User Account

All Pages

Analysis of the IT Governance and Risk Management issues

Assignment Help Computer Network Security
Reference no: EM132324182

Cybersecurity in Business and Industry Assignment -

Project - Integrating NIST's Cybersecurity Framework with Information Technology Governance Frameworks

Scenario - You have been assigned to your company's newly established Risk Management Advisory Services team. This team will provide information, analysis, and recommendations to clients who need assistance with various aspects of IT Risk Management.

Your first task is to prepare a 4 pages research paper which provides an analysis of the IT Governance, IT Management, and Risk Management issues and problems that might be encountered by an e-Commerce company (e.g. Amazon, e-Bay, PayPal, etc.). Your paper should also include information about governance and management frameworks that can be used to address these issues. The specific frameworks that your team leader has asked you to address are:

  • ISO/IEC 27000 Family of Standards for Information Security Management Systems
  • ISACA's Control Objectives for Information Technology (COBIT) version 5
  • NIST's Cybersecurity Framework (also referred to as the "Framework for Improving Critical Infrastructure Security")

The Risk Management Advisory team has performed some initial research and determined that using these three frameworks together can help e-Commerce companies ensure that they have processes in place to enable identification and management of information security related risks particularly those associated with the IT infrastructure supporting online sales, payment, and order fulfillment operations. (This research is presented in the Background section below.) Your research paper will be used to extend the team's initial research and provide additional information about the frameworks and how each one supports a company's risk management objectives (reducing the risks arising from cyber threats and cyberattacks against information, information systems, and information infrastructures). Your research should also investigate and report on efforts to date to promote the use both frameworks at the same time.

Your audience will be members of the Risk Management Services team. These individuals are familiar with risk management processes and the e-Commerce industry. Your readers will NOT have in-depth knowledge of either framework. For this reason, your team leader has asked you to make sure that you include a basic overview of these frameworks at the beginning of your paper for the benefit of those readers who are not familiar with CSF and COBIT.

Write: Use standard terminology including correctly used cybersecurity terms and definitions to write a two to three page summary of your research. At a minimum, your summary must include the following:

1. An introduction or overview of the role that the Information Security Management System plays as part of an organization's IT Governance, IT Management, and Risk Management activities. The most important part of this overview is a clear explanation of the purpose and relationships between governance and management activities as they pertain to managing and reducing risks arising from the use of information technology.

2. An analysis section that provides an explanation of how ISO/IEC 27000, 27001, 27002; COBIT 5; and NIST's CSF can be used to improve the effectiveness of an organization's risk management efforts for cybersecurity related risks. This explanation should include:

a. An overview of ISO/IEC 27000, 27001, and 27002 that includes an explanation of the goals and benefits of this family of standards (why do businesses adopt the standards, what do the standards include / address, what are the desired outcomes or benefits).

b. An overview of COBIT 5 that includes an explanation of the goals and benefits of this framework (why do businesses adopt the framework, what does the framework include / address, what are the desired outcomes or benefits).

c. An overview of the NIST Cybersecurity Framework (CSF) which explains how businesses can use this framework to support ALL of their business functions (not just critical infrastructure operations).

d. Five or more specific examples of support to risk management for e-Commerce and supporting business operations that can be provided by implementing ISO/IEC 27000/1/2, COBIT 5, and NIST CSF.

3. A recommendations section in which you provide and discuss five or more ways that e-Commerce companies can use the standards and frameworks at the same time (as part of the same risk management effort). You should focus on where the frameworks overlap or address the same issues / problems. (Use Table 2: Informative References to find overlapping functions / activities.) You are not required to identify or discuss potential pit falls, conflicts, or other types of "problems" which could arise from concurrent use of multiple guidance documents.

4. A closing section that provides a summary of the issues, your analysis, and your recommendations.

Attachment:- Assignment File.rar

Verified Expert

The security issues faced by e-commerce companies are described. An analysis of all the risks encountered by the selected organization due to the potential threats of the Information technology and the strategy developed to reduce the risks to a larger extent have been explained in the study.

Reference no: EM132324182

Questions Cloud

Explain to what extent the given skills were effective : Identify two to three scholarly resources, in addition to this Module's readings, that evaluate the impact of leadership behaviors in creating healthy work.
What are optimal solution and total profit contribution : What does the right-hand-side range information for constraint 1 tell you about the shadow price for constraint - Does the optimal solution change
Explain your responsibilities when having a dea number : Explain your responsibilities when having a DEA number. Explain your state's requirements for a safe prescribing and prescription monitoring program.
What systems currently being utilized at your organization : What systems are currently being utilized at your organization? Identify two strength and two weaknesses of the current information-technology being used.
Analysis of the IT Governance and Risk Management issues : CSIA 350 Cybersecurity in Business and Industry Assignment, University of Maryland University College, USA. Analysis of the IT Governance issues
Describe the hpi and clinical impression for the client : Describe the HPI and clinical impression for the client. Recommend psychopharmacologic treatments and describe specific and therapeutic end points for your.
Discuss elements such as accuracy of data : Identify credible sources of public health data is critical competency for public health workers. Be sure to discuss elements such as accuracy of data.
Describe the evidence-based strategies in detail : Nursing professionals do not only communicate with others within their organizations-often, they are also the first point of contact with patients.
Never use corn blood balance formula removers : Never use corn Blood Balance Formula removers. Caustic agents can cause chemical burns. Even a pumice stone and razor can harm a person with diabetes.

Reviews

len2324182

6/17/2019 10:28:49 PM

This assignment is 4 pages without references page and cover page. Submit for Grading - Submit your work in MS Word format (.docx or .doc file) using the Project Assignment in your assignment folder. (Attach the file.). Additional Information - Consult the grading rubric for specific content and formatting requirements for this assignment. Your 4 pages white paper should be professional in appearance with consistent use of fonts, font sizes, margins, etc. You should use headings and page breaks to organize your paper. Your paper should use standard terms and definitions for cybersecurity.

len2324182

6/17/2019 10:28:43 PM

The CSIA program recommends that you follow standard APA formatting since this will give you a document that meets the “professional appearance” requirements. APA formatting guidelines and examples are found under Course Resources - APA Resources. An APA template file (MS Word format) has also been provided for your use CSIA_Basic_Paper_Template(APA_6ed,DEC2018).docx. You must include a cover page with the assignment title, your name, and the due date. Your reference list must be on a separate page at the end of your file. These pages do not count towards the assignment’s page count.

len2324182

6/17/2019 10:28:37 PM

You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct, and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must follow a consistent citation style (APA).

Write a Review

Computer Network Security Questions & Answers

  Biometric authentication methods for on-line transactions

What is the weakness for Biometric authentication methods for online transactions

  Make the left column have correct parity

Rectangular code:- Show that the parity bit in the lower-left-hand corner of the rectangular code is consistent in both directions.

  Discuss the role of the federal government

CSEC 670 Assignment - How do the emerging cyber security technologies that you identified coupled with prioritized research and development improve cyber security?

  Chunks of code to give secure-reliable computing environment

How are many chunks of code from many organizations really going to work together to provide a secure and reliable computing environment?

  Investigate the development on massive mimo technology

Investigate the development on massive MIMO technology and prepare a brief report of around 1400 words. Your references may come from websites, white papers, government documents or published conference or journal papers.

  Determine primary security risk that users must acknowledge

Based on the article by Lenning (2005), determine a primary security risk that users must acknowledge when using macros? Why is it significant to educate users of these risks once their dilemma is resolved?

  What is the principle of adequate protection

What is the difference between a threat and a vulnerability? Define each, and then give at least one example of a threat and of a vulnerability.

  Concepts of information systems security as applied to an it

concepts of information systems security as applied to an IT infrastructure

  Create and submit a security policy

Create and submit a security policy for McBride Financial Services, located in the Virtual Organizations. Develop a policy based on perceived needs associated within the loan department and issues in implementing online loan applications.

  Explain how data is secured using the plain and cipher text

Provide a real-world example of how cryptography/hashing can be used in order to secure data transmission across a network.

  Computing decryption function and recovered plaintext

Decrypt to recover the plaintext. What is the decryption function, and the recovered plaintext? What type of cipher is this?

  Which tenets of cybersecurity were violated in the breach

Which tenets of cybersecurity were violated in the breach? How were those attacks executed to bypass network defenses?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd