User Account

All Pages

Testing and improving controls

Assignment Help Business Management
Reference no: EM133613139

Testing and improving controls

As you have discovered in this course, any controls implemented by an organisation must be thoroughly monitored and tested. Introducing a range of new control measures (such as access control) creates the potential for new risk challenges. Stress testing is one method to assess these controls for the likelihood of risk.

A stress test is a simulation that measures the resilience of controls against potential compliance failures. This can be done via hypothetical scenarios and ethical hacking - a process intended to reveal vulnerabilities in a system. Stress testing is particularly valuable for organisations if the testing relies on less predictable methodologies used by hackers and criminals.

For this small group discussion forum, engage with the fictional case study and discuss ways to rectify the situation using what you've learnt about monitoring and reporting in this module.

Case study:

Kimi is a compliance officer who has been asked to stress test an organisation that has just implemented a new access control solution. Employees, security officials, and custodial staff have recently been issued access cards. The cards are used for physical movement within the premises and access to printing services. All employees have been trained on the new access control processes and systems.

How can Kimi circumvent these controls as part of a stress test?

First, Kimi hires a pregnant actress to request a visitors' access card from the front desk security officer so that she can use the bathroom facilities that are behind an access-controlled turnstile. The security guard does not know how to program the card correctly, so he lets her use his card. However, Kimi has given the actress a card skimmer, which she used to copy the security guard's access card.

Kimi uses the cloned card to enter the building. Because security officials typically have access cards that allow access throughout entire premises, Kimi is able to gain sensitive information simply by walking around and taking photos after most employees leave work in the evening.

She notes that some staff members have written their new passwords on sticky notes placed in accessible areas (such as on a work-station monitor, or under a keyboard). This allows Kimi to employ an ethical hacker to access the data systems and copy valuable personal information and intellectual property.

Question

Imagine that you are the compliance officer for this organisation. How would you control for the conduct failure that occurred? Can you suggest a means of monitoring to improve these controls?

You can speak to any of the following points in your discussion:

Analysis: Is it possible to improve on the existing controls (the established security system and staff training) to prevent unwanted access and card skimming?

Ethics: How do you feel about refusing to help a person in need with a minor and seemingly harmless request? How would you balance the needs of the organisation with those of human beings?

Reporting: Which stakeholders should be informed and consulted regarding such an incident? How would you report the event to these stakeholders?

Implementation: Can you suggest any further controls that may be useful in managing this risk? How could these then be monitored to ensure they are performing as intended?

Reference no: EM133613139

Questions Cloud

Mang popoy is just waiting for retirement : Mang Popoy is just waiting for his retirement. He noticed that he gets weaker every day. His main concern is his memory.
How has covid-19 pandemic affected apples value chain : How has the COVID-19 pandemic affected Apple's value chain and what measures has the company taken to mitigate disruptions?
Improve security education and awareness : You want to improve security education and awareness amongst employees and partners of your organization.
Do you believe that the use of james photo : Do you believe that the use of James photo does violate James' right of publicity because the right generally protects one's name, image, likeness
Testing and improving controls : Imagine that you are the compliance officer for this organisation. How would you control for the conduct failure that occurred?
What gives police officers the right to take the servers : A cybersecurity manager is preparing to begin working when police officer comes through door warrant. What gives police officers the right to take the servers?
How would the scriptures make a difference : compare how someone who knows these scriptures and abides by them would set policies and someone who does not know and does not abide by them
Opportunity to review various aspects : Now that you have had the opportunity to review various aspects of the IRB process, you are ready to draft another section of your project.
Review the survey results and the food and drink options : Review the survey results and the food and drink options, and make a decision on the type of food to be served at the party

Reviews

Write a Review

Business Management Questions & Answers

  Caselet on michael porter’s value chain management

The assignment in management is a two part assignment dealing 1.Theory of function of management. 2. Operations and Controlling.

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. Due to increase in the preference for light beer drinkers, Chris Prangel wants to introduce light beer version in Mountain Man. An analysis into the la..

  Mountain man brewing company

Mountain Man Brewing, a family owned business where Chris Prangel, the son of the president joins. An analysis into the launch of Mountain Man Light over the present Mountain Man Lager.

  Analysis of the case using the doing ethics technique

Analysis of the case using the Doing Ethics Technique (DET). Analysis of the ethical issue(s) from the perspective of an ICT professional, using the ACS Code of  Conduct and properly relating clauses from the ACS Code of Conduct to the ethical issue.

  Affiliations and partnerships

Affiliations and partnerships are frequently used to reach a larger local audience? Which options stand to avail for the Hotel manager and what problems do these pose.

  Innovation-friendly regulations

What influence (if any) can organizations exercise to encourage ‘innovation-friendly' regulations?

  Effect of regional and corporate cultural issues

Present your findings as a group powerpoint with an audio file. In addition individually write up your own conclusions as to the effects of regional cultural issues on the corporate organisational culture of this multinational company as it conducts ..

  Structure of business plan

This assignment shows a structure of business plan. The task is to write a business plane about a Diet Shop.

  Identify the purposes of different types of organisations

Identify the purposes of different types of organisations.

  Entrepreneur case study for analysis

Entrepreneur Case Study for Analysis. Analyze Robin Wolaner's suitability to be an entrepreneur

  Forecasting and business analysis

This problem requires you to apply your cross-sectional analysis skills to a real cross-sectional data set with the goal of answering a specific research question.

  Educational instructional leadership

Prepare a major handout on the key principles of instructional leadership

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd