Question: Case Study A security blizzard Recently you attended a planning session for IT regarding the various security standards such as Payment Card Industry (PCI), HIPAA,

Case Study A security blizzard

Recently you attended a planning session for IT regarding the various security standards such as Payment Card Industry (PCI), HIPAA, OWASP, White House Directives, Technical Bulletins and alerts from anti-virus providers. The gaps between these guidelines recommended and what your company actually had in place were thoroughly reviewed and placed on a back log list. By the end of the multi-day session the back log list was quite lengthly. An attempt was made to prioritize them but the implementation of some would impact strategic business projects. Clearly the business will need to help prioritize the back log. But how best to engage the business, prioritize all these items and adequately mitigate risk across the enterprise? You recall from MIS 412, the COBIT 5.0 model, and think that it would be useful. You do a quick review of APO13 Manage Security before bringing this to your manager to solve this enterprise planning problem.

Using APO13 ( See D2L Content, Cobit Folder, Cobit 5 Enabling )

[Question 1 - 3 points] What are the three APO13 practice areas

Establish and maintain an ISMS.

Define and manage information security risk treatment plan

Monitor and review the ISMS.

[Question 2 - 6 points] What are the six key deliverables indicated by the three practice areas:

ISMS policy

ISMS scope statement

Information security risk treat plan

Information security business case

ISMS audit report

Recommendations for improving the ISMS.

[Question 3 - 3 points] Based on this case description, which activities ( of the 19 APO13 family) would you rate as the top 3 to help this situation?

Define and communicate information security management roles and responsibilities.

Formulate and maintain an information security risk treatment plan aligned with strategic objectives and the enterprise architecture. Ensure that the plan identifies the appropriate and optimal management practices and security solution, with associated resource, responsibilities, and priorities for managing identified information security risk.

Recommend information security training and awareness programmers..

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Part 1: Governance, Risk and Compliance (GRC) Question 1 : In your own words, define and given an example of each: Governance Definition Example Risk Definition Example Compliance Definition Example...

ISSUES IN ACCOUNTING EDUCATION Vol. 26, No. 3 2011 pp. 521-545 American Accounting Association DOI: 10.2308/iace-50031 Breach of Data at TJX: An Instructional Case Used to Study COSO and COBIT, with...

I need a 10 page paper for my MIS class. Please do not copy and paste as my school is getting stricter on plagiarism. I have attached the assignment and the sample \fData Analytic Thinking 1 Data...

1. Referencing the State of Kansas contract, you will find this is an IDIQ contract. Which other contract type could have been used for this contract? What are the pro and cons of the contract type...

Contract ID: 0000000000000000000046417 Event ID: EVT0006086 Page 2 TRA PER ASPERT 1. Terms and Conditions Office of Procurement and Contracts Kansas 1.1. Contract Documents In the event of a conflict...

Brose and FastFit are two very different organizations but both rely on information technology to enable business processes. What are the mission, goals, and representative strategies for these two...

I need assistance with the case requirement questions, Part A and Part B (Exhibit 3) and Background, scope, findings and conclusions (exhibit 4) Assessing Information Technology General Control Risk:...

2006 National Institute of Standards and Technology Technology Administration Department of Commerce Baldrige National Quality Program Arroyo Fresco Community Health Center Case Study 2006 National...

Case Study: Credit Card Heist at the Heartbreak Cafe How should Tom view and approach PCI-DSS compliance? What should be the roles of the franchisee, the franchisor, and the payment processor in...

I need help with Section 4 part A please look at the case study Assignment Tier 1 Financial Planning (Tier1FPPA_AS_v1A3) Page 2 of 92 Student identification (student to complete) Please complete the...

Wildcat Drilling has the following accounts on its trial balance. Required: Prepare the stockholders equity portion of Wildcats balance sheet. Debit Credit Retained Earnings Cash Additional Paid-In...

Larry and Laurie have found a home and made a $ 125,000 offer that has been accepted. They make a down payment of 10%. Their bank charges a loan origination fee of 1% of the loan and points of 1.5%...

it means that if our required return ( 1 0 . 3 % ) is less than the IRR, we should invest in the new machine. What is your recommendation?

Bostwick Company's perpetual preferred stock sells for $85 per share, and it pays an $7.20 annual dividend. If the company were to sell a new preferred issue, it would incur a flotation cost of 4% of...

1. Do you prefer a. doing a job that you are comfortable with and know well? b. doing a job that presents a new challenge every day? _______

3. Should a major donor receive special privileges, such as a job or college admission for a child?

4. Do you consider yourself a. mostly focused on the future? b. mostly focused on the present? _______