The document provides instructions for an assignment to audit the HR department of an organization. It outlines specific areas to examine, including handling of ethical issues, compliance with privacy laws, security policies and training, and security risks. It describes including audit steps for each area and how the presentation will be graded based on addressing the identification of issues, evaluation of tools to address issues, and criteria to determine if risks are mitigated.

1. CMGT 582 Assignment Audit of the HR Department
FOR MORE CLASSES VISIT
www.cmgt582study.com
You are part of a team has been selected by the Chief Information
Officer (CIO) to perform an audit of the HR Department.
Create a 10- to 12-slide presentation (not including the title and
reference slides) that examines the specific audit steps that should be
performed to evaluate the following areas:
· Handling of ethical issues, including security-related
legal/regulatory compliance (non-privacy related), intellectual property
and licensing
· Compliance with privacy related laws and regulations
· Adequacy of security policies and security awareness training
· Identification of security related risks/threats
Include a minimum of two audit steps for each of the areas listed above.
The audit steps should follow the following format:
· Area: From the list above
· Example: Security related risks/threats
· Potential Risk to be Reviewed: Describe the risk

2. · Example: Viruses and malware can negatively impact the
confidentiality, integrity, and availability of organizational data
· Evaluation of Tools and Methods: Describe the control objective
and the specific controls you will evaluate to determine potential risk is
mitigated. Please note that typically, there will be more than one control
that should be reviewed for a potential risk.
· Example: Determine whether anti-virus software is in use
· Example: Determine whether virus signatures are periodically
updated
· Example: Determine whether periodic virus scans are performed
· Criteria/Measures to be Used: Describe the criteria/measures that
you will use to evaluate the adequacy of each area/review step that you
review (i.e., what criteria will you use to perform your evaluation/how
will you determine that the risk has been mitigated to an acceptable
level).
· Example: 100% of servers and PCs have virus software installed
· Example: 100% of the virus software installed is set to
automatically update, including virus signatures.
· Example: 100% of the virus software installed is set to
automatically perform a scan at least weekly
Your grade on the assignment will be based on how well you address:
· The identification of potential ethical, legal/regulatory, privacy,
and security related issues (20%)
· The evaluation of the tools and methods used to mitigate any
ethical, legal/regulatory, and privacy related issues identified, as well as
the tools and methods used to perform the review steps (20%)

3. · The evaluation of the tools and methods used to mitigate any
security-related issues identified, as well as the tools and methods used
to perform the review steps (25%)
· Criteria/measures that you will use to evaluate the adequacy of
each area/review step that you review (i.e., how will you determine that
the risk has been mitigated to an acceptable level) (20%)
· Quality of written communication
· Use of APA format/style
Include a 1/2- to 1-page executive summary and support your
presentation with appropriate references.
==============================================
CMGT 582 Week 1 Individual Assignment Getting Involved
FOR MORE CLASSES VISIT
www.cmgt582study.com
Assignment Preparation: Activities include watching the SkillSoft®
videos, completing the SkillSoft® course, independent student reading,
and research.
Watch the "Fostering Collective Responsibility for IT Risk" video.
Watch the "Balancing Security with User Convenience" video.

4. Complete "Introduction to Information Security Governance" topic of
the Skillsoft® course "CISM 2012: Information Security Governance
(Part 1)."
Assignment: Situation: You have just joined an organization that
depends on the use of the web to perform most of its major tasks. You
have noticed that information security is mostly ignored by those
performing the work tasks and it is not a priority with management or
executive leadership.
Write a 1- to 2-page memo to the Chief Executive Officer (CEO) that is
designed to increase the priority of information security. Include a
convincing argument of why the survival of the organization may
depend on information security. Include these topics:
Confidentiality, integrity, and availability
Authenticity
Accountability
Threats from malicious software
Security challenges of cloud computing
Cyberterrorism and information warfare
==============================================
CMGT 582 Week 2 Individual Assignment Security Within
My Organization
FOR MORE CLASSES VISIT

5. www.cmgt582study.com
Assignment Preparation: Activities include watching the SkillSoft®
videos, completing the SkillSoft® course, independent student reading,
and research.
Watch the "Technology and the Impact on Business and the
Environment" Skillsoft video.
Complete "Defining law and ethics" point of topic "The Relationship
Between Law and Ethics" of the Skillsoft® course "Business Law and
Ethics."
Complete "Recognize the Effect of Laws and Regulations on Audit
Planning," point of topic "Management of an IS Audit Function," of the
lesson "Information Systems and the IS Audit Function" of the
Skillsoft® course "CISA Domain: The Process of Auditing Information
Systems - Part 1."
Write a 3- to 4-page analysis of ethical considerations for maintaining
confidentiality and customer data.
Address the following issues in your analysis:
Define ethics.
Apply ethics to information systems.
Discuss the constituent parts IT/IS professional ethics.
Connect or relate the discussed constituent parts into an overall structure
that may relate to an IT/IS code of conduct or ethics.
Discuss the rules produced by the Ad Hoc Committee on Responsible
Computing.

6. Describe the privacy regulations or laws related to the identified ethical
issues
==============================================
CMGT 582 Week 3 Assignment Privacy with Ethics
Considerations
FOR MORE CLASSES VISIT
www.cmgt582study.com
Create a 10- to 12-slide presentation evaluating the three areas of
privacy issues specific to FERPA, HIPAA, and EEA. Develop scenarios
in all of the three areas that you feel are most important to the recipients
protected by these laws and the methodology used in each.
Include how each of these laws affects the requirements of companies or
colleges and how each manages their security strategy to enforce
compliance.
Compare the effectiveness of each industry's efforts to ensure privacy
issues are addressed and protected.
Address and comment on the following issues in your analysis:
· Define privacy in the three areas
· Apply privacy and privacy protection to Information Systems
· Repercussions to the companies protected by the three laws

7. · Differences in the protection methodologies used by the 3
industries represented by these laws
· Differences in security strategies used by the three industries
· Describe how these three laws can change a company's security
policies and mitigation plans
· Explain why public corporations have the same privacy issues (for
intellectual property) as people do (for personal information)
· Conclude your assignment with ideas regarding how each law can
be improved
Include detailed speakers notes within your presentation.
==============================================
CMGT 582 Week 3 Individual Assignment Risk Assessment
FOR MORE CLASSES VISIT
www.cmgt582study.com
Assignment Preparation: Activities include watching the SkillSoft®
videos, completing the SkillSoft® course, independent student reading,
and research.
Watch the "QuickTalks: David Bach: Nonmarket Strategy: The Next
Frontier of Competitive Advantage" Skillsoft® video.

8. Complete the "Intrusion Prevention Technologies" topic of the lesson
"Understanding IPS Fundamentals" in the Skillsoft® course "Cisco IINS
2.0: Implementing IPS."
Complete slides 1 to 3 of the "Risk Response Strategies" topic of the
Skillsoft® lesson "Plan Risk Responses" of the course "Risk response
and Control (PMBOK® Guide Fifth Edition)."
Prepare a 3- to 5-page risk assessment of your organization or an
organization with which you are familiar.
Include how the formula for risk can be applied to the organization.
Describe how risk assessment is related to security controls or
safeguards.
Include the following in your assessment that is part of Figure 14.3, Risk
Assessment Methodology, of the Stallings and Brown
textbookComputer Security (p. 478):
System characterization
Threat identification
Vulnerability identification
Control analysis
Likelihood determination
Impact analysis
Risk determination
==============================================

9. CMGT 582 Week 4 Individual Assignment Technologies and
Methodologies Evaluation
FOR MORE CLASSES VISIT
www.cmgt582study.com
Assignment Preparation: Activities include watching the SkillSoft®
videos, completing the SkillSoft® course, independent student reading,
and research.
Watch the "Creating an Actionable Risk Management Strategy"
SkillSoft® video.
Complete the "Network Security Appliances and Methods" topic of the
Skillsoft® course "CompTIA Network+ 2012: Network Security Part 3."
Complete the "Firewalls, IDS and Network Security Solutions" topic of
the Skillsoft®course "CompTIA Network+ 2012: Network Security Part
3."
Consider information management risks to include cybercrime and
cyber-related crimes.
Write a 3- to 5-page evaluation of security technologies and
methodologies used to mitigate information management risks. An
evaluation is generally based on specific criteria and standards.
Include at least the following:
Firewalls
Intrusion prevention systems

10. Intrusion detection systems
Access control
Cryptographic tools and processes
==============================================
CMGT 582 Week 5 Assignment Mitigating Information
Management Risk
FOR MORE CLASSES VISIT
www.cmgt582study.com
Consider information security risks, including:
Cybercrime and cyber-related crimes
Social engineering
Mobile computing
BYOD (Bring your own device).
Write a 3 full page evaluation (not including the title and reference
pages) of security technologies and methodologies that can be used to
mitigate each of the above information security risks. Support your
paper with appropriate references and follow APA format.

11. Include the following for each type of risk:
Description of the risk
Security technologies and methodologies that can be used to mitigate
them
Rationale describing how the risks are mitigated to an acceptable level
Include a Turnitin report.
Submit your assignment and Turnitin report using the Assignment Files
tab.
==============================================
CMGT 582 Week 5 Individual Assignment Policy
Implementation Presentation
FOR MORE CLASSES VISIT
www.cmgt582study.com
Assignment Preparation: Activities include watching the completing the
SkillSoft®course, independent student reading, and research.
Complete the "Security Policy Documents and Life Cycle" topic of the
Skillsoft® course "SSCP Domain: Security Operations and
Administration Part 1."

12. Complete the "Risk Management and Regulatory Compliance" topic of
the "Security Policies and Life-Cycle Approach" lesson of the Skillsoft®
course "Cisco IINS 2.0: Security and Strategies."
Consider security planning policies, procedures, and models to include
multilevel and cryptographic processes.
Prepare 10-12 Slides Presentation
Include the following:
Description of security planning policies
Description of how human resources security is included in security
planning
Description of how cryptographic tools may be included in security
planning
Application of security planning policies to manage security
Evaluation of how specific policies are used to implement security plans
==============================================
CMGT 582 Week 5 Individual Assignment Policy
Implementation
FOR MORE CLASSES VISIT

13. www.cmgt582study.com
Assignment Preparation: Activities include watching the completing the
SkillSoft®course, independent student reading, and research.
Complete the "Security Policy Documents and Life Cycle" topic of the
Skillsoft® course "SSCP Domain: Security Operations and
Administration Part 1."
Complete the "Risk Management and Regulatory Compliance" topic of
the "Security Policies and Life-Cycle Approach" lesson of the Skillsoft®
course "Cisco IINS 2.0: Security and Strategies."
Consider security planning policies, procedures, and models to include
multilevel and cryptographic processes.
Write 3-5 Page Paper
Include the following:
Description of security planning policies
Description of how human resources security is included in security
planning
Description of how cryptographic tools may be included in security
planning
Application of security planning policies to manage security
Evaluation of how specific policies are used to implement security plans

14. ==============================================
CMGT 582 Week 6 Individual Assignment Systems
Development Life Cycle (SDLC)
FOR MORE CLASSES VISIT
www.cmgt582study.com
Assignment Preparation: Activities include watching the completing the
SkillSoft®course, independent student reading, and research.
Complete the "Information Risk Management Overview" topic of the
"Information Risk Management Program" lesson of the Skillsoft®
course "CISM 2012: Information Risk Management and Compliance
(Part 1)."
Completethe "Auditing and Testing IS Security" topic of the "Auditing
Internal and External Security" lesson of the Skillsoft® course "CISA
Domain: Protection of Information Assets - Part 2."
Consider the systems development life cycle (SDLC), security systems
life cycle, and information systems security certification and
accreditation.
Write a 3- to 5-page evaluation of the use of the security life cycle.
Include the following:
All six phases

15. Review of steps unique to the security life cycle, not in common with
SDLC
Applicable criteria and standards, such as certification and accreditation,
used in your evaluation
==============================================