User Account

All Pages

Security audit work plan

Assignment Help Other Subject
Reference no: EM132928434 , Length: 3000 Words

CIS2005 Principles of Information Security

Security Audit Work Plan / Presentation based on CASE STUDY: Gamble Bet

Course objective 1: analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks

Course objective 2: explain why continual improvement is necessary to maintain reasonably secure information systems and IT infrastructure and to describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail

Course objective 3: demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations.

You will be expected work collaboratively in developing and discussing their approach to assignment case study and the required Security report and presentation. Regular participation by an individual completing this assignment each week from Monday 7th September until Friday 16th October is expected. An individual will also be required to keep a journal of their activities and progress related to completing this assignment and will form part of the assessment for assignment 3. In date order clearly list the following:
- date of research activity/discussion
- topics researched or discussed
- Time duration of activity.

Submit this journal as an individual as an appendix to the assignment Recommendations report. Any reference to web pages and on line resources such as white papers, blogs, wikis etc. should be listed at the end of the journal.

Regular participation on the discussion forums dedicated for this assessment is highly recommended and can assist greatly with this assessment item. Also note that you are expected to do research outside of the course materials provided.

Case study - Gamble Bet

Your task

As the IT Security Consultant for HackStop assigned to the GambleBet investigation, you are required to put together a high-level security audit work plan for the bank and GambleBet that outlines your approach and methodologies to: (1) review the security of GambleBet and its key third party service providers, and (2) to determine whether GambleBet is the source of the credit card fraud. You also required to deliver your proposed security audit work plan in a Power point presentation.

The Security Audit work plan should be professionally presented and be concise and to the point. Remember, time is of an essence here and the work plan must be signed off as soon as is possible for the actual work to commence. Each day of delay could equate to many more thousands of dollars of fraud incurred by the bank and potentially also by GambleBet.

Any information not provided in the case study may be assumed, but make sure that your assumptions are stated and that the assumptions are plausible.

Security Audit Work-plan Report Structure and Requirements (WORD Document):

The Security Audit work plan should be included in a professionally presented document of no more than 10 pages and be structured to show how each phase of work is to be undertaken. Your work-plan must include the following at a minimum:

1. Executive Summary: half-page brief outlining purpose; scope, expectations and outcomes of the proposed plan of work. (250 words)

Structured and ordered work plan phase description, which for each section includes:

2. Background and problem analysis - What went wrong? How was GambleBet website compromised and customer credit card details stolen ? (approx. 500 words)

3. Threat analysis - What is to be investigated and tested, how it will be done, what sort of potential issues you are looking for, and deliverables GambleBet and their Bank can expect for each phase of work - (eg; the "deliverable" for the phase of work could potentially be a report containing the results of a vulnerability assessment test on GambleBet's server(s) and web applications). (approx. 1000 words)

4. Dependencies and critical success factors to the job - such as key stakeholders in this security audit - the key people to be interviewed or whose involvement in that phase of work is required. (Remember, you don't always get free-rein access to systems and other information and because time is of importance, you won't get a long time to master the environment. But, as you know, you cannot also always believe everything you are told). What is key to getting this job done efficiently and what support do you need to get this done, (from GambleBet, NetBest IT Services and Big Frog Software) (approx. 500 words)

5. Set of recommendations for improving GambleBet's current security practices and ensuring that an appropriate set of controls are put in place (approx. 750 words)

6. Reference list of key sources in particular technical references which support your approach (Not counted in word count)
Note in this report and in the accompanying presentation you are encouraged to make use of appropriate Figures and Tables to emphasise the key points that you are trying make

7. A journal of each team member's (for students completing this assignment individually - your) activities in participating and contributing to the completion of the work plan report and presentation.

Suggested Security Audit Work Plan Report Presentation Structure

Developing a Secure Environment for GambleBet in the Future (POWERPOINT):

Your strategy presentation should be created as if it were an actual presentation you were doing for a real client in relation to your proposed security audit work plan including a set of recommendations and should contain the following at a minimum:
* 1 Slide for an Introduction outlining your team and the organisation you work for
* 2-3 Slides covering Background and problem analysis: A brief summary of where GambleBet is today in regards to security practices and controls in place for their web servers and web applications.
* 2-3 Slides covering the Threat Analysis: A summary of the major threats and associated vulnerabilities and the actions required to reduce the risks associated with these threats and specific vulnerabilities in their web servers and web applications to an acceptable level.
* 2 Slides covering Dependencies and critical success factors to the job: i.e. what is key to getting this job done efficiently and what support do you need to get this done, (e.g. internal business stakeholders, and key third party service providers etc (NetBest IT Services and Big Frog Software.)
* 2 Slides covering your proposed Set of recommendations for improving security practices of GambleBet and its key third party service providers ensuring appropriate controls are in place in relation to their web site and web applications which is core to their business

[The following is also to be included. While not part of a "standard" Industry business presentation, it is there to allow teaching staff to gauge what level of research has been undertaken].
* 1 Slide acknowledging the key authoritative reference sources which underpin the research you have conducted and your approach in the proposed work plan in your proposed business report.

Attachment:- Security Audit Work Plan.rar

Reference no: EM132928434

Questions Cloud

Calculate the annual turnover rate : It employs 4,000 employees. Of these 4,000 employees, 1,500 are nursing staff. Five years ago, the hospital experienced a sudden increase in patient volume.
Define human resource management : Define human resource management and discuss the responsibilities of the human resources department.
Assess employer branding techniques : In this you are required to identify and assess employer branding techniques and online external recruiting best practices.
How would avoid defensiveness during appraisal interview : Discuss the pros and cons of using different potential raters to appraise a person's performance.
Security audit work plan : Security Audit Work Plan - analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate
Create a severance package for a separated employee : -Create a severance package for a separated employee in a fictitious company that includes position differences, years of service, actual compensation amounts,
Calculate the total sales amount while keeping rate fixed : On the Enter Sales Receipts form, if the amount charged for a service is fixed, how can you calculate the total sales amount while keeping the rate fixed?
List the health care funding methods used in canada : List the health care funding methods used in Canada. State the health care funding method used in your jurisdiction and describe the payroll implication.
How each side of the fraud triangle contributes : Explain how the proper implementation of internal controls in accordance to frameworks such as the COSO framework can reduce the incidence of fraud

Reviews

Write a Review

Other Subject Questions & Answers

  What are specific people risks associated with a bank

In this paper, please address the following questions: What are specific people risks associated with a bank?  What are specific financial risks experienced by a bank

  List the federal agency

Describe how the agency implements the relevant law and policy.List the federal agency (or agencies) that regulates this area.

  Fast-food hamburger franchise internationally

You are planning to expand your fast-food hamburger franchise internationally and have decided to open in the United Arab Emirates, Israel, Mexico and China.

  Definition of existentialism morality

What is the definition of intentionalist morality and the definition of existentialism morality?

  How many microns of soft tissue

How many microns of soft tissue will stop as many alpha particles as 1 centimeter of air? Show your work.

  Emergence of future healthcare ethical issues

Who or what will direct the emergence of future healthcare ethical issues in America and Worldwide?

  Instead of using the existing statutory method

You're an individual investor who holds common stock in a large blue chip company. You've received notice of a proposed change. Instead of using the existing statutory method, the proposal calls for the company's board of directors to be elected by t..

  Describe the component of professional social work

As a future social worker, preparing a case presentation allows you to present social work practice skills demonstrated in addressing client needs.

  Prejudice and discrimination among students of different

Imagine that NYC government hired you, a social psychologist, to come up with a plan to reduce prejudice and discrimination among students of different races

  Support voter identification laws in Texas

What claims have been made to support voter identification laws in Texas? Are these claims valid?

  Health care reform policy alternative to positively

Recommend a health care reform policy alternative to positively impact insurance coverage and financing the delivery of healthcare in this country.

  Personality disorders and personality traits

How do personality disorders differ from personality traits? Are the criteria for each PD, not traits, themselves?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd