.
6. “Remember Password” feature on websites and applications
should not be used.
7. All mobile devices that connect to the company network must
be secured with a password and/or biometric authentication and
must be configured to lock after 3 minutes of inactivity.
Enforcement
It is the responsibility of the end user to ensure enforcement
with the policies above.
If you believe your password may have been compromised,
20. please immediately report the incident to the IT Department and
change the password.
Courier Deposit Log
Date
Deposit Items
Time
Courier
SCOPE
1/2/2018
328
3:41 PM
V. Barnes
Mia Liu
1/3/2018
748
3:45 PM
V. Barnes
Mia Liu
1/4/2018
1050
4:30 PM
V. Barnes
Mia Liu
1/5/2018
258
3:31 PM
V. Barnes
Mia Liu
1/8/2018
1238
3:15 PM
V. Barnes
Mia Liu
1/9/2018
208
21. 4:02 PM
V. Barnes
Mia Liu
1/10/2018
1031
3:45 PM
V. Barnes
Mia Liu
1/11/2018
1343
3:56 PM
V. Barnes
Mia Liu
1/12/2018
211
3:01 PM
V. Barnes
Mia Liu
1/15/2018
230
3:02 PM
V. Barnes
Mia Liu
1/16/2018
576
3:02 PM
V. Barnes
Mia Liu
1/17/2018
332
4:02 PM
V. Barnes
Mia Liu
1/18/2018
1204
24. 2/8/2018
2/9/2018
2/12/2018
2/13/2018
2/14/2018
(No entries after 2/14/2018)
Fire Extinguisher Inspection Tag
Oldest Camera Image, from September 30, 2018 @3:30 AM
Newest Camera Image, from January 3, 2019
Proposed Call Center Operations Department
Recently, the city of Smallville has asked Gail Industries to