Project Part 2: Gap Analysis Plan and Risk Assessment Methodology

Scenario

After the productive team meeting, Fullsoft’s chief technology officer (CTO) wants further analysis performed and a high-level plan created to mitigate future risks, threats, and vulnerabilities. As part of this request, you and your team members will create a plan for performing a gap analysis, and then research and select an appropriate risk assessment methodology to be used for future reviews of the Fullsoft IT environment.An IT gap analysis may be a formal investigation or an informal survey of an organization’s overall IT security. The first step of a gap analysis is to compose clear objectives and goals concerning an organization’s IT security. For each objective or goal, the person performing the analysis must gather information about the environment, determine the present status, and identify what must be changed to achieve goals. The analysis most often reveals gaps in security between “where you are” and “where you want to be.”Two popular risk assessment methodologies are NIST SP 800-30 revision 1, Guide for Conducting Risk Assessments, and Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE). Your focus will be on the OCTAVE Allegro version, which is a more concise version of OCTAVE. When reviewing the methodologies, consider the following:

• Which features or factors of each methodology are most important and relevant to Fullsoft?
• Which methodology is easier to follow?
• Which methodology appears to require fewer resources, such as time and staff, but still provides for a thorough assessment?

Tasks

• Create a high-level plan to perform a gap analysis.
• Review the following two risk assessment methodologies:
  • NIST SP 800-30 rev. 1, Guide for Conducting Risk Assessments (formerly titled ” Risk Management Guide for Information Technology Systems”)
  • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE), Allegro version
• Create a report that includes the gap analysis plan, a brief description of each risk assessment methodology, a recommendation for which methodology Fullsoft should follow, and justification for your choice.

Required Resources

• Textbook for this course
• Internet access
• Additional websites for research

Submission Requirements

• Format: Microsoft Word or compatible
• Font: APA Format
• Citation Style: APA Format
• Submit in the Group Project Part 2Assignment
• Name the document Group-project-part-2
• Length: 5-6 pages plus citation page

You are encouraged to respond creatively, but you should cite credible sources to support your work.

Self-Assessment Checklist

• I created a plan for performing a gap analysis of the IT environment.
• I evaluated and selected a risk assessment methodology.
• I summarized each methodology, recommended which methodology Fullsoft should follow, and provided justification for my choice.
• I conducted adequate independent research for this part of the project.
• I followed the submission guidelines.

Your final project will be to design a training presentation to the client’s IT staff. 

If you haven’t already done it last week,:

• Download the Client Presentation Template to get started.
• Review the Presentation Resources which may help you get started. 

The presentation must meet the following requirements:

• 11 to 15 slides of easy-to-understand content (text and visuals). Remember, your audience is the IT team within an accounting firm.
• voice annotation for every slide (excluding the reference slide)
• at least two references

The presentation can incorporate screenshots from Project 2 along with additional screenshots as needed. Content should include work that needs to go into making the upgrade successful, how to improve security using two or three of the Windows 10 built-in features, and how-to backup and restore Windows 10 data using some of the tools available in Windows 10.

The presentation should address your recommendations for the following items:

• Version Summary
  • Recommended version of Windows 10 (e.g., Windows 10 Pro, Enterprise, Pro Workstation) and specific reasons for your choice (e.g., security features, technical and business requirements).
• Installation Methods
  • Explain Windows 10 deployment methods. Which method or methods you think will be appropriate for the upgrade? Consider the hardware specifications outlined in the project scenario.
• Security Features
  • Windows Security, BitLocker, Defender, Local Security Policy
• Backup and Recovery Overview
  • Discuss the importance of backing up and recovery of Windows 10. This can include explaining what types of files and data that can backed up and restored. This should address:
    • the problems encountered when Tetra Shillings Accounting fell victim to a ransomware attack that resulted in the loss of critical data.
    • the concerns that Tetra Shillings Accounting has concerning recovering data that is lost due to deletion, corruption, or media failure.
    • the ability to restore system files and settings without affecting the user’s personal files and data.
    • the concerns that the client has about recovering systems that are negatively impacted by an operating system update.
• Backup and Recovery Tools
  • You will need to explain how to use Windows 10 backup and recovery tools to meet these objectives. Provide a brief overview of each tool and how it can be used to address the company’s concerns. Use screenshots to demo how to configure backups that address the firm’s need to recover from a ransomware attack and restore the system to a state before a Windows update, driver, or application was installed.
• Backup to Recover from Ransomware Attack
  • Describe how to back up and restore individual files using the utilities available in Windows 10. This should provide the client the ability to restore files lost due to ransomware attacks or other potential risks.
• Backup and Recover a Restore Point
  • Research how to protect backup data that is stored on the network. Based on your research, you need to present a strategy to protect backup data that is compromised during a ransomware attack. This will most likely require a strategy to store, copy, or move backups to an offsite location. In this slide, you will need to explain the risks of only having only having a single copy of a backup stored on the network. Think about if the client suffers another ransomware attack and the corrupted data cannot be restored because the backups were also compromised during the attack.

How Will My Work Be Evaluated?

As you progress in your information technology and cybersecurity career, you may find yourself making presentations to customers, client audiences, and management. In this assignment you are being called upon to present a high-level technical presentation to your client’s IT Team.

But the challenge you face is in expressing a technical solution without getting bogged down in too much detail. You simply want to introduce or refresh the audience on the key points of Windows 10 benefits, including security and backup methods.

Find a way to relay your solution (and challenges) in language that your audience will find easily relatable.

Communicating in this manner will not always be easy. You may struggle to find the right analogy or metaphor. But if you can master the skill of summarizing your results and recommendations in an effective presentation, you will demonstrate how you use your technical knowledge to convey your ideas to others in a professional setting. You will also earn the respect and trust of your peers, your supervisor, and upper management as an effective communicator. You will be viewed as an employee ready for advancement.

The following evaluation criteria aligned to the competencies will be used to grade your assignment:

• 1.1.2: Support the main idea and purpose of a communication.
• 1.3.3: Integrate appropriate credible sources to illustrate and validate ideas.
• 2.3.5: Articulate the implications, consequences, and potential limitations of proposed conclusions and solutions.
• 10.1.1: Identify the problem to be solved.
• 11.1.1: Explain appropriate preparation procedures.
• 1.2.1: Configure technology according to stakeholder specifications and requirements.
• 12.6.1: Identify the controls needed for confidentiality.

1. Write a basic plan for implementing a contacts database or a customer relationship management database using MS Access for a small to medium size business (500 – 1000 users).
2. Define the features and benefits of MS Access. 
3. Discuss the advantages and disadvantages for a company to use MS Access for a contact database or customer relationship database.
4. Describe the importance of a contacts database or a customer relationship database to a business.

Writing Requirements

4-5 pages long. Double Space.

Must have an introduction with a clear thesis statement, three to four main points and a conclusion

Conduct research to find relevant information using reliable sources to support your views.

Use at least 2 academic books and 3 scholarly articles from a library database

Use APA Style for in-text citations, and references

Exp19_Excel_Ch08_CapAssessment_Employee_Satisfaction

Project Description:

You work as a data analyst for Camino Marketing, a U.S.-based web marketing company. You have been asked to conduct an employee satisfaction survey. As part of the survey, you will collect sample data to help provide insight into employee salaries, productivity within the three national offices, and to predict the growth of the New York office’s client base by 2025.

1

Start Excel. Download and open   the file named Exp19_Excel_Ch08_CapAssessment_EmployeeSatisfaction.xlsx.   Grader has automatically added your last name to the beginning of the   filename.

2

Ensure the Employee Satisfaction   worksheet is active, then use the FREQUENCY function to calculate the   frequency distribution of job satisfaction in column D. Place your results in   the range G5:G9.

3

Enter a function in cell G12 to   calculate the standard deviation of column c.

4

Enter a function in cell G13 to   calculate the variance between salaries. 

5

Enter a function in cell G14 to   calculate the Covariance of the salaries and job satisfaction in the data   set. Note this is a sample of data not a population.

6

Enter a function in cell F17 to   calculate the correlation coefficient between employee salary and job   satisfaction.

7

Ensure the Data Analysis ToolPak   add-in is active. Use the Data Analysis ToolPak to create a histogram based   on the salaries in column C. Use the range I4:I9 as the Bin Range. Ensure   that Cumulative percentage, column labels, and chart output are included in   the results. Place the results in cell K4. Edit the result text in cell K4 to   display   Salary, if   necessary.

8

Ensure the Office_Data worksheet   is active. Use the Data Analysis ToolPak to perform a single factor ANOVA on   the range C3:E35. Place the results starting in cell G3. Be sure to include   column labels. Resize columns G:M as needed.

9

Create a Forecast Sheet that   depicts year over year growth in customer growth. Set the Forecast end year   as 2025 and place the results on a new worksheet named 2025Forecast.

10

Ensure the Customers worksheet   is active then create a scatter plot chart that places the Years on the X   axis and the Clients on the Y axis. Add a linear trendline to the chart that   also shows the Equation and the R-square. Add the title Customer   Growth.

11

Enter a function in cell E4 to   calculate the intercept of the linear trendline created in the prior step.

12

Enter a function in cell F4 to   calculate the Slope of the linear trendline.

13

Enter a function in cell G4 to   calculate the R-square of the linear trendline.

14

Enter a function in cell H4 to   calculate the Standard Error. 

15

Use the FORECAST.LINEAR function   in cell E7 to the total number of customers by the end of 2021. 

16

Complete your analysis by added   formulas in the range F7:G7 to calculate the high and low thresholds of the   forecast.

17

Save and close Exp19_Excel_Ch08_CapAssessment_EmployeeSatisfaction.xlsx.   Exit Excel. Submit the file as directed.

Learning About OWASP

Visit the OWASP website. 

Using WORD, write an ORIGINAL brief essay of 300 words or more describing the history and background of OWASP. 

See the Vulnerabilities tab. Choose one of the vulnerabilities on the linked page and describe briefly.

Safe Assign is software that verifies the originality of your work against on-line sources and other students.

Note your Safe Assign score. Continue submitting until your Safe Assign score is less than 25. For your first written assignment, you have unlimited times to retry your assignment.

To improve Safe Assign score, submit references in a separate document or paste in the text section.

Attach your WORD doc and then hit SUBMT.

 WEEK 2 ASSIGNMENT – SHOWCASING YOUR KNOWLEDGE, SKILLS, AND ABILITIES

Week 2 Assignment – Showcasing Your Knowledge, Skills, and Abilities

Overview

Now that you have been assigned a role on the team, it is your responsibility to make the Project Manager aware of the knowledge, skills, and abilities you bring.Locate a job posting on indeed.com, glassdoor.com, monster.com, or other job boards and read the description of the position. This can be the same one you identified in the discussion for this week. What skills do they specifically call for in your area of expertise? These should sound familiar. This will give you an idea of what real employers are looking for now in your discipline.Take some time to review previous assignments submitted during your time at Strayer or even deliverables you may have submitted while on the job during your time at Strayer, focusing specifically on the pieces that relate to your area of study. Take notes as you review to use to inform your assignment submission.

Instructions

Use the provided Word Document Template to prepare a 1–3 page memo to the Project Manager showcasing the knowledge, skills, and abilities you are bringing to the team. Be sure to provide the following:

• A high-level overview of the key requirements and duties of the job you have just taken with the new company. This can be taken from the job posting you identified in the discussion for this week. The overview you provide should be consistent with what is emphasized in the job posting.
• A URL to the job posting for your position. Be sure that this is a persistent link and a current posting—not one you have used in a previous assignment. Again, this can be the same one you posted as part of the discussion for this week. 
• Explanation of why you are a good fit for this project. You can expand on what you submitted in the discussion for this week. This is your opportunity to reference specific experiences that make you uniquely qualified for this role on the team. Be sure you also include an explanation of why those experiences are relevant to the position.
• A list of any certifications you have. If none, list any specific accomplishments you have achieved relevant to the project or that would demonstrate the skills that certification might demonstrate. Be sure to include a brief explanation of why the certification or accomplishment is relevant to the job and/or your role in the project.

Write the memo as if you are responding to questions from the PM on what they can expect from you on the project. 

You have just completed 10 weeks of a course on information technology ethics. Imagine you have been asked to create a one-day training course titled “Ethical IT Design and Development.” The course will highlight the important elements of what you have just learned in the past 10 weeks.

• Create a hierarchy of five of the most important and relevant topics you feel need to be addressed in the one-day course.
• Provide a detailed rationale for each of the five topics.

REPLY TO GRISMELDY 

Hello professor and class,

1. what are ethical policies, Procedure, and guidelines within an IT organization; Ethical Policies; are a set of guidelines for all employees to do what is right and behave at a specific standard; it also encourages moral conducts defining the culture of a company. Furthermore Standards policies; require a set of rules, these are the rules that govern a company, moreover Procedure; provides the how, providing step-by-step instruction for a specific routine task, sometimes there is a checklist or a series of steps for the employee to follow and lastly guidelines; can be a general, often non-mandatory recommendation, and they can provide better ideas on how to proceed with a specific situation. Understanding the difference can help a company have a strong culture.

2. protecting an organization’s proprietary data, trade secrets, and customer data; companies may require a confidential agreement; also, some of the security controls would be to Identify and prioritize personal information, determine appropriate access, and provide access to employees who need this information to perform their job. Finally, the company can complete the risk assessment. Many businesses are using cloud services to share data with other organizations and safeguard confidential information.

3. protecting identifiable information (PII); some consumer protection laws safeguard identifiable information, such as Health Insurance Portability and Accountability Act (HIPAA), requires the consent of the patient to disclose someone’s medical information being that someone’s medical record is personally identifiable information, Electronic communication act protects communication such as email, telephone conversation, and data store electronically in someone’s computer. Someone carries inside their device personally identifiable information, and Children’s online privacy protection requires websites not to collect or share personal information for a child under 13 years old.

4. what is artificial intelligence (EI); artificial intelligence (AI) is here to help us, not replace us; AI will eliminate specific job categories that are simple—creating other job categories that will enable a person to use their full potential and helps the overall economy.

5. social engineering and social media; social engineering is a method use to exploit human errors to obtain private  information, access or valuables in other words these group of people can be call human hackers they tend to lead other to believe that they are someone that they are not in order to have the other party expose data, on the other hand social media is just a platform of communication where people can have a sense of community and also keep up with what others are doing, it is important for a company to set guidelines regarding the use of social media for work also provide the employee the necessary trainings to identify social engineer.

OTHER 5 TOPICS .

Management Information Systems (MIS) is a formal discipline within business education that bridges the gap between computer science and well-known business disciplines such as finance, marketing, and management. In spite of this, most students will only take one or two MIS courses as part of their undergraduate program.

2.MIS basics- Hardware, Software, and securities mentioned in the course introduction, much of MIS is now centered on technology. Accordingly, MIS capabilities are mostly limited to the hardware and software capabilities of a given system. Ten years ago, the average Internet user could download an MP3 music file in a few minutes over a cable. This can now be done in seconds wirelessly from just about anywhere in the developed world thanks to improvements in hardware and software.

3- Information System and Organization Strategy

Strategic MIS is the application of information management in the overall strategy of a business. Many corporations include a Chief Information Officer (CIO) in executive management to implement information systems to be more competitive. What good would it do for Apple to create an iPhone application that can tell where you are and serve you ads based on location? 

4- Information System Development

Businesses have diverse needs. While software packages for managing information exist, most software is not “plug and play” ready for most business applications. IT departments, in conjunction with representatives from all lines of business, must work together to develop and implement information system solutions. 

5- Information System in Society and the world

Information systems’ reach extends well beyond the world of business. Today it is nearly as easy to communicate with someone on the other side of the world as it is to talk to someone next door. New technologies create situations that society has never dealt with before. How do we handle the new capabilities that these technologies enable? Will societies need new laws, new social mores, to protect us from ourselves regarding technology?

 A supermarket is offering a new line of organic products. The supermarket’s management wants to determine which customers are likely to purchase these products. The supermarket has a customer loyalty program. As an initial buyer incentive plan, the supermarket provided coupons for the organic products to all of the loyalty program participants and collected data that includes whether these customers purchased any of the organic products. 

Please find the attached. 

 Describe in 500 words the shared security responsibility model that a dba must be aware of  when moving to the cloud. 

Improving Database Design through Normalization

Continue improving the database (tables) you designed in SLP 2. Here are your tasks:

1. Discuss whether the tables you designed in SLP 2 (in the previous module) have satisfied 1NF, 2NF, and 3NF. Explain why or why not.
2. Make changes if the tables do not meet the requirement of the 3NF.
3. Write Oracle SQL statements to create the tables you have designed, and populate the tables with data.

Note: Use the materials in the background reading for your assignment:

1. Wang, W. (2017). Introduction to SQL (DDL).
   Note: voice-over presentation covering the set of Oracle commands used to create and modify the structure of tables. (Remember that narrated presentations take a little longer to download.)
2. Wang, W. (2017). Introduction to SQL (DML).
   Using data manipulation language (DML) to work with data.
   Note: Oracle commands that “ask” database questions.
3. Wang, W. (2017). Add primary key and foreign key to tables using Oracle SQL.
   Note: how to add primary and foreign keys.
4. Wang, W. (2017). Writing a query using one or more tables.
   Note: techniques used when requesting information from a single table, as well as tables connected to one another.

Please note that since you are the designer of this database, you need to create data to fill in the tables. No need to create a lot of data; 5-10 records of data in each table are sufficient.

SLP Assignment Expectations

Fulfill the following requirements in this assignment:

• Discuss the requirement for the first, second, and third normal form.
• Present reasons why or why not the tables in the database you designed have satisfied the three levels of normal form.
• Discuss what you are going to change so that all your tables satisfy at least the third normal form standard.
• Write SQL statements to create the structure of the tables, specify primary and foreign keys, and populate the data.