US Federal Complaince Regulations: The Start: IT Security Audit: A Research Effort










Compliance Audit: An IT Security Check, By US Federal Mandate-or,

Lose Everything















Unit 5 Assignment 1: Due: 11-12-2017

Research Report By: Miss. Bayo Elizabeth Cary, AA, BA, MLIS

Capella University, NSA MS Training: IAS1005

Professor: Dr. Susan Ferebee





















Miss. Bayo Elizabeth Cary, AA, BA, MLIS

400 NW 1st Avenue Apartment 410

Gainesville, FL 32601



11-12-2017



Unit 5 Assignment 1 Final

Response from: Miss. Bayo Elizabeth Cary, AA, BA, MLIS



Directions:



  • Vulnerability Assessment Report

In your Essentials of Business Communication text, refer to Figure 9.11 on pages 282–283 for justification/recommendation report style as your guide for this assignment.

Write a 3–5-page convincing justification/recommendation report in memo format to the CSO and executive board based on the conclusions you have drawn from your research and discussions.

·         Analyze the need for comprehensive vulnerability assessment strategy.

·         Identify at least 2 academic sources for information on IAS vulnerability assessment strategies.

·         Identify at least 2 non-academic sources for information on IAS vulnerability assessment strategies.

·         Identify companies that have implement IAS vulnerability assessment strategies.

·         Identify areas of violations (based on the differential media video).

·         Describe the impacts of such violations and include mitigations strategies. The assessment should cover areas including, but not limited to, password security, physical security, data security, and access security.

Because you are recommending action, decide whether your approach should be direct or indirect. (See Figure 9.1: "Audience Analysis and Report Organization," on page 266 of Essentials of Business Communication.)
Your report should present and support your ideas regarding what should be included in the assessment.
Your report should also include informational and analytical report functions, strategies, and styles.













Response from: Miss. Bayo Elizabeth Cary, AA, BA, MLIS

Office Memo, as per: Essentials of Business Communications, 10th Edition, Figure: 9.11. p. 282-283.

By author: Mary Ellen Guffey



Body of Research Paper

Memo:





Whether a company decides to launch a new product,

expand into new markets, reduce expenses,

improve customer service, or increase its social media

presence, the decisions are usually based on

information submitted in reports (Guffey, n.d., p. 264)



Date: 11-12-2017

To: CSO and Executive Board

From: Director of IT: Miss. Bayo Elizabeth Cary, AA, BA, MLIS

Subject: Compliance: Internal Security Audit:



Opening Comments: Significance of Problems:

“Hackers use a variety of means to capture personal data, from keystroke logging and phishing e-mails to credit card or other financial information theft” (University Wire, Carlsbad, 2016, p. 1):



Customers are demanding systems to:



·         Control access to secure areas;

·         Advanced data mining applications;

·         Integrated systems allowing secure access to multiple databases without inadvertent Compromise of sensitive information;

·         and systems to enable effective inter-agency communication, collaboration and cooperation. (M2 PressWire, IBM, 2001, p. 1)



IT information, is the life-blood, of any and every business, and active organization, in the US. Only a few Western countries, around the world, are almost completely dominated by the Internet, and IT information-that is what we have been told. Russia, Israel, China, and the United States-at present, the US and China, have the highest rate, of: “attack origins,” for cyber war, cyber threats, and hackers (Reveron, 2012, p. 13). Breaches, in IT security-due to the current International political friction, with the presence, of Intl terror-taking root in the US, as the new immigrant population, needs to be viewed, as-a: cyber war, cyber threat, and hacker for illegal gains.

Alternative 1: Based on Literature: Companies Implementing a Security Mitigation Strategy:

Data security threats are constantly changing, and firms are challenged to stay ahead of the potential hazards that may lead to their name making the head-lines. While companies must stay vigilant and employ the most up-to-date security measures to sufficiently prevent and detect attacks, they must also recognize that a data security breach is more likely than ever before. (Rickett, 2015, p. 6)

Data breaches, happen on, a-daily-basis, in the US. The key, to recovery, from a devastating data breach, is to have a recovery plan, set-in-stone (Rickett, 2015, p. 7). Data breach situations, happen too often, in the US. There seems to be, no ways at all, to prevent, a dramatic, and heart-breaking loss, of mass amounts of: private, confidential, and personal information, in this country. How will you recover, what has been stolen?

Case Analysis:

           “Data are one of the most valuable corporate assets; thus, protecting data is critical” (Rickett, 2015, p. 7). Data loss problems, amount in laws suits-n a yearly basis in the US, costing billions of dollars. US companies, like: Target and IBM-have been sued repeatedly, for millions of dollars, over, accidental data loss issues, because the company, failed to follow-through, with US Federal government mandated, It security audits, and compliance requirements, for data security (Rickett, 2015, p. 7).

Costs:

      The result, of ignoring US governmental IT security regulations, is more than just: “class-action law suits,” and massive: “down-time” (Rickett, 2015, p. 7). Companies fold, and the US economy, begins to shut-down, when IT information, cannot be protected. Information is money-literally: 0101010101. When information, and data can be stolen-Intl terror, hack a computer, and illegally, empty your bank account, I should know-it happened to me.

      I had only been homeless 2 years, when I was accepted on a full-paid scholarship, to law school in Boston, MA. The housing costs were prohibitive. I had saved in my bank, a little over 2,000.00. When I prepared, to pay: New England Boston Law, my seat fee-for the 2012 law school entrance, my bank account, was completely, and illegally emptied. The Gainesville, FL and Atlanta, GA headquarters, of the SunTrust Bank, and their legal offices-refused to respond to my complaints.

       SunTrust, ended-up costing me, almost: 4,000.00, and I was homeless-my opportunity to attend law school, in the US, was lost forever. Because, I was unable to attend law school in Boston, MA-on full-scholarship, in 2012, I was homeless, and destitute-with no employment, for, almost 5 more years, while I choose to attend classes online, and was forced to defer my law school entrance, to the UK, and a Fall: 2018 entrance. SunTrust, cost me, millions of dollars, in lost: money, time, and earnings potential.

Alternative 2: Based on Literature: Identify Areas of Security Violations:

Comparable to state formation, sub-state groups develop institutional capacities. Often led by ‘warlords’ or ‘strongmen’, these entities resemble states within, while lacking recognition and legitimacy from without. Between these entities arises a sub-sovereign form of security dilemma. (Kuhn, 2011, p. 363)



“Sub-state,” actors, is another name, for Intl terrorist factions. In the Middle East, factions, fight, to gain a military control, of any given country-based, on what they espouse, are religious beliefs. The situation, is no different, in the US. Intl terror, threatening the security, of IT information, and data, in the US, and Internationally, are a factional Intl terrorist group, who state, that their existence is justified, and their actions can be legally defined and defended, because they are: “Religious.”

Case Analysis:

           The depth of my research analysis, has revealed, most problems, pertaining to IT security, come from the: West coast, of the US-from Silicon Valley, and, from the Bill Gates community, in: Seattle, WA. IT security, revolves around the software, and the people, who create the computer systems, to keep American information safe. The West Coast o America, supports a huge Intl terrorist cell-that specializes, in: Apple computers, and software, Apps, and other aspects, of computer systems. The Gates software-is written wrong. There are huge holes, and the developers pretend, like the: “Openings,” are accidents, and mistakes.

       Intl terror, who specialize, in stealing information, to illegally steal money-live and work closely, with the: Silicon Valley, and Bill Gates community, in Seattle, WA. To say that IT information will never be safe enough-is an understatement. The Intl terror communities-active terror cells, on the West Coast of the US, run: prostitution rings, drug rings, and any other: fraudulent, money laundering, and extortion scheme-that you could possibly imagine-including child porn, that is illegally posted on: YouTube, to steal money, to fund their illegal activities. I have defined, the active: 911 Intl terror cell, occupying, the West Coast, of America-as a: “sub-state group,” of social parasites, who rely on the US government, for: protection (Kuhn, 2011, p 363).

Costs:

        The costs for securing, any IT operation, whether in the US, or abroad, are inhibitive. The software needs to be re-written. The Bill Gates monopolies must be over-thrown. Intl terror has-to-be excluded, from: computers, software, Apps, all online activities-it is the source, of the root of all evil: “Live Terror Attacks.” While, the FBI, began to address these issues, in a very superficial way-Facebook, was never dismantled, and the baby porn-is over-flowing, on YouTube. Online social networking websites, who support the Intl terror, are never punished-it must have been: “hackers.” No. Hackers did not create: “Open doors,” everywhere, in every computer program-that has ever existed, the software developers did that, and oft times-they are one, and the same: “Intl terror people.”

Alternative 3: Based on Literature: Describe Impacts of Mitigation Strategy and Impacts on IT Security:

Cybertrust: SMP is a programmatic approach to security management that reduces an organisation's security risk, improves the overall security posture, enables an organisation to demonstrate efforts to meet compliance requirements, and leverages an organisation's existing investments in people, processes, and technologies. SMP provides organisations with a foundation from which to develop a security program that will effectively mitigate real risks to their corporate computing environments. Moreover, SMP protects critical systems and information from hackers, viruses and other security threats. (M2 PressWire, 2006, Cybertrust, p. 1)



Case Analysis:

          US Federal laws, mandate IT security compliance. Companies, in America, either comply, with the new US Federal requirements, for maintain IT data safely, or lose everything. IT compliance standards, and protocols, can be: complicated, time consuming, and costly. Automated software, such as the: “Cybertrust SMP,” lower the costly barriers, that in some cases, prevent companies, from following the required: US guidelines, and evolving Federal and International standards, and protocols (M2 PressWire, Cybertrust, 2006, p. 1).   



        Easy access to security management tools, as well as, other related information, provide an informed, and improved security management, and overall working conditions: "With the addition of SMP's management console, customers can easily review their entire organisation's security risk posture and communicate their status to shareholders, management, and auditors” (PressWire, Cybertrust, 2006, p. 1) More information, regarding: “Cybertrust” security products, can be located online:


Costs:

          "Cybertrust's SMP allows organisations to proactively assess and plan around their greatest security priorities, such as balancing IT risks with operational risks, achieving and demonstrating compliance, and controlling security costs," said John Holland, Cybertrust senior vice president of Europe” (M2 PressWire, Cybertrust, 2006, p. 1) The key to risk and security management, begins with cost controls. If a business, spending, more than it can earn, then-the corporation, will collapse, from a budget deficit. Funny. American businesses, tend to understand, what the US Congress, can never quit comprehend-that a budget, must be balanced, or-there will be no money.



Alternative 3: Based on Literature: List of Fundamental Corporate Office Security Violations, and Remedy Strategy:

        Recent, empirical evidence supports: “Defense-in-Depth,” theory, and, strategies, as: “Best Practice,” for defending IT data. The first step, to a reliable implementation, of any new security protocols, is a thorough, security audit (Smith, 2005, p. 13). The: Defense-in-Depth theory, as three basic areas of concern: 1) physical barriers, 2) technical security, and 3) administrative procedures. When: Defense-in-Depth,” is applied to the office environment, the barriers, security measures, and, the procedures, must be actively applied, and reinforced:

1.      Physical Security-A gate needs to be built, at the perimeter of the parking lot, to filter, who enters the company grounds, and wall, needs to be constructed, at the edge of the building, to ensure the safety, of the: hardware components, and officer workers, who will be employed;



2.      Access Security-The entrance and exit, to the company grounds, and building facility, need to be controlled, by: security guards, CCTV cameras, photo ID badges, thumb print and iris scan security check-points, and dogs;





3.      Hard-Copy Security-All paper, within the secured building, needs to be controlled, and protected-nothing should be left out in-the-open, or unattended, the file cabinets need locks, the disposed paper, needs to be contained in a locked box, before and after shredding, and papers copied, in the Xerox room, need to be taken out, by the last user;



4.      Password Security-Passwords, can never be shared, keep your company pass codes private, and pick new passwords and new codes, every month-even if you do not suspect, that your computer entry information, has been breached;





5.      Data Security-Firewalls, need to be up, and active at-all-times, security software, to check for: worms, viruses, etc., need to always be running and up-to-date, the encryption, that can be used, to keep the office: emails, and other online communications, should always be active, and unauthorized access, to the administrative controls, of the computing systems, the server rooms, or the computer and server manuals, and maintenance catalogs, are never allowed;



6.      Administrative Facilitation-Companies rules exist, for good reasons, please read and follow the rules, and if you have any question, regarding IT, or data security-contact the IT department, for additional assistance.



Case Analysis:

Protecting IT information, and the business that secures it, is like defending a castle-according to: “Defense-in-Depth theory” (Smith, 2005, p. 13-15). First, you look towards the outer edges, of the castle, and property, and decide-what can be built, to provide the most defense, furthest from the castle itself. Next, you look closer to home, and decide, if a bridge-over-water, is sufficient protection, from advancing invaders.

      Then, you look at the castle itself, and decide, how high the walls should be. Lastly, you must consider: who cares about the castle and country, and the people inside it enough, to work there, as armed guards, and military. While, the castle metaphor, is antiquated, and not a perfect reflection, of contemporary IT risk management-it can be considered, as a fundamental match, for basic security needs.

Costs:

    You can always add, another: “Defense-in-Depth” layer, of IT security controls (Smith, 2005, p. 14-15). The fun part about: Defense-in-Depth, security and risk management, is that it is based on layers, like an onion-if one layer, is not keeping the information, safe enough, another layer, of security protocols, can be easily applied. There is no end, to how much security, could be potentially applied, to any given information. The costs, can be restrictive.

Recommended Actions: Direct or Indirect Communications Strategy:

      The difference between a writing style, that is direct, or indirect, is based primarily on who your audience is.  A direct communication strategy, can be used, when the audience, is already educated, about the subject matter, that is being discussed, and, you are talking about issues, that the reader-already, agrees with (Guffey, n.d., Figure 9.1) An indirect writing strategy, is applicable, for communications, in which the audience requires, support and information, about the subject being addressed (Guffey, n.d., Figure 9.1). For this particular memo, I chose, an indirect communication strategy, the communications, are being presented, as a research report.

Conclusions:

         In conclusion, compliance rules, change. Software needs to be updated. IT information, must always be protected. New products, and theories, regarding how best, to secure data, are researched, and written about. The choices made today, will affect your every tomorrow. Please try, to remain in compliance, and seek counsel and guidance-if you have any problems, or worries, regarding, the present state-of, IT affairs. 

Follow-Up Appointment:

    Compliance issues, are not the only consideration. It should be acknowledged, that the business establishment, has certain ethical obligations, to both: self, investors, and to clientele, to provide honest service, that, works to both: inform, and to protect, the physical data, as well as, the financial investment. In exactly 1 months-time: December 12, 2017, just prior to the Christmas holidays, I will return, for a Second office IT security audit, to verify, that the necessary, security improvements, have taken place.

       It has been an honor serving, as director of IT, and IT services. Should any valid issues arise, prior to my return date-please do not hesitate to contact me: phone, email, fax, or in-person. I understand, that IT compliance issues, and IT security, in general, is a frustrating and on-going process. The expense, of meeting, US Federal IT security guidelines, to protect US information, and data, and therefore-the: “Markets,” is a requirement, and never a choice. Thank you again, for your time, and for your continued patience, with the process.



References



Guffey, Mary E. (n.d.) Essentials of Business Communication, 10th Edition. Cengage Learning. 20150101. VitalBook file. www.cengage.com



Kuhn, Florian, P. (2011). Securing Uncertainty: Sub-state Security Dilemma and the Risk of  

             Intervention. International Relations. Vol. 25, No. 3. p. 363-380. Retrieved from

             www.ire.sagepub.com





Smith, Randy Franklin. (2005). Core Concepts: Defense in Depth. Windows IT Security. Vol. 5,

             No. 11. Retrieved from www.windowsitpro.com/windowssecutity





Reveron, Derek, S. (2012). Cyberspace and National Security: Threats, Opportunities, and Power in a virtual world. p. 3-19. Georgetown University Press. Washington, D.C.



Rickett, Laura, K. (2016). The Data Security Breach and Risk Assessment: Imminent Threat, High Cost, and Preparation Are Key. Internal Auditing. p. 6-9.



M2 PressWire: Check Point. (2006). Check Point. M2 PressWire: Conventry. p. 1-4. Retrieved from www.proquest.com



M2 PressWire: Cybertrust. (2006). Cybertrust: SMP. M2 PressWire: Conventry. p. 1-3. Retrieved from www.proquest.com



M2 PressWire: IBM. (2001). IBM: IBM Announces Global Security Initiative.  M2 PressWire: Conventry. p. 1-4. Retrieved from www.proquest.com








Comments

Post a Comment

Popular posts from this blog

Unit 8 Assignment-Locked Out of Group Chat-Forced To Work Alone-Dr. Susan Ferebee-Capella University-Trying To Illegally Flunk Me!

Massive Data Loss, and Recovery Plan-Risk Management-Reality: Global Financial Threats- Information Drains 12-3-2017 Unit 8 Final Assignment Completed By: Miss. Bayo Elizabeth Cary, AA, BA, MLIS Capella IAS5002 MS NSA Training Dr. Susan Ferebee NSA MS Student: Miss. Bayo Elizabeth Cary, AA, BA, MLIS 400 NW 1 st Avenue, Apartment: 410, Gainesville, FL 32601 Email: bayo_caryg1@yahoo.com Cell: 857-218-0146 USA 12-3-2017 Unit 8 Assignment: Not A Group Project By Myself, from: Miss. Bayo Elizabeth Cary, AA, BA, MLIS BC/ DRP Strategy and Directions: BC/ DRP Strategy: “Draft Project Description and Scoring Guide” for more detailed information about the project, of which this assignment is a part. On page 326 of your  Essentials of Business Communication  text, review Figure 10.24, "Components of Informal and Formal Reports." Based on the information in the Overview and Scenario in...
Read more

Complaint RE: Dr. Susan Ferebee: Flunking Me-After an IP Address Lock Out, to: Academic Coach: Scribner at Capella University

12-09-2017 Dear Ms. Scribner,       I have been a little over-whelmed. The end of the semester is here. I am sorry, that I missed your phone call, on November 21, 2017-I was traveling, for a minor court citation-I feel asleep, in an airport in Maryland, while waiting for a flight. I am back, at an apartment, in Gainesville, FL. I am having some problems, in my class, and need your help. My IP address, was locked out of the group chat, and discussion group. I was forced to complete assignment 8, on my own. I spoke to IT, about the problem, and switching to Google Chrome, was not helpful enough.       I have explained the situation to Dr. Susan Ferebee. Dr. Ferebee, is trying to flunk me, for not working in a group-and, it is not possible. I completed assignment 8, and turned it in on time. I completed every aspect, that was due last week. I have already logged a complaint, through student services, and Dr. Ferebee-has not respon...
Read more

Unit 2 Discussion 2

10-18-2017 From: Miss. Bayo Elizabeth Cary, AA, BA, MLIS Unit 2 Discussion 2: Assignment: Based on the Radical Rewrite: Watch Your Tone! (Guffey & Loewy, 2016, p. 58), review the scenario and provide at least five specific writing errors. Include examples: Radical Re-writes: Basic Guidelines: "How can you make this message more courteous, positive, and precise? In addition, think about using familiar words and developing the 'you' view" (Guffey& Loewy, 2016, p. 58). Your tone of voice-either: positively or negatively, effects-how your messages are received. When communications, are: abrupt, truncated, emphatic, understated, etc.-and that is not the clear intention, of the writing-then, the intended reader, will not get your message. Tone of voice, encompasses, more-than just, a consideration, as to: how you are communicating, and who your intended audience is. The tone of voice chosen, communicates the formal professional nature, of your information, as well...
Read more