Assignment:
Purpose:
This project provides an opportunity for you to apply principles related to auditing to ensure information systems are in compliance with pertinent laws and regulations, as well as industry requirements.
Required Source Information and Tools
To complete the project, you will need the following:
Course textbook:
Access to the Internet to perform research for the project.
- PCI Security Standards Council:
- Important PCI Compliance Information for Merchants:
- COSO Internal Control-Integrated Framework Executive Summary (2013):
- COSO Internal Control-Integrated Framework PowerPoint (2013):
Learning Objectives and Outcomes
You will be able to:
- Explain the purpose of PCI DSS
- Analyze business factors that influence PCI DSS compliance
- Describe potential consequences of failing to demonstrate PCI DSS compliance
- Apply standards and frameworks to the development of information security internal control systems
- Analyze the use of information security controls within IT infrastructure domains
Introduction:
Public and private sector companies are expected to comply with many laws and regulations as well as industry requirements to promote information security. Assessments and audits of the information technology (IT) environment help to ensure a company is in compliance. A successful information security professional must be able to assess a business's needs, evaluate various standards and frameworks, and develop a customized, integrated internal control system that addresses the company's compliance responsibilities. Furthermore, the professional must be able to communicate with various people-both inside and outside the organization-to facilitate awareness of how control activities mitigate weaknesses or potential losses that could compromise the company's information security.
Scenario:
S&H Aquariums' board of directors has been receptive to your plan for building an internal control system. They are eager to move forward and expand the company's IT infrastructure so they can begin processing credit card transactions through their Web site. The company has recently hired a new team member, Marcus, who will work with you to address some of the company's information technology needs.
Marcus brings a good deal of expertise in It but he needs some additional training and development on information security and compliance issues. To bring Marcus up to date on the company's plans, you ask him to read the two reports you prepared for the board of directors On Project Parts 1 and 2). Next, you will meet with him to discuss the integrated internal control system and explain how such a system can be used to proactively prepare for audits. Clearly, there is a lot to consider! You decide to create a presentation that is structured around the seven domains of a typical IT infrastructure. You will provide examples of controls that you think SW Aquariums should implement, and explain how these controls relate to COSO and PCI DSS. You will also explain how this will, ultimately, help the company demonstrate compliance.
Tasks:
1. Consider the seven domains of a typical IT infrastructure, as well as controls that are often associated with each of those domains. Need Assignment Help?
2. Based on your earlier analysis of S&H Aquariums and its compliance requirements (in Project Parts 1 and 2), which controls do you think S&H Aquariums should implement as part of the integrated internal control system? You may create a table, map, or other visual aid to help you evaluate control options for each domain. Note: For this part of the project, consider how prospective controls align with COSO and PCI DSS. In an actual organization, the controls you implement would most likely align with additional frameworks/standards, but you are not required to research and document that for this project.
As a reminder, you may use the textbook for this course and the Internet to conduct research. You are encouraged to respond creatively, but you must cite credible sources to support your work.
Submission Requirements:
- Format Microsoft PowerPoint
- Font: Arial 36-point headings, 20-to 32-point body text
- Citation Style: APA
- Length: 12 to 16 slides