Provide (4) 150 words substantive response with a minimum of 1 APA references for RESPONSES 1, 2, 3 and 4 below. Ensure you list and break down each response in a word document, along with its reference. Response provided should further discuss the subject or provide more insight. To further understand the response, below is the discussion post that’s discusses the responses. 100% original work and not plagiarized. Must meet deadline.
ISSC 471
RESPONSES 1:
What advice does the FBI provide in protecting against computer fraud? Do you feel that the Government is doing a sufficient job in this area?
The FBI provides tips on how to avoid being a victim and what to do if you believe you have been a victim. The FBI’s Cybercrime division includes a wealth of material on its website, including Key Priorities, Ransomware, Identity Theft, Related Priorities, How to Protect Your Computer, and External Links, all of which are intended to assist in the fight against cybercrime and computer fraud. (Federal) A few crucial factors of safeguarding oneself against computer fraud are discussed on the website. The primary source of fraud and identity theft is Personally Identifiable Information (PII). A user must be aware of how to avoid revealing personally identifiable information (PII). If a person is a victim of fraud, there are procedures that may be done to mitigate the negative consequences, such as alerting any major credit cards and credit monitoring agencies. The government is doing all it can legally to protect, control, and punish criminals. They may, however, focus on getting the information out to the public. Because technology is becoming more complicated and pervasive in all parts of life, it is critical to disseminate cyber security knowledge to the general population.
Define COBIT and it’s control objective. Do you feel the framework is detailed enough to serve your organization? Why or why not?
The effectiveness of Control Objectives for Information and Related Technologies (COBIT) is entirely dependent on the organization’s objectives. It’s a framework based on “best practices” for maximizing corporate efficiency via IT governance and management. COBIT 5 focuses on five key aspects to ensure success. Audit and assurance, risk management, information security, regulatory compliance, and enterprise IT governance are the domains covered. (Federal) Given COBIT 5’s in-depth approach, I find it difficult to disagree with the framework for any company. The government, overall, is doing all it can to protect, govern, and punish violators. They may, however, focus on getting the information out to the public. Because technology is becoming more complicated and pervasive in all parts of life, it is critical to disseminate cyber security knowledge to the general population.
What are the components of a good policy framework? Provide an example of each of these components.
The COBIT 5 components that make up a good framework are given above. If a company employed all five of them, I think there would be very little space for mistake. The five sections seem to include both risk assessment and management, as well as ensuring that the business is compliant and well-governed.
What is the Deming cycle approach? How does this approach help improve quality?
The Deming cycle technique, often known as the Plan-Do-Check-Act (PDCA) wheel, is a good, simple way to solve problems. The PDCA loop is similar to the OODA loop used by the Air Force for decision-making. The distinction is in the words rather than the notion. Observe, orient, decide, act is like PDCA, but with subtle differences that make sense for the government and may be too detailed for private enterprises at times.
Why is it important for IT Auditors to know about the legal environment of information systems?
Information systems may be placed everywhere on the planet and operate in a variety of legal “environments.” When auditing IT systems, IT auditors must be aware of local, national, and occasionally worldwide rules and regulations. It’s a difficult process, but it’s vital to assure compliance.
-Jimmy
References:
COBIT | Control Objectives for Information Technologies. (2021). ISACA. https://www.isaca.org/resources/cobit
Contact Us. (2020, November 24). Federal Bureau of Investigation. https://www.fbi.gov/contact-us
RESPONSES 2:
The FBI offers some very scant information in regards in how to protect yourself and your businesses from internet fraud. Generally, their guidelines follow the typical measures that you would find in any environment. They recommend that you keep your firewall turned on, install or update antivirus software, install or update antispyware tools, keep your OS up to date, be careful in what you download, and turn off your computer when it is not needed. The FBI also offers a word of warning for P2P systems. I feel that while for specific enterprises this is likely an insufficient list of measures to be taken, as each business needs to determine what is acceptable risk and what is not it is a good general list to abide by. I believe that what they could do better is to tell users reading this information that it is not exhaustive, and their case may require different controls to maintain a secure cyber posture.
COBIT is a framework used for IT governance and management. It is supposed to be a tool for management to be able to better control security issues within the organization. It provides a method for bridging technical issues, business risks and control requirements. Its main control objective is to give effective organizational governance for management teams. This framework would work well in most organizations but should probably be used in conjunction with other frameworks because COBIT in and of itself does not necessarily provide all the tools and methods for completing certain tasks.
To craft a good policy framework there needs to be three components of the framework itself, Policies, Standards, and Guidelines. Policy frameworks start at the top with the policy which describes the general belief, goal, or objective. An example of the policy portion of the framework could be “Users are required to identify themselves when in corporate buildings.” The standards come next and they support the policies, and example of a standard could be “Users are required to wear company provided identification in clear view on your person”. Lastly are guidelines that further support the policy and the standard, which could be something like “Be sure to keep your ID on you at all times during working hours, report to HR if you forgot your ID or have lost it.”
The Demning cycle is a way to conduct specific tasks within an organization. It is a cycle where you are required to plan, do, check, and act. This approach helps improve quality by providing a method in which we can implement changes to a system and monitor is ability to perform the required functions.
It is important for IT auditors to know the legal environment of information systems because there are many regulatory requirements for organizations to follow, which will need to be taken in account when conducting and IT Audit of that particular system.
-BRIAN
ISSC341
RESPONSES 3:
When designing a Local Area Network (LAN), some of the components that I would include in my physical diagram are:
-PC/workstation and servers,
-Network Interface Card (NIC), a NIC is a circuit board inserted into each network station (PC. Workstation, server) to allow communication with the stations,
-Cabling and connectors, examples are coaxial cables and BNC connector, Unshielded Twisted Pair (UTP) and RJ-45 connector, and
-Hub, concentrator, and more complicated network devices such as bridge, LAN switch and router.
Organizations have their employee’s BYOD for many different reasons. One advantage to BYOD is that employees can use devices that they are already familiar with. This increases productivity. Flexibility is another advantage because employees are now able to work anytime/anywhere. Additionally, employers save money since they do not have to buy devices for their employees.
One of the disadvantages of BYOD is the liability. Not have a distinction between work and personal devices may question who is liable for the repair costs. It also compromises security because employees are now using personal devices to access privileged information. Lastly, a plan should be in place to prevent the potential misuse of information. After an employee or contract has been terminated, you may need to remove company’s private information from the employee’s device.
Thanks for reading and hope everyone is having a great start to their week.
Regards,
Ali
Rainoff, M. J. (2020). System Information – Networking, LAN, Local Area Network, NIC, Network Interface Card, Hub, Bridge, LAN Switch, Router, Network Management, SNMP, Simple Network Management Protoco, RMON, JAVA, JAVA-based Network Management System, RMON software probe, Mbp. © 1995–2021 Integrated Data Processing, Inc. https://www.idp.net/sysinfo/networking.asp#2
S. (2021, October 19). The Pros & Cons of a Bring Your Own Device Policy. Device Magic. https://www.devicemagic.com/blog/bring-your-own-device-policy-pros-cons/
-ALI
RESPONSES 4:
When you are designing a local area network what components on the network would you include in your physical diagram?
In a physical network diagram or network topology, there are several components to it. Of course you would find your routers, which is used to route internet traffic between devices and the internet. Switches are used to connect computers to the network. Other components would include racks, ports, cables, and firewalls.
Network Evolution and Trends – Why would organizations use BYOD to have their employees bring their devices to work? What are some advantages and disadvantages of this trend?
Bring your own device (BOYD) can be used for several different reasons. I think the main reason organizations would use it, because it’s cost effective. Organizations would save a lot of money if their employees brought their own devices instead of purchasing it themselves.
Advantages of BOYD would be employees bringing in devices that have better technology features than what is normally provided. Another advantage would be user familiarity with the devices they bring in. This would require less resources used to train the employees. Lastly, it would be a morale booster for employees, because they get to use their own equipment.
Disadvantages would be the risk of network security. It would be a serious challenge while bringing in your own devices because it’s hard to track your own device. Another disadvantage is with home computers having the proper software in order to be effective at your job.
-Marcus
