18 Mar You are part of a team selected by the Chief Information Officer (CIO) to perform a security audit for one of the companies expl
You are part of a team selected by the Chief Information Officer (CIO) to perform a security audit for one of the companies explored in this course:
- Vampire Legends (Wk 1)
- Cruisin’ Fusion (Wks 2–3)
- Devil’s Canyon (Wks 4–5)
Create a 10- to 12-slide presentation (not including the title and reference slides) that shows the results of your security audit based on the following audit process:
- Potential Risk to be Reviewed: Describe the risk.
- Example: Viruses and malware can negatively impact the confidentiality, integrity, and availability of organizational data.
- Regulation and Compliance Issues: Analyze how regulations and compliance issues could impact the organization.
- Provide a detailed analysis of regulations and compliance issues, beyond the simple explanation in score point two.
- Regulation and Compliance Resources and Tools: Analyze what resources and/or tools are available to address regulations and compliance issues.
- Describe the control objective and the specific controls you will evaluate to determine potential risk is mitigated. Please note that typically, there will be more than one control that should be reviewed for a potential risk.
- Example: Determine whether anti-virus software is in use.
- Example: Determine whether virus signatures are periodically updated.
- Example: Determine whether periodic virus scans are performed.
- Provide a detailed analysis of the resources and/or tools available, beyond the simple explanation in score point two.
- IT Security – Processes and Methods: Differentiate between the various processes and methods involved in management of IT security resources.
- Review the various options available to address those processes and methods previously explained, and which ones might be feasible.
- IT Security – Measures: Analyze the various security measures that could be taken within the organization.
- Demonstrate a detailed understanding of what the alternatives are to approach security, how much security is needed, different methods to employ, etc.
- Describe the criteria/measures that you will use to evaluate the adequacy of each area/review step that you review (i.e., what criteria will you use to perform your evaluation/how will you determine that the risk has been mitigated to an acceptable level).
- Example: 100% of servers and PCs have virus software installed.
- Example: 100% of the virus software installed is set to automatically update, including virus signatures.
- Example: 100% of the virus software installed is set to automatically perform a scan at least weekly.
Include a 1/2- to 1-page executive summary to support your presentation. This can be an extra slide in the presentation or MS Word document. Include appropriate references.
To: Chief Executive Officer
From: Chief information Officer
Date: 15th February, 2022
Subject: Strategy and the budget of the game Ancient Age
About my new situation as C.I.O. from Vampire Legends I have held several meetings to vouch for my insight and commitment to safety, morals and especially to our customers and the group that I am currently doing. It is very difficult for me to come to you with concerns about the moral and ethical thinking of our creative group. I’ve reached out to groups with difficulty understanding how they will deal with certain circumstances, but first I might want to look at the details of a proposed financial plan that we have worked on together.
I have attached a financial plan report to this memo release and will explain how we provide this breakdown feature for Vampire Legends.
With the $10MM spending plan, we propose dispensing $3MM of that to the advertising effort for Ancient Age of Vampires. We might want to offer our clients a multi day free preliminary of the spin-off before we begin charging month to month participation expenses. This not just allows our players an opportunity to ensure they love the game, and deal exhortation or pose inquiries, yet in addition gives those that cherished Vampire Legends the valuable chance to shape a solid dependence before their credit cards are at any point charged (Amin, Pan, & Zhang2022). It will cost us some labour to guarantee admittance to the players for the time for testing, yet we will bring in our cash back and start to produce significant benefit inside the initial 90-120 days.
· The IT office requires additional cost and manpower plans to deliver this extension. We should set aside maybe $3 million for the IT department to cover the extra time and security overhead to ensure programmers can’t access code or break into frameworks and get customer data. This, sir, is a point to be resolved in an instant. Dealing with security threats best starts with preventing and further harassing programmers before problems occur. Our staff made a deal to check log files, start manuals as well as problems programmed on the server and leave a little extra cash as extra thought for extra costs in case of a breakdown.
· $2 million in Digital Rights Management (DRM) further ensures games cannot be hacked, distorted or downloaded without being used by players or legally. We really want to enable and securely maintain certificates and customer approvals that prevent unauthorized customers from accessing the game without a valid contribution to the documents.
· Compensation increases, how much $2 million will be shared between IT and the progress team. Stating extended compensation would be useful and important to maintain a sense of commitment, reduce sales, and think I can offer to keep a finely tuned team with great chemistry together for a bright future at Vampire Legends.
Lastly, I might like to summarize the discussion I had with my group about the security vulnerabilities we had with the first Vampire Legends game and how the group would address them. We talked about the results, how they would behave, the appropriate precautions we have in place if this happens again, and the moral impact on our revenue stream (Messaoudi, 2022).
I needed to make sure I knew what kind of people I would be watching if I took this job, so I introduced our vulnerabilities and every in’s and outs they would know for sure. What I asked them at the time was how they would react to the decision, it is theirs. A surprising number of them said they were never able to notify the customer, and certainly never could report it to the police or the press. One worker dared to say that we don’t know if the programmers intend to use this data maliciously, so why randomize the pot (Deb & Roy, 2022). I think you really need to realize how our conversation has changed and create trust in a division you can rely on. For any security breach where customer information is retrieved or released or viewed by someone who is unable to request access, the accompanying steps are taken quickly:
· Contact the police to report a violation
· Stop all new game downloads
· Sending notifications to all end customers affected by an outage, reassuring them that we are doing our best to ensure that this type of outage does not occur at any time in the future. Find and direct programmers to the furthest corner of the law.
· Do what is necessary to find malicious code, run a malware scanner, and encrypt information if necessary.
· Send official statement
Ethics in any business, especially programming-based ones, is very important. When customers realize they can trust the organization they use the program with, they are obliged to pay for permits rather than flood because they see the benefits of paying for Watch items elsewhere. Whenever customers find out that their data has been stolen by the bank during a call, they more often lose trust and will refuse to work with this organization again. We have agreed that we will do what is ethically lawful and with the freedoms we normally assume, rather than using a silent and pleading approach.
I think you find the data in this update instructive and I hope to be amazing in my new work.I hope you’ve found the information in this memo to be informative, and I’m excited to impress in my new role.
Deb, R., & Roy, S. (2022). A comprehensive survey of vulnerability and information security in SDN. Computer Networks, 108802.
Messaoudi, M. (2022). Viewpoint Resolution: A Critical Evaluation. Journal of Computer Science and Technology Studies, 4(1), 54-60.
Amin, M. A., Pan, S., & Zhang, Z. (2022). Pavement maintenance and rehabilitation budget allocation considering multiple objectives and multiple stakeholders. International Journal of Pavement Engineering, 1-14.
This study source was downloaded by 100000841605059 from CourseHero.com on 02-15-2022 00:33:07 GMT -06:00
Contest Rules and Use of personal information
University Of Phoenix
Contest Rules and Use of personal information
The users of through the website will require that they provide information which may include personal information. Therefore, their consent will be required to ensure that they are fully aware of what they are doing. The information that we will collect will be used for different purposes that the users need to know and understand as well. The customers will give their consent by accepting terms and condition of services when registering.
The data that organization will collect will only be used by an organization for its own purposes and will not be exposed to unauthorized individuals. The organization has put in place strategies to protect the users’ data through strategies such encryption, data backup and organization data protection strategies.
The organization has also intellectual property that could benefit competitors in case they get access to the data. Therefore, different methods, such as trade secrets, copyrights, trademarks, and patent will protect the data from competitors benefiting from it.
The users of the system should worry about the data they are providing because the organization has implemented methods for protecting such and ensure that they are surety is guaranteed.
Shopping Cart Research and Blog Post
University Of Phoenix
Shopping Cart Research and Blog Post
Shopping Carts Research
The Square is shopping cart software for online websites consisting of small shops for customers. Square is an application developed for websites that need a point of sale system for their website. Allows payment by credit and debit cards through devices and client systems running iOS or Android. This includes an item management platform. Easy space to manage and implement shopping cart software.
PinnacleCart is software designed to provide easy-to-use software for users who are not necessarily familiar with the software. It is a platform for e-commerce websites. It allows website developers to customize the design of their online store.
-Cart is an easy-to-use software. This is possible for both small and large store websites. It focuses on getting customers to sell the items available on the site. It is a mobile friendly software in which the customer has the option of a mobile application.
The AbanteCart is the free open-source software. It can be customized easily according to the website in which it cooperates. It is feasible for small online business websites. It is easy to implement and follow.
3dCart includes many payment gateways for customer convenience. It is a complete ecommerce website platform designed to support online shops. 3dcart focuses on customer satisfaction.
Launching Shopping Cart
To Launch the Shopping Cart feature follow the below-mentioned steps:
Step 1: First of all after choosing the items that customer want to purchase from the website the customer select the cart option for payment so the first step includes a summary of the items that user has selected along with their prices.
Step 2: Adding the live chat option during purchasing the items will increase the selling rate for the website.
Step 3:Make sure that website has mobile-friendly checkout
Step 4: The shopping cart options must be formatted in a way that is easy to understand by the user.
Step 5: Provide only relevant details as too many options will create confusion for the customer.
Step 6: The payment process must be user-friendly.
Step 7: Assure the customer that placing an order on the website is safe.
The assurance can be achieved by using the logos that represent the security of the website. By providing the contact details if the customer has any query makes the customer feel safe during payment.
a. Differences between ethics, organizational policies, and laws
Ethics, organizational policies, and laws dictates how one should behave. In the cybersecurity, the three aspects governs an individual access and use of the data. However, the three are significantly different. Ethics are moral principles that an individual choses to uphold in his/her day to day activities (Furlotti & Mazza, 2020). We can say that ethic are the believes that one holds as which actions are right or wrong. Organizational policies principles that organization comes up with to guide the employee while they are undertaking their organizational duties. For examples, organization policies with regard of access and sharing of data. Laws are developed by a country to guide people on how to conduct themselves (Furlotti & Mazza, 2020). These laws are different depending on where they apply. For example, those that apply to cyber and internet use are different from that apply to general conduct of the people.
b. The shopping cart software holds the ethical trends in order to achieve consumer privacy:
An ethical trend involving developers is general data protection laws with characteristics that show how transparent user data is processed. Since the shopping cart functionality contains sensitive user data, it means that website developers offer additional security (Mahliza, 2020).
-The ethical trends of privacy policies with minimum requirements are:
· Application developer.
· Data collected.
· Legal basis for collecting user data.
· The name of the third party who has access to the information.
· Consumer rights.
c. Organizational policies that will be implemented to help protect consumer data
To protect user data from theft, all websites follow ethical privacy laws, which include restrictions on unauthorized access, security laws, and encryption.
Data protection laws should be listed on the website and easily understood by website users.
Protect user data from accidental loss and provide solutions for it.
Data protection includes data protection against theft and unauthorized access.
d. Ethical considerations for maintaining confidentiality and consumer data are:
· User privacy ethics include:
· Unauthorized people or organizations do not have access to user data.
· The right of who should have access to user data must be maintained.
· Consumer data should not be misused.
e. The various privacy regulations that uphold with the shopping cart software are:
The shopping cart follows a legal basis for collecting user data and includes the names of third parties who have access to user data.
It must not allow modification and disclosure of user data, except in some cases that depend on the software included on the shopping site.
Shopping cart software must include industry-based security measures such as:
Restricting internal access to user data, encryption and more.
Step by step explanation
Confidentiality and confidentiality of data:
Mahliza, F. (2020). Consumer trust in online purchase decision. EPRA International Journal of Multidisciplinary Research (IJMR), 6(2), 142-149.
Romanou, A. (2018). The necessity of the implementation of Privacy by Design in sectors where data protection concerns arise. Computer law & security review, 34(1), 99-110.
Furlotti, K., & Mazza, T. (2020). Code of ethics and workers’ communication policies: The role of corporate governance. Corporate Social Responsibility and Environmental Management, 27(6), 3060-3072.
Part B: Policies, Plans, and Risks
Policies and Security Plans
The security plans and policies are important for guiding how organizations information are safe from an authorized access. This policies and plans are designed for organization employees and guide the on what is needed of when using organization information technology infrastructure. The security polices lists and describe all the rules that these employees need to follow in an organization. On the other hand, the security plan stipulates the details on how the users implement the security policies (Lewis, 2017).
One of the concerns raised is the upload of video without the consent of the organization management as well as the creators. Therefore, one of the security policies is one state explicitly when one need to upload the videos from the organizations webcam mounted on the slopes.
The security plan will outline the policy implementation in the company. Devil’s Canyon guests will be required to sign the agreement in order to organization’s resources. The agreements form is an agreement that explains that guest can use and upload pictures and videos coming off the web cam. The policy will be critical when it comes to lawsuits that guest presents when they do not want their content to appear in the organization’s internet.
Devil’s Canyon Security Roles and Safeguards
The security plans that the Devil’s Canyon will implement will be critical in addressing the security roles and safeguards. The security role as per the plans will defines the users of the systems and their levels of access. This practice is critical for identifying users or guest in different levels and their roles explicitly. The organization will also create roles and explicitly state the individuals who will get access to the organization’s data. The organizations categorize the safeguards in two forms: human and physical safeguards (Lewis, 2017). Devil’s Canyon will define and assign human safeguards with the aim of preventing the human-originating security malpractices. On the other the physical safeguards will define those forms that will be needed to protect the system’s user’s rights, which include their information and other personal content such as their pictures and videos. The organization will let the users of the presents of webcam and the posting of their information in other sites such as social media.
Security Risks and Threats
Most organization have had to suffer much from the security risk and threats. Most of the threat and risk happening in the organization target the most crucial resource: data. Devil’s Canyon will ensure that there are minimal risks; therefore, the organization will few loopholes of security risk (McIlwraith, 2021). The organization will create action plan to cover its defenses. The following are five possible security risk that the company is anticipated to face:
1. The systems failure that could happen both internally and external and that have possibility of creating vulnerabilities that cyber criminals’ can exploit to access organization’s critical information.
2. Unclear Security compliance that does not explicitly state how it can offer security protection in the organization.
3. Missing cyber security policy that guides guest and users on how to safeguard their information and the organizational information from illegal and an authorized access by the cyber criminals (Routledge et al., 2017).
Human errors that come with lack of knowledge on how to protect the users’ information and sometimes some of the employees aid criminal activities by helping attackers access important information in the organization (Tabrizchi, & Kuchaki, 2020).
4. Missing incident response and recovery plan. The organization should have incident response and recovery plans put in place. The plans should state explicitly how an organization response to incidences that could lead the organization into exposing it critical information or incidence that could create loopholes that cyber criminals could exploit.
Devil’s Canyon is very cognizant of the information security and takes the matter to ensures that organizational information is safeguarded. The organization has ensured that there is a guaranteed security for the users’ critical contents valuable to other non-authorized individuals. It plans to ensures that users are protected from any type of threat and risk that could leak or expose users’ information to adversaries. Therefore, it has planned on implementing security plans and safeguards. Also, it has put in place incidence response and recovery plans that will guard and protect information resources minimizing information security risks and threats.
Lewis, K. (2017). Security Policies and Plans Development. In Computer and Information Security Handbook (pp. 565-570). Morgan Kaufmann.
McIlwraith, A. (2021). Information security and employee behaviour: how to reduce risk through employee education, training and awareness.
Routledge.Williams, T. A., Gruber, D. A., Sutcliffe, K. M., Shepherd, D. A., & Zhao, E. Y. (2017). Organizational response to adversity: Fusing crisis management and resilience research streams. Academy of Management Annals, 11(2), 733-769.
Tabrizchi, H., & Kuchaki Rafsanjani, M. (2020). A survey on security challenges in cloud computing: issues, threats, and solutions. The journal of supercomputing, 76(12), 9493-9532.
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.