Free Essay

Lab 7 Risk Management in It

In: Computers and Technology

Submitted By kdog2984
Words 737
Pages 3
-------------------------------------------------
Project

Project Title
Transforming to an E-Business Model

Purpose
This project provides you an opportunity to assume a specific role in a business situation. You then apply the competencies gained in this course to develop a solution for a business problem related to an organization’s transformation to an e-business model.

Learning Objectives and Outcomes
You will be able to: * Gain an overall understanding of an e-business transformation capitalizing on the advent of the Internet technologies and Web applications in a specific business situation. * Summarize your understanding of implementing social networking applications into an e-business model capitalizing on the advent of Internet technologies and Web applications in a specific business situation. * Summarize your understanding of identifying risks, threats, and vulnerabilities relating to Web and social networking applications in an e-business transformation. * Identify various weaknesses in Web site applications. * Understand the life cycle of software development and how security can fit into the model. * Identify the need for Payment Card Industry Data Security Standard (PCI DSS) compliance within an organization. * Identify various open source and proprietary tools used in Web application security assessment and vulnerability scanning. * Identify the available mobile communication devices and the security risks associated with each type of device.

Required Source Information and Tools
The following tools and resources will be needed to complete this project: * Course textbook * Access to the Internet

Project Logistics Activity Name | Assigned | Due | % Grade | Project Part 1: Identify E-Business and E-Commerce Web Apps for Planned Transformation | Unit 1 | Unit 2 | 2 | Project Part 2: Identify Social Networking Apps for Planned Transformation | Unit 2 | Unit 3 | 2 | Project Part 3: Identify Risks, Threats, and Vulnerabilities | Unit 3 | Unit 4 | 2 | Project Part 4: Web Application Vulnerabilities and Motivations for Attack | Unit 4 | Unit 5 | 2 | Project Part 5: Analyze the Software Development Life Cycle (SDLC) | Unit 5 | Unit 6 | 2 | Project Part 6: Plan for Compliance | Unit 6 | Unit 7 | 2 | Project Part 7: Configuration Management, Change Management, and Test Plans | Unit 7 | Unit 8 | 2 | Project Part 8: Vulnerability and Security Assessment | Unit 8 | Unit 9 | 2 | Project Part 9: End-Point Device Security | Unit 9 | Unit 10 | 2 | Project Part 10: Web Security Life Cycle | Unit 10 | Unit 11 | 12 |

Deliverables

Introduction
As organizations transform from brick-and-mortar models to e-business models, it affects many individuals and departments, each of which has specific roles in evaluating a proposed business transformation.

This activity allows a small group of students to fulfill the roles of various business employees as they consider a potential transformation to an e-business model.

Scenario
You are an information technology (IT) Web specialist working for Up-North Fishing Outfitters (UNFO), a Michigan Corporation. UNFO is the premier source for those fishing in northern Michigan. It provides equipment, apparel, watercraft, safety gear, and other products for both local and tourist anglers. Corporate headquarters is located at the main retail location in Grayling, Michigan, and the company has eight other stores located in the major fishing hubs of the state––Marquette, Ironwood, Escanaba, Newberry, Ludington, Traverse City, Alpena, and West Branch.
UNFO’s senior management conducted a study on the feasibility of transforming to an e-business model. After extensive research, interaction, and feedback from employees throughout the company, the management decided to pursue an e-business transformation. The senior management is committed to and supportive of this e-business transformation because of the potential of the e-business model to recognize additional revenue streams, reduce costs, and improve customer service.

Project Part 1: Identify E-Business and E-Commerce Web Apps for Planned Transformation

Tasks
You have been assigned to identify e-business and e-commerce Web applications to support the proposed implementation. To do so, you must: * Research and analyze recent and emerging technologies that may assist in the transformation. * Recognize specific benefits and value to be realized through e-business Web applications. * Select e-business and e-commerce strategies to achieve the identified benefits and value. * Assess risks, threats, and vulnerabilities specific to the strategies chosen. * Explain the business impacts of the risks assessed. * Summarize the importance of security and privacy in relation to the impacts explained. * Develop a report detailing your findings and recommending specific strategies and applications for implementation.

Deliverables and format:
Submit your answer in a Microsoft Word document in not more than two pages.
Font: Arial 10 point size
Line Spacing: Double

Similar Documents

Premium Essay

Computer Lab Plan

...| Computer Lab PlanAssignment One | Hersh Gulati | 5/27/13 | Project Management | | | Computer Lab PlanAssignment One | Hersh Gulati | 5/27/13 | Project Management | | Executive Summary Auckland University of Technology (AUT) is ranked in the top 500 universities of the world. The university has experienced a significant increase in the number of students enrolling in its Business and Law faculty over the years. Its Business and Management Studies was ranked as one of the top 200 in the world. As a result, there has been an increasing requirement for using computer systems in all its faculties, including the non-technological subject areas. Due to the growth envisioned over the next five years, AUT has decided that it requires two new computer labs to accommodate its Business and Law faculty students.To meet this requirement, level 7 of WF building will be refurbished to accommodate the new computer labs, instead of the exisiting seven classrooms. The renovation will be carried out as a 6 months long project commencing on 30th June 2015. Taking the Christmas and New Year’s holiday period into account, the project will be completed by 22nd December 2015, before the beginning of Term 1, 2016. The calculated budget for the project is $1.294 million, which includes 10% of contingency amount. The key deliverables for the project are: * Lab designs and architectural layouts for the computer labs * Two new computer labs The major tasks that will...

Words: 4005 - Pages: 17

Premium Essay

Project Charter

...______________________________________________________________________________ Capstone Project III: Labs for High School NSA Capstone Project Charter ______________________________________________________________________________ Prepared By: Date of Publication: 03/29/2014 Revision History Version | Date | Author(s) | Revision Notes | 1.0 | 03/29/14 | Nicholas Jones/ Jorge Lopez/ Robert Howell | Original Document | | | | | | | | | | | | | | | | | Table of Contents Project Description 3 Project Objectives 3 Project Scope 4 In Scope: 4 Out of Scope: 4 Deliverables Produced: 4 Stakeholders: 5 Requirements: 5 Acceptance Criteria:Project Estimated Effort/Cost/Duration 5 Estimated Cost: 6 Estimated Effort Hours: 6 Estimated Duration: 6 Project Assumptions 7 Project Risks 7 Project Constraints 8 Project Dependencies 8 Project Approach 8 Project Organization 9 Communication Plan: 9 Project Guidelines: 9 Project Approvals 10 Project Description The Technical Director for a local school district wants three functional labs for various high school students to use. The labs will be essential for supporting the education of the students. Because there will be various students and instructors using the lab, it will require access to email via client and mobile devices, as well as secure authentications. A user guide Web page will be necessary. Project Objectives This project will...

Words: 1298 - Pages: 6

Premium Essay

Relocation Project Fro Lab Equipment

...Relocation Project Project Management Plan (PMP) For ABC QC Lab Equipment Relocation * * May 4, 2010 Prepared by Ingrid Valmes Table of Contents 1. Introduction 1 1.1 Project Summary 1 1.1.1 Scope 1 1.1.2 Funding Source 1 1.1.3 Objectives 1 1.1.4 Products Produced by the Project 1 1.2 Document Summary 1 1.2.1 Purpose 2 1.2.2 Evolution of the Plan 2 2. Roles and Responsibilities 3 2.1 External Roles and Responsibilities 4 2.1.1 Project Sponsor 4 2.1.2 Resource Manager 4 2.1.3 Contracts Representative 4 2.2 Project Roles and Responsibilities 4 2.2.1 Senior Manager 4 2.2.2 Project Manager 4 2.2.3 Requirements Manager (Project Team Member) 4 2.2.4 Measurement Analyst (Project Team Member) 4 2.2.5 Quality Assurance Manager (Project Team Member) 4 2.2.6 Configuration Manager (Project Team Member) 4 2.2.7 Risk Manager (Project Team Member) 4 2.2.8 Team Leaders (Project Team Member) 4 2.2.9 Project Training Needs 4 3. Project Management Activities 4 3.1 Integrated Project Management 4 3.1.1 Use of DHI’s Defined Processes 4 3.1.2 Coordinate and Collaborate with Relevant Stakeholders 4 3.2 Project Planning 4 3.2.1 Establish Estimates 4 3.2.1.1 Material Costs 4 3.2.2 Develop a Plan 4 3.2.3 Obtain Commitment to the Plan 4 3.2.4 Communicate the Plan 4 3.2.5 Risk Management Planning 4 3.2.6 Quality Assurance Planning 4 3.2.7 Quality Assurance Audit Schedule 4 3.2.8 Project Management Tools 4 3.3 Project Monitoring and Control 4 ...

Words: 4534 - Pages: 19

Premium Essay

Title Is Awesome

...Policy Development and Security Issues Lab 4 (Due October 22, 2014) Introduction In any company, a security policy helps to mitigate the risks and threats the business encounters. However, unless a company happens to be in the information security industry, the task of identifying, assessing, and categorizing the myriad of risks can be an overwhelming one. Thankfully, a company’s IT infrastructure can be divided in a logical manner to more easily sort the risks. These divisions are the seven IT domains. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation. In this lab, you will identify known risks, threats, and vulnerabilities, and you will determine which domain of a typical IT infrastructure is affected. You will then discuss security policies to address each identified risk and threat within the seven domains of a typical IT infrastructure. You will next determine which appropriate security policy definition will help mitigate the identified risk, threat, or vulnerability. You will organize your results into a framework that can become part of a layered security strategy. Learning Objectives Upon completing this lab, you will be able to: •     Identify risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure.      Determine which domain is impacted by the risk, threat, or vulnerability.      Determine...

Words: 1159 - Pages: 5

Premium Essay

It Project Management

...and Interactive Systems BSc/BSc (Hons) Computing (Information Systems Development) • (Web Systems Development) BSc/BSc (Hons) Information Technology Management for Business BSc (Hons) Computer Games (Design) BSc/BSc (Hons) Cyber Security and Networks BSc/BSc (Hons) Networked Systems Engineering IT PROJECT MANAGEMENT 1 module code M3G405252 MODULE HANDBOOK – TRIMESTER A SESSION 2015/2016 Module Code: M3G405252 Module Title: IT PROJECT MANAGEMENT 1 Standard Module Abbreviation: ITPM1 Module Level: 3 Credit Points: 20 Module Leader: Edwin Gray, Office: M609, email:e.gray@gcu.ac.uk September 2015 Issue 1 01/09/2015 Edwin M Gray, BA, MSc, MBCS, CITP, CPSSADM Contents Page 1 Introduction 3 2 Module Overview 3 3 Module Descriptor 4 4 Module Assessment 7 5 Feedback 10 6 Indicative Reading 10 7 The Library, Saltire Centre 11 8 Learning Material Supplied By Module Leader 12 9 Module Delivery Structure 12 10 Learning and Teaching Plan 14 M3G405252 IT PROJECT MANAGEMENT 1 INTRODUCTION This handbook gives details of the module content, teaching schedule, recommended reading, assessment and feedback strategies used for students undertaking the module IT Project Management 1 (M3G405252 (old code: COMU350) Module Leader contact details: Eddie Gray, M609, (e.gray@gcu.ac.uk) Programmes Taking This Module This module’s host programmes are: ...

Words: 3307 - Pages: 14

Premium Essay

Risk Management

...Structure for an IT Risk Management Plan Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview In this lab, you defined the purpose of an IT risk management plan, you defined the scope for an IT risk management plan that encompasses the seven domains of a typical IT infrastructure, you related the risks, threats, and vulnerabilities to the plan, and you created an IT risk management plan outline that incorporates the five major parts of an IT risk management process. Lab Assessment Questions & Answers 1. What is the goal or objective of an IT risk management plan? 2. What are the five fundamental components of an IT risk management plan? 3. Define what risk planning is. 4. What is the first step in performing risk management? 5. What is the exercise called when you are trying to gauge how significant a risk is? 25 6. What practice helps address a risk? 7. What ongoing practice helps track risk in real time? 8. True or False: Once a company completes all risk management steps (identification, assessment, response, and monitoring), the task is done. 9. Given that an IT risk management plan can be large in scope, why is it a good idea to develop a risk management plan team? 10...

Words: 434 - Pages: 2

Premium Essay

Is4550 Week 5 Lab

...Framework Definition Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure * Review existing IT security policies as part of a policy framework definition * Align IT security policies throughout the 7 domains of a typical IT infrastructure as part of a layered security strategy * Identify gaps in the IT security policy framework definition * Recommend other IT security policies that can help mitigate all known risks, threats, and vulnerabilities throughout the 7 domains of a typical IT infrastructure Week 5 Lab Part 1: Assessment Worksheet (PART A) Sample IT Security Policy Framework Definition Overview Given the following IT security policy framework definition, specify which policy probably can cover the identified risk, threat, or vulnerability. If there is none, then identify that as a gap. Insert your recommendation for an IT security policy that can eliminate the gap. Risk – Threat – Vulnerability | IT Security Policy Definition | Unauthorized access from pubic Internet | Acceptable use policy | User destroys data in application and deletes all files | Backup Recovery Policy | Hacker penetrates your IT infrastructure and gains access to your internal network | Threat Assessment & Management Policy | Intra-office employee romance gone bad | Acceptable use Policy | ...

Words: 1625 - Pages: 7

Premium Essay

Informative

...curriculum | | June 2012 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- ------------------------------------------------- Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing and Maintaining an IT Security Policy Framework 83 Unit 10: Automated Policy Compliance Systems 90 Unit 11: Course Review and Final Examination 97 Course Support Tools 101 Evaluation of Student Learning 102 ...

Words: 18421 - Pages: 74

Premium Essay

Lab 2

...IS3110 Lab #2: Assessment Worksheet Align Risk, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls Student Name: _____________________________________________________________ 1. From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5), High/Medium/Low Nessus Risk Factor Definitions for Vulnerabilities) a. b. c. d. e. 2. For the above identified threats and vulnerabilities, which of the following COBIT P09 Risk Management control objectives are affected? • PO9.1 IT Risk Management Framework • PO9.2 Establishment of Risk Context • PO9.3 Event Identification • PO9.4 Risk Assessment • PO9.5 Risk Response • PO9.6 Maintenance and Monitoring of a Risk Action Plan 3. From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5), specify whether the threat or vulnerability impacts confidentiality – integrity – availability: Confidentiality Integrity Availability a. b. c. d. e. 4. For each of the threats and vulnerabilities from Lab #1 (List at Least 3 and No More than 5) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure? 5. For each of the threats and vulnerabilities from Lab #1 – (List at Least 3 – No More than 5), assess the risk impact or risk factor that it has on your organization in the following areas: a. Threat or Vulnerability #1: o Information...

Words: 469 - Pages: 2

Free Essay

Labs

...Bartlett Lab #2© Jones &SALE ORLearning, LLC Vulnerabilities to &SALE ORLearning, LL AligningBartlett DISTRIBUTION Risks, Threats, and NOT FOR DISTRIBUT NOT FOR COBIT P09 Risk Management Controls © Jones & Bartlett Learning, LLC Introduction © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION Ask any IT manager about the challenges in conveying IT risks in terms of business risks, or about translating business goals into IT goals. It’s a common difficulty, as the worlds of business and IT do not inherently align. This lack of alignment was unresolved until ISACA developed a framework called COBIT, © Jones & Bartlett Learning, LLC first released in 1996.Jones & Bartlett Learning, LLC © ISACA is an IT professionals’ association centered on auditing and IT governance. This NOT FOR SALE OR DISTRIBUTION The lab lab will focus on the COBIT framework. NOT FOR SALE OR DISTRIBUTION uses the latest two versions: COBIT 4.1, which is currently the most implemented version, and COBIT 5, which is the latest version released in June 2012. Because COBIT 4.1 is freely available at the time of this writing, the lab uses this version to © Jones & Bartlett Presentation is done making use of a © Jones & Bartlett Learning, LL present handling of risk management. Learning, LLC set of COBIT control NOT FOR SALE OR NOT COBIT P09’s purpose is to guide the objectives called P09.FOR SALE OR DISTRIBUTION scope of risk management for an...

Words: 2487 - Pages: 10

Premium Essay

Lab 2

...Lab #2 – Student Steps: Student steps needed to perform Lab #2 – Align Risk, Threats, & Vulnerabilities to the COBIT Risk Management Controls: 1. Connect your removable hard drive or USB hard drive to a classroom workstation. 2. Boot up your classroom workstation and DHCP for an IP host address. Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company Current Version Date: 05/30/2011 www.jblearning.com All Rights Reserved. -11- Student Lab Manual 3. Login to your classroom workstation and enable Microsoft Word. 4. Conduct a high-level narrative discussion and review of the COBIT v4.1 Framework. 5. Review the COBIT P09 Control Objective definition, scope, and focus areas for assessing and managing IT risk. 6. Relate how the COBIT (P09) Control Objective definition relates to assessing and managing IT risk within each of the seven domains of a typical IT infrastructure: User, Workstation, LAN, LAN-to-WAN, WAN, Remote Access, Systems/Applications Domains 7. Explore the structure and format of how to align risks, threats, and vulnerabilities identified from your IT infrastructure to the COBIT P09 Control Objective definition, scope, and focus areas Information, Applications, Infrastructure, and People. 8. Explore the hierarchy for assessing and managing IT risks: • Step #1: Align the risk, threat or vulnerability assessment to C-I-A primary first and assess • Step #2: Align the risk, threat, or vulnerability remediation to Effectiveness, Efficiency...

Words: 381 - Pages: 2

Premium Essay

Assess the Impact on Access Controls for a Regulatory Case Study Learning Objectives and Outcomes

...Week 1 Lab Part 1: Assess the Impact on Access Controls for a Regulatory Case Study Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: 1. Configure user accounts and access controls in a Windows Server according to role-based access implementation 2. Configure user account credentials as defined policy, and access right permissions for each user 3. Create and administer Group Policy Objects for the management of Windows Active Directory Domain machines within the IT infrastructure 4. Apply the correct Group Policy Object definitions per requirements defined by policies and access right permissions for users 5. Assign and manage access privileges as requested in the case study to apply the recommended and required security controls for the user accounts Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what...

Words: 1428 - Pages: 6

Premium Essay

Cmgt 445

...Access for Lab off-site and on-site shuttles Project Stakeholders * Jim Dahlgard * Facilities Resource Manager * JMDahlgard@lbl.gov * Kory Porter * Logistics Manager * KJPorter@lbl.gov * Bill Llewellyn * Site Services Manager * William_Llewellyn@lbl.gov * Jerry OHearn * Project Director * JOhearn@lbl.gov * Chris Peach * IT Services * CPeach@lbl.gov Project Description * The purpose of this project is to provide wireless Internet access to all student and business travelers using the Lab provided shuttle bus service. * The main challenge of this project will be to install wireless technology on the buses without negatively impacting shuttle service. * The desired outcome of this project is to improve productivity for students, researchers, and Lab employees while they travel on Lab shuttles. Measurable Organizational Value (MOV) * The primary measure of value for this project will be in increasing use of Lab shuttle...

Words: 972 - Pages: 4

Premium Essay

Pmp Library

...Table of Contents Project Management................................................................3 Project Management Professional (PMP)®............................3 Diversity and Employment Compliance..............................13 ADA Compliance in Business...............................................13 Project Management Overview............................................3 Managing Projects within Organizations.............................3 Project Management .............................................................. Process Groups.....................................................................3 Execution, Monitoring and Controlling...............................3 Project Change Control and Closure...................................4 Initiation Basics, Developing a Project Charter and Project Management Plan...................4 Collecting Requirements and Defining Scope......................4 Monitor and Control Project Scope......................................4 Defining and Sequencing Project Activities..........................5 Developing and Controlling the Project Schedule...............5 Estimating Activity Resources and Durations......................5 Controlling Costs..................................................................5 Estimating & Budgeting Project Costs.................................6 Project Quality Planning......................................................6 Quality Assurance and Cost Control........

Words: 10262 - Pages: 42

Free Essay

Is404 Week 1 Lab

...Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what does it mean? Discretionary access control List (DACL) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong 2. Why would you add permissions to a group instead of the individual? It is more resourceful and less time consuming. 3. List at least 3 different types of access control permissions available in Windows. Full Control, Modify, Execute, Read, Write 4. What are the least permissions that you need in order to view the contents of a folder? Read, so the user has access to any file on the system that they are entitled to, but they are not able to make any changes. 5. What are other available Password Policy options that could be enforce to improve security? ...

Words: 1093 - Pages: 5