Signature Assignment: Security Audit


You are part of a team selected by the Chief Information Officer (CIO) to perform a security audit for one of the companies explored in this course. Vampire Legends (Week 1)

  • Cruisin’ Fusion (Weeks 2- 3)
  • Devil’s Canyon (Weeks 4 – 5)

Create a 10- to 12-slide presentation (not including the title and reference slides) that shows the results of your security audit based on the following audit process:

  • Potential Risk to be Reviewed:Describe the risk.
  • Example: Viruses and malware can negatively impact the confidentiality, integrity, and availability of organizational data.
  • Regulation and Compliance Issues:Analyze how regulations and compliance issues could impact the organization.
  • Provide a detailed analysis of regulations and compliance issues, beyond the simple explanation in score point two.
  • Regulation and Compliance Resources and Tools: Analyze what resources and/or tools are available to address regulations and compliance issues.
  • Describe the control objective and the specific controls you will evaluate to determine potential risk is mitigated. Please note that typically, there will be more than one control that should be reviewed for a potential risk.
  • Example: Determine whether anti-virus software is in use.
  • Example: Determine whether virus signatures are periodically updated.
  • Example: Determine whether periodic virus scans are performed.
  • Provide a detailed analysis of the resources and/or tools available, beyond the simple explanation in score point two.
  • IT Security – Processes and Methods: Differentiate between the various processes and methods involved in management of IT security resources.
  • Review the various options available to address those processes and methods previously explained, and which ones might be feasible.
  • IT Security – Measures: Analyze the various security measures that could be taken within the organization.
  • Demonstrate a detailed understanding of what the alternatives are to approach security, how much security is needed, different methods to employ, etc.
  • Describe the criteria/measures that you will use to evaluate the adequacy of each area/review step that you review (i.e., what criteria will you use to perform your evaluation/how will you determine that the risk has been mitigated to an acceptable level).
  • Example: 100% of servers and PCs have virus software installed.
  • Example: 100% of the virus software installed is set to automatically update, including virus signatures.
  • Example: 100% of the virus software installed is set to automatically perform a scan at least weekly.

Include a 1/2- to 1-page executive summary to support your presentation. Include appropriate references.

Transcript: Devil’s Canyon

Transcript: Devil’s Canyon – A Role-Playing Simulation on Designing the Enterprise Architecture for a Mountain Resort by Patricia Wallace

In this simulation, the learner will understand how to design an enterprise architecture for a Mountain Resort by using the interactive map tools and get a sense of their vision and estimate their expenses.

The simulation will allow the learner to interact with the decision-makers of the enterprise through the following tools: Email, Voicemail, Instant message, Architecture Designer, and Web meeting.

Upon logging in to the application, the learner will have access to the following tools: Email, Voicemail and the documents. These are seen on the home screen of the application.

Interaction 1:

The learner will be using various means of interaction in the simulation, which shall be divided into stages as the interaction proceeds.


Once the learner clicks on the email icon, he/she will be able to see three emails, two are replies to the email sent by Ed, one from Se Jong and the other reply is from Ariane.

The subject of the email from Ed is “Devil’s Canyon ICT”. In the email Dan says that the maps of the resort are ready for the development, he wants to be sure that everything is right before investing on the computers, networks, and software. He plans on having all the cables underground so that people have wireless access throughout the resort. He warns about the storms during which the internet would be down. He says that electricity will not be an issue, as they have their own generators which would make a small data center feasible for them.

Ed informs that he has placed the cost estimates made for the software, data center construction, servers, training, maintenance and other things in the document folder to work out a budget. The budget needs to be around $750K for a year, which should include all the startup costs. He wishes for the costs to be around $1.2 million for three years.

After reading the mail from Ed, the learner then closes the mail and goes to read the reply made by Se Jong to Ed’s email.

Se Jong goes on to say that she has added a map of the resort to the folder and is working on the installation of the Architecture designer software for the user. She says that since they do not have a legacy software to fall upon, it would be of advantage to choose a software that would be suitable for the resort. She wants a thought on the cloud computing and software as a service and thinks of using it, as it would mean that there would be no requirement for the data center. She goes on to say that if they go in as an infrastructure-as-a-service they would not have the need to buy bigger hard drives.

After reading the mail from Se Jong, the learner then closes the mail and goes on to read the reply made by Ariane to Ed’s mail.

Ariane says that she has been thinking about the hardware side. And asks for opinions regarding the usage of optical scanners at the base of the lifts to keep the lines moving faster or using the RFID to track the charges of the customers so that they could avoid carrying their wallets. She thinks that it is costly to imply RFID’s but would be helpful to track the customers during bad weather in the slopes. She goes to mention that Se Jong is pretty good at developing a mobile app which is costly as well.

After reading the emails, the learner exits from the email folder and reaches the home page where he/she can find that the voicemail has been highlighted.

The learner clicks on the voicemail icon.


There is a voicemail from Ed. In the voicemail Ed says that he has so much expectations for the resort and wants his customers to have a top notch experience, he wants his customers to have easy access to Wi-Fi to use their laptops and tablets, he also wants smartphones to work well in the resort as there is the issue of dropped calls which he plans to avoid from happening.

After listening to the voicemail, the learner exits from the voicemail folder and reaches the homepage where the Instant Message pane pops up.

Instant Message:

Se Jong has sent a message saying that the Architect Designer application is up and running.

The learner can then type in a response and press return to read through the documents that has been attached in the documents folder


On opening the documents folder, the learner can find two documents titled “Map of the Resort” and “Estimated Costs of Architecture Components”.

On clicking the document titled “Map of the Resort” the learner can find a map of the resort.

After going through the map of the resort the learner closes the document and selects the document named “Estimated Costs of Architecture Components”.

On opening the document, the estimated costs for the Architecture Components for Devil’s Canyon are given. The document has the components divided into phases. Phase I: Software Choices, which has two parts: Enterprise Systems and Individual Productivity Software; Phase II: Hardware Choices; Phase III: Network and Telecom Choices which has four parts: Cabling, Wi-Fi and Cellular Access and Main Internet Connection; Phase IV: Special Purpose Systems Choices.

After going through the documents in the folder, the user can exit and reach the home page where the learner can find that the Architecture Designer icon is highlighted.

Architecture Designer:

The learner on selecting the Architecture Designer icon can see the map of the resort. There are three panes. One pane has the map of the resort, the second pane has the Enterprise Architecture Design Panel Running Expenses where the amount gets filled in once the learner selects the options in Phase I: Software Choices for the Enterprise Systems and the Individual Productivity Software. The learner must keep in mind the expenditure that is to be made.

The learner can click on the submit button if he/she is satisfied with the response or reset the form and select the option that he/she thinks is suitable and then submit the form.

The learner can then exit the Architecture Designer and return to the homepage where the learner can find the Email and the Voicemail icons to be highlighted.

Interaction 2:

The reader can find two emails in the email folder, one is from Ed and the other mail is from Se Jong replying to Ed’s email which has the subject “Phase I – Software Selections”.

Both the emails put forth the opinions and concerns of Se Jong and Ed on the choices that have been made for the Phase I of Software Choices for the Enterprise Systems and Individual Productivity Software.

The user can then exit the email folder and reach the homepage to see the Voicemail folder to be highlighted.


On selecting the voicemail icon, the learner can find three new voicemails from Ariane, Justin and Ed. The reader can then listen to the individual voicemails where all the three of them provide their view on the choices that has been made.

The reader then can exit the voicemail and reach the homepage where Se Jong has sent a message on the Instant message saying that she has loaded the data for Phase II on the hardware architecture in the Architecture Designer. The homepage now has the highlight on the Architecture Designer.

Architecture Designer:

Upon selecting the application, the learner can see the map of the resort, with the selections that have been made in Phase I. There are three panes as before, but at this point the user has to make the decision by selecting the Hardware Choices of Phase 2, the learner can then submit after making the selection or reset and then select the option that he/she thinks is right. The learner must keep in mind the budget that has been allotted by Ed in the beginning. The learner can notice that there is the option of “Exit without Submitting”, keep in mind that the activity will not proceed until the choice is made.

Exiting the Architecture Designer, the learner can see that the voicemail and the email icons have been highlighted.


Opening the voicemail first, the learner can find two new voicemails from Justin and Ariane. Both of them provide their feedback and concerns on the choices that have been made for the Hardware.

Exiting the voicemail, the learner can now find the Email icon in the homepage to be highlighted.

Interaction 3:

Selecting the email folder, the learner can find 2 emails. One is from Ed and the other is from Se Jong.

The mail from Ed has the subject “Phase 2- Hardware Selections”, where he puts forth his views on the selections that have been made and the concerns that he has regarding the choices.

The mail from Se Jong has the subject “Smartphones”, where she shares her concern of operating systems for smartphones and source codes.

The learner can then exit from the email folder and return to the homepage to find the Architecture Designer to be highlighted.

Architecture Designer:

On selecting the Architecture Designer, the learner is put forth with the map of the resort now containing the choices made for both Phase I and Phase II. The learner now has to make the decision regarding the Network and Telecom Choices for Cabling, Wi-Fi and Cellular Access, Voice calls, Main Internet Connection of Phase III. The learner should keep in mind the budget allotted and that he/she can submit the selection made or reset and make the correct choice. Keep in mind that the learner cannot proceed further without making the selection for the Phase III.

The learner can now exit from the Architecture Designer and go to the homepage where he/she can see that the Instant Message has popped up and has a message from Ed instructing to try out the Web software where the team would be meeting up to discuss what has been done so far.

Web Meeting:

On selecting the Web Meeting icon, the learner can see the Screen Area with the map of the Resort. All the members are present in the meeting, Ed is on the video call while the team members Ariane, Se Jong, Justin and the learner talk to each other using the chat box. There is a pane with notes that explains the various concepts on technical words. The meeting has the members discussing the Wi-Fi, Cell Towers, Landline Voice calls and the Bandwidth choices. The meeting ends with the members moving forward to make choices for Phase IV. Note that the learner cannot proceed further without completing the web meeting.

After exiting the Web Meeting, the user reaches the homepage to find the Instant Message with messages from Ed.

Instant Message:

The Instant message has Ed saying that the budget needs to be put forth and he needs recommendations for the Special purpose systems. He also goes to put a reminder of the budget being $750,000 for the first year and $1.2 million for total 3 years cost.

2 The user can see that the Documents folder has been highlighted in the homepage.


On selecting the documents folder, the learner can find a new document titled “Devil’s Canyon Architecture Map (draft)”.

Opening the document, the learner can see the draft model of the Resort with the selections that have been made so far for the resort.

The learner can close the document and exit from the document folder.

Upon exiting the document folder and reaching the homepage, the learner can find the Architecture Design to be highlighted. The learner then selects the Application.

Architecture Designer:

On opening, the learner can see the map of the Resort with all the selected options from Phase I, II, and III. The learner has now to make the decision regarding the Special Purpose Systems Choices of Phase IV. On selecting the options, the learner can submit and then exit or reset the form and modify the choices and submit.

The learner on returning to the homepage can find the email icon to be highlighted.

Interaction 4:

The learner can find four new emails, two from Ed; one from Se Jong and the last one from Justin. The emails have different issues and concerns being discussed like the need for security, smart lift ticket systems with optical scanners, the budget and the web cam systems on the slopes.

The learner can exit from the email folder and reach the homepage to find the Documents folder to be highlighted.


On opening the documents folder, the learner can find the two new documents that have been added to the folder. One is titled “Devil’s Canyon Architecture Map (final) and the other being “Devil’s Canyon Budget”.

“Devil’s Canyon Architecture Map (final)” has the final set up of all the selections that have been made for the resort.

“Devil’s Canyon Budget” has the cost estimates for designing the Enterprise Architecture for Devil’s Canyon. It shows all the expenses and the total cost for 1 year and the total cost that has occurred for 3 years.

The reader can then exit from the document to the folder and then exit the document folder to return to the homepage where a pop-up will say that the simulation has been completed.

End of simulation exercise

Copyright © 2018 by Pearson. Used with permission. All rights reserved.

Copyright© 2019 by Pearson. Used with permission. All rights reserved.

