Assignment:
Compliance Within IT Infrastructure Domains
Scenario S&H Aquariums' board of directors has been receptive to your plan for building an internal control system. They are eager to move forward and expand the company's IT infrastructure so they can begin processing credit card transactions through their Web site. The company has recently hired a new team member, Marcus, who will work with you to address some of the company's information technology needs. Marcus brings a good deal of expertise in IT, but he needs some additional training and development on information security and compliance issues. To bring Marcus up to date on the company's plans, you ask him to read the two reports you prepared for the board of directors (in Project Parts 1 and 2).
Next, you will meet with him to discuss the integrated internal control system and explain how such a system can be used to proactively prepare for audits. Clearly, there is a lot to consider! You decide to provide a presentation that is structured around the seven domains of a typical IT infrastructure. You will provide examples of controls that you think S&H Aquariums should implement, and explain how these controls relate to COSO and PCI DSS. You will also explain how this will, ultimately, help the company demonstrate compliance.
· Tasks Consider the seven domains of a typical IT infrastructure, as well as controls that are often associated with each of those domains.
· Based on your earlier analysis of S&H Aquariums and its compliance requirements (in Project Parts 1 and 2), which controls do you think S&H Aquariums should implement as part of the integrated internal control system? You may provide a table, map, or other visual aid to help you evaluate control options for each domain. Note: For this part of the project, consider how prospective controls align with COSO and PCI DSS. In an actual organization, the controls you implement would most likely align with additional frameworks/standards, but you are not required to research and document that for this project.
· A brief introduction
· A section for each of the seven domains in a typical IT infrastructure In each domain section:
· Explain what the domain is and why it is significant for compliance.
· Describe at least two controls related to this domain that you would recommend S&H Aquariums implement as part of its integrated internal control system.
· Provide your rationale for selecting each control; explain how the control relates to one or more principles of COSO and one or more PCI DSS requirements.
· Implications for Compliance
· Explain how use of the controls you have presented will support the company's efforts to demonstrate compliance.
· Conclusion