Assignment 11
Assignment – 1
This is a required assignment worth 15 points (15-points/
10
00-points). Assignment must be submitted by the due date.
No late assignments are allowed. Please discuss the following topics and provide substantive comments to at least two other posts.
Select from the following list four (4) topics and discuss. Use only
50
-words max per topic to discuss and present your answer.
The discussion questions this week are from Chapter 1 (Jamsa,
20
13).
Chapter 1 topics:
· Define and discuss cloud computing.
· Discuss how cloud computing has changed how companies’ budget for software solutions.
· Compare and contrast SaaS, PaaS, and IaaS, and provide an example of each.
· Define scalability and discuss how the cloud impacts it.
· List three advantages and three disadvantages of cloud computing.
· Define virtualization and discuss how the cloud impacts it.
· Describe three cloud-based solutions for individuals and three cloud-based solutions for businesses.
· Discuss how Web 2.0 has driven the growth of the web.
· Compare and contrast public, private, community, and hybrid clouds.
Note: You are required to use at least two-peer reviewed sources (besides your textbook) to answer the above questions. The initial post is due by Wednesday at 11:59pm ET. You must engage on at least three separate days (by Wednesday for the first post and two additional days of peer engagement). Do not wait until Sunday to engage with peers, this should be an active conversation with your peers. When replying to peers be sure to engage with substantial posts that add to the conversation.
Assignment – 2
Discuss why It is important to realize that risk management is not intended to be risk elimination. Things to avoid to you rely on writing I agree with you will result in zero. You need to add value to the discussions. Every discussion topic opens on Monday and closes Saturday midnight
Discussion rubric
Synthesis of Concepts – Initial Post
Clear Citations using APA format
Writing Standards
10
Timeliness
10
Peer Reviews (minimum of 2)
Assignment – 3
Note: This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint.
1. On your local computer, create a new document.
You will use this document as your Lab Report.
2. Review the seven domains of a typical IT infrastructure.
3. In your Lab Report file, describe how risk can impact each of the seven domains of a typical IT infrastructure: User, Workstation, Local Area Network (LAN), Local Area Network-to-Wide Area Network (LAN-to-WAN), Wide Area Network (WAN), Remote Access, and System/Application domains.
4. Review the left-hand column of the following table of risks, threats, and vulnerabilities that were found in a health care IT infrastructure servicing patient with life-threatening conditions:
5. In your Lab Report file, complete the table from the previous step by identifying which of the seven domains of a typical IT infrastructure will be most impacted by each item in the table’s left-hand column and explain why.
Risks, Threats, and Vulnerabilities
Primary Domain Impacted
Unauthorized access from public Internet
Hacker penetrates IT infrastructure and gains access to your internal network
Communication circuit outages
Workstation operating system (OS) has a known software vulnerability
Denial of service attack on organization’s e-mail server
Remote communications from home office
Workstation browser has software vulnerability
Weak ingress/egress traffic-filtering degrades performance
Wireless Local Area Network (WLAN) access points are needed for LAN connectivity within a warehouse
Need to prevent rogue users from unauthorized WLAN access
User destroys data in application, deletes all files, and gains access to internal network
Fire destroys primary data center
Intraoffice employee romance gone bad
Loss of production data server
Unauthorized access to organization-owned workstations
LAN server OS has a known software vulnerability
User downloads an unknown e-mail attachment
Service provider has a major network outage
User inserts CDs and USB hard drives with personal photos, music, and videos on organization-owned computers
Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router
Note: Some risks will affect multiple IT domains. In fact, in real-world environments, risks and their direct consequences will most likely span across several domains. This is a big reason to implement controls in more than one domain to mitigate those risks. However, for the exercise in step 5 that follows, consider and select only the domain that would be most affected.
Subsequent next steps in the real world include selecting, implementing, and testing controls to minimize or eliminate those risks. Remember that a risk can be responded to in one of four ways: accept it, treat it (minimize it), avoid it, or transfer it (for example, outsource or insurance).
Assignment – 4
Note: This is a paper-based lab. To successfully complete the deliverables for this lab, you will need access to Microsoft® Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint.
1. On your local computer, create a new document.
You will use this document as your Lab Report.
2. Review the seven domains of a typical IT infrastructure.
Seven Domains
3. In your browser, navigate to
https://web.archive.org/web/20181115194831/http://www.isaca.org/Knowledge-Center/cobit/Pages/FAQ.aspx
.
4. Review the information on the COBIT FAQs page.
ISACA—45 Years Serving Auditors and Business:
ISACA is a global organization that defines the roles of information systems governance, security, auditing, and assurance professionals worldwide. ISACA standardizes a level of understanding of these areas through two well-known certifications, the Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). In recent years, ISACA has expanded its certification offerings to include two other certifications around risk and IT governance.
ISACA was previously an acronym expanding to Information Systems Audit and Control Association, but today is known by the name ISACA alone to better serve its wider audience.
Similarly, COBIT was originally an acronym for Control Objectives for Information and related Technology. Now, ISACA refers to the framework as just COBIT, in part because the concept of “control objectives” ends with COBIT version 4.1. COBIT 5 focuses on business-centric concepts and definitions, distinguishes between governance and management, and includes a product family of “enabler guides” and “practice guides.” The recent release of COBIT version 5, released in 2012, is a complete break from expanded the COBIT framework, but COBIT 2019 will add a new Design guide and implementation strategies that include cloud computing.
5. In your Lab Report file, describe the primary goal of the COBIT v4.1 Framework. Define COBIT.
6. On the left pane of the COBIT website, click the COBIT 4.1 Controls Collaboration link.
7. At the top of the page, read the Discuss-Share-Learn introductory text.
8. Scroll down the page to the COBIT Domains and Control Objectives section.
9. Click the Text View tab.
10. In your Lab Report file, list each of the six domains of control objectives and briefly describe them based on the descriptions on the website. Include the following:
· Plan and Organize
· Acquire and Implement
· Monitor and Evaluate
· Delivery and Support
· Process Controls
· Application Controls
11. On the left pane of the COBIT website, click the COBIT 4.1 Publications and Products link.
12. From the center of the page, click the complimentary PDF download link to open the Download Registration page.
Note: You can also use Google to search for COBIT 4.1, which should return copies of the COBIT 4.1 PDF in the top results. If you choose this approach, skip ahead to step 16.
13. On the Download Registration page, use the following information to register for a downloadable copy of the framework.
Use your own name and email and type student in the Job Title box and select your own country.
14. Click the
acknowledgement checkbox and then click the SUBMIT TO ACCESS THE DOWNLOAD button to open the File Download page.
15. Click the DOWNLOAD YOUR FILE button and open the file.
The file may open in a new browser window or may appear in your Downloads folder. Locate the file and open it to continue.
16. In the file, read the Executive Overview beginning on page 5.
Refer to the page number in the footer of each page of the file.
17. In the file, read the How to Use This Book section beginning on page 27.
18. In the file, read the P09 Assess and Manage IT Risks process beginning on page 63.
Note: COBIT 5 is not an evolutionary but a revolutionary change. Naturally, risk management is covered, but it is done in a holistic, end-to-end business approach, rather than in an IT-centered approach.
19. In your Lab Report file, explain how you use the P09 Control Objectives to organize identified IT risks, threats, and vulnerabilities so you can then manage and remediate the risks, threats, and vulnerabilities in a typical IT infrastructure.
Note: This completes the lab. Close the web browser if you have not already done so.