CMGT 400 (INTRO TO INFORMATION ASSURANCE & SECURITY)ENTIRE CLASS
CMGT 400 Week 1
Week 1 Individual Assignment Risky Situation
Complete the UniversityMaterial: Risky Situations table found on your student website.
List three types of sensitive information involved with each situation. Identify three ways each information item could be misused or harmed.Answer the questions at the end of the table.
CMGT 400 Week 1 Team Assignment Kudler Fine Foods IT Security Report – System Review
Kudler Fine Foods is in the process of developing a customer loyalty program and related system to give rewards to their customers based on their purchases and other relevant information.
Your team has been asked to direct the development team in what they must do to ensure the system is developed in a secure manner and that it properly protects company and customer information at all stages of development Each week, the team prepares different portions of the final paper and presentation, which recommends exactly what the development team should do at each step of the development process including any related policy, training, and ongoing IT audit elements.
Review the material for Kudler Fine Foods in the Virtual Organizations. Familiarize yourself with the company and its systems, and identify the specific systems or areas where your team thinks information security is particularly needed. You do not need to analyze for specific threats; that will be done later. Simply identify those areas and systems where security is warranted. Submit a memo to Kudler’s leadership that outlines your team’s findings about areas in which the Kudler system should have IT security measures
DQ 1 What is the mindset required to properly protect information? What role does reasoned paranoia play in the minded and how can an individual keep the proper balance between protecting information and enabling business?
DQ 2 How can information be an asset in a company? Discuss three different examples of
information that should be protected by a company and not exposed. Include
several examples of what management could do to protect each example.
CMGT 400 Week 2
CMGT 400 Week 2 Individual Assignment Common Information Security Threats
Submit a formal academic paper that addresses at least three major information security threats that a specific organization you choose faces today.
Describe potential risks to the information and the related vulnerabilities within the organization. Identify the forces that drive each threat and the related vulnerabilities.
Discuss how the values for threat and vulnerability combine to indicate the overall risk the organization faces.
Describe how an organization can properly manage its information security efforts using proper risk management techniques and cost-benefit analyses for these information security efforts.
Explain the legal, ethical, and regulatory requirements for protecting data.
CMGT 400 Week 2 Team Assignment Kudler Fine Foods IT Security Report – Top Threats
Submit a table that identifies the top threats to the new customer rewards program at Kudler Fine Foods in preparation for your final report (due in Week Five). Include the likely vulnerabilities each threat might exploit.
The following table is an example of one you might use:
Area of System
Include a summary of those threats that the team judges are most critical to Kudler Fine Foods.
DQ 1 Why do you think one of the methods in the Heimerl (2010) article would be the most effective way for an organization to save money?
DQ 2 Which of the threats from social networking in the Horn (2010) article also apply to other businesses? Which do not? Why do you think so?
CMGT 400 Week 3
CMGT 400 Week 3 Individual Assignment Disaster Securing and Protecting Information
Submit a formal academic paper that describes the security authentication process.
Discuss how this and other information security considerations will affect the design and development process for new information systems.
Include a brief discussion of how to include preventative measures for securing data, such as backups and remote or
Note what role this will play in the other areas covered in the paper.
Provide an overview of several systems and devices that can provide security services to meet the needs raised by the other areas covered in the paper.
CMGT 400 Week 3 Team Assignment Kudler Fine Foods IT Security Report – Security Consideration
Submit a description of the security considerations for each phase of the systems development process.
Identify specific concerns if the system is ever removed from service.
Specify what can and should be done in each systems development process phase to properly mitigate the risk for each entry in the table from the previous week. Be specific, but high-level in your mitigations.
Most or all items will have something to check or do in each stage of the systems development process.
DQ 1 What are three of the controls in the Helton (2010) article that would be effective in protecting health care information? For each item, describe the risk in your own terms and suggested solutions to mitigate it. Also, discuss whether this issue would face other types of organizations, or if it is limited to only those in the health care field.
DQ 2 How can a company protect data on corporate laptops according to the Storn (2008) article? Why do more organizations not use this kind of protection? Do you expect this to become a legal requirement in the future? Explain why or why not.
CMGT 400 Week 4
CMGT 400 Week 4 Individual Assignment The Role of Information Security Policy
Write a 1,000- to 1,500-word paper describing the importance of policies and standards for maintaining information systems security.
Include a discussion of the role employees—and others working for the organization—play in this effort.
Examine the different levels of security and how an organization can provide the proper level of effort to meet each information security need and how this relates to what is in an organization’s information security policy.
CMGT 400 Week 4 Team Assignment Kudler Fine Foods IT Security Report – Security Policy & Training
Identify the key information security policy elements that will be needed at Kudler Fine Foods to support the efforts to ensure that the new frequent shopper program properly protects the customer and organizational information.
Identify the security awareness training needed to ensure that employees are ready to properly protect customer and organizational information when using the new system.
DQ 1 What are the top three areas that an organization should work on to respond to the issues raised in the de Villiers (2010) article? Why are these areas critical to the organization? Is the author’s assessment correct? Explain why or why not. Choose a specific organization to illustrate your argument.
DQ 2 What is the value and effect of a good business impact analysis (BIA)? How can using this help an organization develop an effective information security policy?
CMGT 400 Week 5
CMGT 400 Week 5 Team Assignment Kudler Fine Foods IT Security Report Paper
Submit a formal academic paper that addresses the information security data that would guide the CIO of Kudler Fine Foods.
This report should cover the material from the previous weeks, providing a comprehensive look at the key safeguards needed for the project at each stage of the systems development processes.
The report should have clear recommendations to ensure that the final frequent shopper program system is properly secured against likely threats. •
Include the requirements for future audit provisions that the internal staff may use to validate the security measures in the system.
CMGT 400 Week 5 Team Assignment Kudler Fine Foods IT Security Report Presentation
Prepare a presentation to executive management at Kudler Fine Foods of the need to make
the changes recommended in the paper.
The presentation should be 10 minutes in length.
The presentation must include appropriate graphics,such as Microsoft® PowerPoint® slides.
The presentation must include detailed speaker’s notes.
Prepare to present your project to your class.
DQ 1 What is the role of an internal IT audit group in an organization? Why is having such a group important for an organization and why should it report outside the normal IT reporting channels?
DQ 2 What are at least three questions that you would ask to perform basic threat modeling for a field other than health care? Base your response on the information found in the AHC Media article (2009). Discuss your reasons for picking the questions you use.