Loading...

Messages

Proposals

Stuck in your homework and missing deadline? Get urgent help in $10/Page with 24 hours deadline

Get Urgent Writing Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework & Achieve A+ Grades.

Privacy Guaranteed - 100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support

Coso internal control integrated framework 2013 ppt

24/11/2021 Client: muhammad11 Deadline: 2 Day

IT Security System Audits PSCS 3111

Project: Addressing a New Business’s Compliance Responsibilities Purpose This project provides an opportunity for you to apply principles related to auditing to ensure information systems are in compliance with pertinent laws and regulations, as well as industry requirements.

Required Source Information and Tools

Web References: Links to Web references are subject to change without prior notice. These links were last verified on July 1, 2015.

To complete the project, you will need the following: 1. Course textbook 2. Access to the Internet to perform research for the project

· PCI Security Standards Council: https://www.pcisecuritystandards.org

· COSO Internal Control—Integrated Framework Executive Summary (2013): http://www.coso.org/documents/990025P_Executive_Summary_final_may20_e.pdf

· COSO Internal Control—Integrated Framework PowerPoint (2013): http://www.coso.org/documents/COSOOutreachDeckMay2013.pptx

· COSO Internal Control—Integrated Framework (2013) whitepaper: http://www.kpmg.com/Ca/en/External%20Documents/Final-New-COSO-2013Framework-WHITEPAPER-web.pdf

Learning Objectives and Outcomes

You will be able to:

· Explain the purpose of PCI DSS

· Analyze business factors that influence PCI DSS compliance

· Describe potential consequences of failing to demonstrate PCI DSS compliance

· Apply standards and frameworks to the development of information security internal control systems Analyze the use of information security controls within IT infrastructure domains

Introduction Public and private sector companies are expected to comply with many laws and regulations as well as industry requirements to promote information security. Assessments and audits of the information technology (IT) environment help to ensure a company is in compliance. A successful information security professional must be able to assess a business’s needs, evaluate various standards and frameworks, and develop a customized, integrated internal control system that addresses the company’s compliance responsibilities. Furthermore, the professional must be able to communicate with various people—both inside and outside the organization—to facilitate awareness of how control activities mitigate weaknesses or potential losses that could compromise the company’s information security.

Deliverables The project is divided into three parts. Details for each deliverable can be found in this document. Refer to the course syllabus for submission dates.

· Project Part 1: PCI DSS Compliance Requirements

· Project Part 2: Design of an Integrated Internal Control System

· Project Part 3: Compliance within IT Infrastructure Domains

Project Part 1: PCI DSS Compliance Requirements

Scenario S&H Aquariums is a new online retailer that is about to begin selling aquariums and other items for aquarium hobbyists. In recent months, many companies have been featured in the news because of information security breaches that have exposed customers’ credit card data. S&H Aquariums’ management team is worried about the negative impact a potential breach could have on the company’s reputation and business standing. S&H Aquariums has hired you, an information systems security expert, to ensure that the company is prepared to accept credit card payments for purchases made through the company’s Web site. To kick off the planning phase, the board of directors would like you to write a report explaining what the company will need to do to minimize risks to sensitive data and comply with applicable laws and regulations, as well as industry standards. In preparation, you sit down with the company’s president and discuss the following details:

· Per the company’s strategic plan, the company expects to have between 20,000 and 1,000,000 credit card transactions during the first year of operations. However, the board would like to know what differences to anticipate as the volume of credit card transactions grows in the coming years.

· The company will initially accept payments made with MasterCard and Visa only, but it may decide to accept other credit cards in the future.

· The board of directors is discussing the possibility of opening a bricks-and-mortar store in the future, and the board would like to consider any compliance-related issues prior to making that decision.

· The board consists of professionals from a variety of fields. It is unlikely that any of the board members are familiar with complex information security concepts or with PCI DSS, the set of requirements that prescribes operational and technical controls to protect cardholder data.

Tasks

· Review the information related to PCI DSS compliance provided in the course textbook and in the Internet resources listed for this project. Consider how this information relates to the description of S&H Aquariums provided in the scenario above.

· Write a report for S&H Aquariums’ board of directors. Include the following:

· Introduction

· PCI DSS Overview

· Include a discussion of the six principles, twelve primary requirements, and the sub-requirements of PCI DSS.

· Rationale

· Explain why the company needs to address the PCI DSS requirements and describe potential consequences if the company is not able to demonstrate compliance.

· Immediate Considerations for PCI DSS Compliance

· Analyze factors (including those introduced in the scenario above) that will influence S&H Aquariums’ immediate plans for PCI DSS compliance. Discuss payment brands (credit card companies), transaction volumes, merchant levels (i.e., 1 through 4), and types of reporting required in relation to S&H Aquariums’ business projections.

· Future Considerations for PCI DSS Compliance

· Analyze contingencies that may influence PCI DSS compliance in the future. Address potential questions from the board, including but not limited to:

· What would be expected of the company if credit card volume increases past 1,000,000 transactions in future years?

· What should S&H Aquariums do to demonstrate PCI DSS compliance if it begins to accept American Express or Discover?

· How would opening a bricks-and-mortar store affect the company’s responsibilities for PCI DSS compliance?

· Conclusion

As a reminder, you may use the textbook for this course and the Internet to conduct research. You are encouraged to respond creatively, but you must cite credible sources to support your work.

Submission Requirements

· Format: Microsoft Word

· Font: Arial, 12-point, double-space

· Citation Style: APA

· Length: 2–3 pages

Self-Assessment Checklist

· I have created a report that uses a professional tone and includes correct terminology.

· In my report, I have described PCI DSS, provided a sound rationale for addressing PCI DSS compliance, and analyzed immediate and future considerations for PCI DSS compliance.

· I have conducted adequate independent research for this part of the project.

Project Part 2: Design of an Integrated Internal Control System

Scenario S&H Aquariums’ board of directors reviewed the report you submitted on PCI DSS compliance (in Project Part 1), and they were grateful for the background and analysis you provided. After discussing the information, they realized that PCI DSS compliance is but one aspect of the overarching information security system needed to launch and sustain the new business. The board would like to understand the bigger picture of how you will develop the control system needed to protect credit card data and document compliance with the PCI DSS requirements. You know this will be a rather complex process. You are planning to use a combination of frameworks and standards to guide the development of the control system. Furthermore, you are making it a priority to design an integrated system so the company can efficiently prepare for multiple types of audits, not just those related to PCI DSS compliance. After explaining to the board that, realistically, you and your team will need much more time to research, discuss, plan, and implement the company’s control system, you agree to write a report that highlights some of the key principles and procedures involved in this undertaking. Tasks

· Review information about the following frameworks or standards introduced in the textbook: COSO, COBIT, SOC, ISO, and NIST. Consider how you may use some or all of these frameworks/standards to guide the creation of an internal control system at S&H Aquariums. Note the similarities or overlaps among each set of frameworks/standards, as well as the differences.

· Using the Internet resources listed for this project, examine the specifics of the COSO framework, which outlines five components of internal control and 17 principles.

· Create a table or other visual aid to map the 17 principles of COSO to the 12 primary PCI DSS requirements. Use your table or visual aid to assess how specific elements of COSO and PCI DSS correspond with one another, as this will inform forthcoming decisions about which controls S&H Aquariums should implement.

· Write a report for the board of directors. Include the following:

· Introduction

· Plan for Developing an Integrated Internal Control System

· Explain how and why you will use multiple frameworks and standards to guide your development of this control system.

· Explain how you will ensure the control system can be used to demonstrate PCI DSS and other forms of compliance.

· Table (or Visual Aid) Showing COSO - PCI DSS Alignment

· In addition, explain how creating this table/visual aid—as well as other, more complex tables with multiple standards/frameworks—would be useful for designing an integrated internal control system.

· Conclusion

As a reminder, you may use the textbook for this course and the Internet to conduct research. You are encouraged to respond creatively, but you must cite credible sources to support your work.

Submission Requirements

· Format: Microsoft Word

· Font: Arial, 12-point, double-space

· Citation Style: APA

· Length: 2-3 pages

Self-Assessment Checklist

· I have created a report that uses a professional tone and includes correct terminology.

· In my report, I have explained how and why I would use a combination of standards/frameworks to guide the development of an integrated internal control system, and explained how I would ensure the control system could be used to demonstrate multiple forms of compliance.

· In my report, I have included a table or visual aid that shows alignment of COSO and PCI DSS, and I have explained how this would be useful for designing an integrated internal control system.

· I have conducted adequate independent research for this part of the project.

Project Part 3: Compliance Within IT Infrastructure Domains

Scenario S&H Aquariums’ board of directors has been receptive to your plan for building an internal control system. They are eager to move forward and expand the company’s IT infrastructure so they can begin processing credit card transactions through their Web site. The company has recently hired a new team member, Marcus, who will work with you to address some of the company’s information technology needs. Marcus brings a good deal of expertise in IT, but he needs some additional training and development on information security and compliance issues. To bring Marcus up to date on the company’s plans, you ask him to read the two reports you prepared for the board of directors (in Project Parts 1 and 2). Next, you will meet with him to discuss the integrated internal control system and explain how such a system can be used to proactively prepare for audits. Clearly, there is a lot to consider! You decide to create a presentation that is structured around the seven domains of a typical IT infrastructure. You will provide examples of controls that you think S&H Aquariums should implement, and explain how these controls relate to COSO and PCI DSS. You will also explain how this will, ultimately, help the company demonstrate compliance.

· Tasks Consider the seven domains of a typical IT infrastructure, as well as controls that are often associated with each of those domains.

· Based on your earlier analysis of S&H Aquariums and its compliance requirements (in Project Parts 1 and 2), which controls do you think S&H Aquariums should implement as part of the integrated internal control system? You may create a table, map, or other visual aid to help you evaluate control options for each domain. Note: For this part of the project, consider how prospective controls align with COSO and PCI DSS. In an actual organization, the controls you implement would most likely align with additional frameworks/standards, but you are not required to research and document that for this project.

· Create a presentation that includes:

· Title, date, and your name and contact information

· A brief introduction

· A section for each of the seven domains in a typical IT infrastructure In each domain section:

· Explain what the domain is and why it is significant for compliance.

· Describe at least two controls related to this domain that you would recommend S&H Aquariums implement as part of its integrated internal control system.

· Provide your rationale for selecting each control; explain how the control relates to one or more principles of COSO and one or more PCI DSS requirements.

· Implications for Compliance

· Explain how use of the controls you have presented will support the company’s efforts to demonstrate compliance.

· Conclusion

· References

As a reminder, you may use the textbook for this course and the Internet to conduct research. You are encouraged to respond creatively, but you must cite credible sources to support your work.

Submission Requirements

· Format: Microsoft PowerPoint

· Font: Arial; 36-point headings, 20- to 32-point body text

· Citation Style: APA

· Length: 12 to 16 slides

Self-Assessment Checklist

· I have created a presentation that uses a professional tone and includes correct terminology.

· In my presentation, I have described the seven domains of a typical IT infrastructure. For each domain, I have recommended at least two controls and provided my rationale for the selections. I have also discussed implications of implementing these controls for demonstrating compliance.

· I have conducted adequate independent research for this part of the project.

Page 1

Homework is Completed By:

Writer Writer Name Amount Client Comments & Rating
Instant Homework Helper

ONLINE

Instant Homework Helper

$36

She helped me in last minute in a very reasonable price. She is a lifesaver, I got A+ grade in my homework, I will surely hire her again for my next assignments, Thumbs Up!

Order & Get This Solution Within 3 Hours in $25/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 3 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 6 Hours in $20/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 6 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

Order & Get This Solution Within 12 Hours in $15/Page

Custom Original Solution And Get A+ Grades

  • 100% Plagiarism Free
  • Proper APA/MLA/Harvard Referencing
  • Delivery in 12 Hours After Placing Order
  • Free Turnitin Report
  • Unlimited Revisions
  • Privacy Guaranteed

6 writers have sent their proposals to do this homework:

Peter O.
Innovative Writer
Professor Smith
Assignments Hut
Accounting Homework Help
Exam Attempter
Writer Writer Name Offer Chat
Peter O.

ONLINE

Peter O.

This project is my strength and I can fulfill your requirements properly within your given deadline. I always give plagiarism-free work to my clients at very competitive prices.

$35 Chat With Writer
Innovative Writer

ONLINE

Innovative Writer

I have written research reports, assignments, thesis, research proposals, and dissertations for different level students and on different subjects.

$33 Chat With Writer
Professor Smith

ONLINE

Professor Smith

I have worked on wide variety of research papers including; Analytical research paper, Argumentative research paper, Interpretative research, experimental research etc.

$39 Chat With Writer
Assignments Hut

ONLINE

Assignments Hut

I am an experienced researcher here with master education. After reading your posting, I feel, you need an expert research writer to complete your project.Thank You

$16 Chat With Writer
Accounting Homework Help

ONLINE

Accounting Homework Help

I am an experienced researcher here with master education. After reading your posting, I feel, you need an expert research writer to complete your project.Thank You

$16 Chat With Writer
Exam Attempter

ONLINE

Exam Attempter

As an experienced writer, I have extensive experience in business writing, report writing, business profile writing, writing business reports and business plans for my clients.

$26 Chat With Writer

Let our expert academic writers to help you in achieving a+ grades in your homework, assignment, quiz or exam.

Similar Homework Questions

Special occasion speech outline - Stephen hillenburg net worth - Sustainability answer - Environmental cues shape behavior - Managerial Accounting - Company Budgeting -Week 5 - Myitlab access chapter 6 grader project - Fozmula fuel level gauge - Mc top shelf products - Large african stork crossword clue - C++ program to add feet and inches - Social Change and Community Planning - Suppose your original problem statement for this dilemma was - Civil constitution of the clergy - Naive method forecasting excel - Science lab - Induction type energy meter - CASES CASE 35 CIRQUE DU SOLEIL* The founder of Cirque du Soleil, Guy Laliberté, after see- ing the firm’s growth prospects wane in recent years, was thinking about expanding his firm in new directions. For three decades, the firm had reinvented and revolutionized the circus. From its beginning in 1984, Cirque de Soleil had thrilled over 150 million spectators with a novel show concept that was as original as it was nontraditional: an astonishing theatrical blend of circus acts and street enter- tainment, wrapped up in spectacular costumes and fairy- land sets and staged to spellbinding music and magical lighting. Cirque du Soleil’s business triumphs mirrored its high- flying aerial stunts, and it became a case study for business school journal articles on carving out unique markets. But following a recent bleak outlook report from a consultant, a spate of poorly received shows over the last few years, and a decline in profits, executives at Cirque said they were now restructuring a - Wes moore chapter summary - Managing organizational behavior 2nd edition pdf - Community assessment - Discussion - Order 2284353: not raising minimum wage in Michigan - Thomas clarkson community college - Dream chocolate case study answers - Anthropology - I have read and understood template - Quiz - Order 2155769: Read Instructions - Cisco ios firewall ppt - Caco3 + hcl ionic equation - Maekok river village resort - Cclc vic gov au - Winfield refuse management inc case solution - Writting a Blog - Presentation on storage devices - Royal australian mint annual report - Org Behavior - Reflection, Discussion and Assignment - Owner builder insurance requirements nsw - Besteonlinecasinoschweiz - Midterm paper 2 - Project 1: Subnetting - What can incumbent firms do to counter disruptive innovations - Comparison between different market structures - Disaster recovery plan - Animal farm student workbook answer key - Lesson 4.7 flowchart thinking answers - Simpson primary school victoria - Overview of the six kingdoms - Hump de dump song - August osage county character list - Salesforce email character limit - What is diameter of 12 gauge wire - Empire of the summer moon essay - The power of five john c maxwell - Discussion - 6 - Legal Reg, Compliance, Invest - Mcgill course registration dates - Edward river levels deniliquin - Following is a partial process cost summary for mitchell manufacturing's canning department. - Economics and politics loughborough - California pizza kitchen case study pdf - 200 words - SCI 207 Week 3 Assignment 1, Ground and Surface Water Interactions(USE AS A GUIDE) - Contract Law Case Analysis - Construction Management & scheduling FINAL PROJECT - Dreamtime stories about natural disasters - Nsw police complaint handling guidelines - 2 sector circular flow model - Middle passage guiding questions document a historian answers - Oil tempered hardboard nz - Ts eliot society uk - Please find the attached document - Punchbowl bus company 944 - Burkot hall campbell university - Week 6 - Web and Data Security Individual Project Paper ( computer law) - Procter and gamble organization 2005 case analysis - What is survival processing (e.g.,Nairne and Pandeirada, 2011)? How does it work in memory? Is the effect based on the evolutionary mechanisms or more commonplace memory explanations? - Anti drug legislation matrix - Global Final Project Two Milestone Three: Policy Recommendations - Digital Marketing Strategy Project - Landforms created by erosion - The major industries that developed in the south prior to 1900 included all of the following except - Unit 2 IP Staffing, Budget and Audits - Barter by sara teasdale meaning - Scottish teachers maternity pay - 2 assignments with answers - Sociology - Neil ernst and peggy philp - WS - DNA Mutations Practice - Ati system disorder template pdf - Trends of information system infrastructure - Army standards of dress - 3/9 northcote street kilburn - Enterprise key management plan example - Icd 10 code for rhonchi - Trends of reactivity in the periodic table - Analytic - Why did miss ellie leave the andy griffith show - Hitachi industrial equipment malaysia sdn bhd - Dissertation topic in Cybersecurity or Blockchain