Premium Essay

Assignment One Application of Risk Management Techniques

In:

Submitted By VassagoRaR
Words 376
Pages 2
The YieldMore HQ at Indiana houses the servers, the DMZ firewall, and is the end point for the sales

peoples VPN. The Production plants in OK and NE house similar LAN setups, using standard switches and

Ethernet (CAT5). The Routers outbound is a T1, piped out to HQ behind a firewall. The scattered sales

people connect using VPN.

This system is not inherently flawed, but there still exist some points of vulnerability where threats may

be able to attack successfully. The Users, namely sales personnel, could be the biggest vulnerability,

but by training, utilizing AD password controls and maintaining accountability the risk of their laptop

being lost, stolen or compromised decreases sharply. This is a risk that can be easily evaluated through

mitigation, keeping the employees accountable for their equipment, and minimizing cost to the

enterprise.

With such a wide geographical area the sales employees workstations may be infected or compromised

without their knowledge, which would be rare, but plausible. This can be worked with, but will leave

residual risk. Equipment can be provided to users such as laptop desk locks or even increades security

using biometrics. A cost-benefit analysis should be performed.

The routers at the remote sites may be susceptible to intrusion attacks, if no Intrusion Detection/

Prevention system is in place. As a remote site it is also possible that iOS patches and the like may not be

current. Documentation, vulnerability monitoring and mitigation by adding preventative measures, such

as encryption are advisable at production and headquarters site.

As the servers house a proprietary Management system, it is of the highest priority that these servers

be secured, physically and logically and be protected against attacks. The risk that this will go down is

inherent. WE can

Similar Documents

Premium Essay

Intl Business

... |The Business School | | |Course Code/ID: |BSMAN 3005 | | |Course Title: |Project Management | | |Teaching Location: |(Insert Teaching Location) | | |Program(s): |Bachelor of Applied Management | | |Author: |Alan Labas | | |Level: |Advanced ...

Words: 3271 - Pages: 14

Premium Essay

Bbs Introduce of Bbe

...ASB-3101 HUMAN RESOURCE MANAGEMENT Credits: 10 Contact hours: 23 Semester: 1 Pre-requisites: ASB-2104 Module organiser: Sally Sambrook Note: This module is available through the medium of Welsh (ACB-3101). Aims: To examine issues and developments in the field of contemporary human resource management (HRM). To develop an understanding of the complex issues facing human resource (HR) specialists and line managers in meeting their responsibilities for selecting, deploying, training, appraising, rewarding, relating to and retaining human resources. Learning Outcomes: On completing the module, students are expected to be able to: • Explain the contribution of the HR function to corporate strategy; • Discuss the processes of recruitment, assessment and selection; • Outline activities involved in developing human resources and facilitating learning; • Explain the link between rewards, motivation and performance; • Critically evaluate the changing employment relationship, assessing the role of trade unions and other forms of employee involvement. Module Content: • History of the HR function, theories and models of HRM; • The roles and responsibilities of stakeholders in HRM; • The changing nature of work, managing diversity, technology and flexibility; • Human resourcing: recruitment and selection, human resource planning; • Reward and performance management; • Employee relations, employment legislation...

Words: 9120 - Pages: 37

Premium Essay

Is3110 Week 1 Assignmnet 1

...Gregory Swinehart IS 3110 Risk Management in Information Technology Security Week 1 Assignment 1 Risk one: Application Server Host Threat: Denial of service or distributed denial of service attack Vulnerability: The organization doesn’t use intrusion detection system Impact: Depending on the attack, the credibility of the company could be affected Harmful Event or Loss: Lost of productivity due to unable to access applications and services Likelihood of Occurrence: 24/7 Risk Management Techniques Use: Avoidance Company should configure Firewall setting and implement both IPS and IDS to strengthen the system to avoid vulnerabilities Risk two: Database Server Threat: Equipment failure due to environmental disaster impact such as fire or tornado Vulnerability: The organization does not have a data backup contingency plan Impact: The possible loss could affect functionality of the company Harmful Event or Loss: Lost of productivity, data availability Likelihood of Occurrence: Likely to occur because Indiana, Nebraska and Oklahoma are in the Tornado Alley Zone Risk Management Techniques Use: Avoidance and Transfer Create a strategic disaster recovery plan for the company to recovery data. Store backup data on secure off-site location or use secure third party Cloud service to manage the data. Use RAID method to improve data redundancy. Risk three: Window Vista Workstations Threat: Social Engineer Vulnerability: Windows Vista is vulnerable to virus...

Words: 474 - Pages: 2

Premium Essay

Adms

...Outline AP/ADMS 4552 3.0 Section A and B Information Systems Audit Term: Fall 2013 COURSE: AP/ADMS 4552 3.0 Sections A and B Information Systems Audit Schedule First day of class: Section A: Wednesday, September 11, 2013 11:30 AM – 2:30 PM, Location: HNE 030 Section B: Thursday, September 12, 2013 7:00 PM – 10:00 PM, Location: HNE 032 REQUIRED COURSE TEXT/READINGS: • Hall, James A., (2011), Information Technology Auditing, 3e, Mason: South-Western Cengage Learning (Referred to as “IT Audit Text” in the Readings List for each class) • Additional material as listed in the course outline. This includes articles referenced by links, readings from books that were required for prerequisite courses, cases and assignment details posted on our web site. • CICA Assurance Handbook, as available online from York University library, (referred to as “Handbook” in the Readings List for each class). Selected readings are from: [Note this book is available on reserve at the business library in the Schulich building if you do not have a copy.] • Arens, A., R. J. Elder, M. S. Beasley and I. B. Splettstoesser-Hogeterp. 2011. Auditing: The Art and Science of Assurance Engagements, Canadian 11th Edition, Pearson Prentice Hall: Toronto. (Referred to as “Audit Text” in the Readings List) References for the 12th Canadian edition of the Audit text (as an alternative to the 11th edition) will be provided separately as a document on the course web...

Words: 3433 - Pages: 14

Premium Essay

Cis 525 Week 10 Term Paper

...CIS 525 Week 10 Term Paper, Term Paper: Using Agile Project Management on Mobile Application Development Due Week 10 and worth 150 points Fictitious assumptions and details may be assumed or created for the completion of this assignment. Imagine you are the project manager for a critical project for an organization. The organization wants to implement an application on an iPad and Android Tablet such that the marketing executives and managers can get near real-time updates on how effective their marketing campaigns are doing. Since this project is so critical to the overall financial health of the company, you were asked to complete this project in three (3) months. Your business sponsors are very interested in your approach to manage this project and they are also demanding to see what the project team can deliver on a weekly basis. Due to the tight deadline, the project team was assembled quickly with ten (10) team members of various backgrounds. There are three (3) offshore developers in India and two (2) QA testers in San Francisco, CA. The rest of the project team and the product owner are in Herndon, VA. The team members were unfamiliar with each other. Additionally, there are ethical issues. For example, a developer has been consistently blaming an analyst for his accent that has little to do with project development. Another QA tester rarely spoke out in the meeting, but consistently went to her management to complain about a couple project team members for lacking...

Words: 653 - Pages: 3

Free Essay

Operations Research

...Year | 2015-16 | Academic Term | T1☐ T2☐ T3☐ T4☐ T5☐T6☐ | Functional Areas | OPERATIONS MANAGEMENT | Core ☐ Elective x☐x | Title | Quantitative Methods II | Abbreviation | QM-II | Course Coordinator | Prof. RAVI SHANKAR | Teaching Members | | Course Revision Record Version | Version Date | Recommendation | 1 | 05 Sept 2015 | | Credits | 3 | Contact Hours | 30 | Learning Hours | 60 | Office Hours | 30 | Contact Details | 09811033937 | Course eMail | r.s.reaches@gmail.com | Course Descriptor Course Overview(200 words) | Quantitative Methods-II, focuses on ‘Operations Research’ tools which helps in solving problems in different functional domain of business. It also helps to optimize business operations/processes. The Quantitative Method-II tools act as aids to decision makers to take best decision for effective & efficient use of resources which ultimately lead to profit maximization or to achieve multiple goals or objective. | Course must be aligned with a strategic objective of the program Prerequisites/Co-requisites | Quantitative Methods I | Learning Objectives | To learn basic optimization techniques and their managerial applications with a focus on methodologies such as Linear Programming, Transportation models, Assignment Models, Transhipment Models, Games Theory, Queuing Models, Goal Programming, Integer Programming, Non-linear Programming, Simulation and Decision Theory. | Learning objectives must be aligned with learning...

Words: 1342 - Pages: 6

Premium Essay

Rbs Masters 2014-2015 -- Module Description Mlmlms112 - 20140701

...MLMLMS112 Module Supervisor: P Cadovius Date of Publication: 1-09-2014 Academic Year: 2014 - 2015 Study load: 3 EC Master in Logistics Management Program Leading and Managing Supply Chains Module Code: MLMLMS112 Module Supervisor: P Cadovius Date of Publication: 1-09-2014 Academic Year: 2014 - 2015 Study load: 3 EC Master in Logistics Management Program Table of Contents 1 Educational content 3 1.1 Short outline module 3 1.2 This module contributes to the competency/cies: 3 1.3 Context / interconnection 3 1.3.1 Learning Tracks 3 1.3.2 Relation with other modules/subjects 3 1.4 Entry requirements 3 1.4.1 Starting Level 3 1.4.2 Conditions 3 1.5 Learning outcomes 3 1.6 Compliance 5 2 Assessment 9 2.1 The assignment 9 2.2 Product 11 2.3 Test criteria 11 2.4 Assessment procedure 12 2.4.1 Assessment Methods 12 2.4.2 Fraud & plagiarism 12 3 Working method and support 12 3.1 Module information 12 3.2 Practical information 12 3.3 Teaching method and coaching 13 3.4 Programming and Planning 14 3.5 Literature 16 3.6 Complaints 16 4 Appendices 17 MLM Block 3 19 Educational content Short outline module Leading and Managing Supply Chains is designed to provide students with in-depth knowledge and understanding of the skills, processes and techniques used to coordinate activities across the supply chain to support the achievement of a company’s supply chain goals. This module contributes...

Words: 5418 - Pages: 22

Premium Essay

Test

...Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110  NT1210 Structure and Introduction to  ComputerLogic Networking    IS3120 IS3110 NT1210 Network  Risk Management in Introduction to General Education / General Studies NT2580 NT2799 Communications Information Technology Introduction to Information ...

Words: 2305 - Pages: 10

Premium Essay

Quantitative Methods in Management

...Quantitative Methods in Management Q M M   Session One Asato ma sat gamaya, tamaso ma jyotir gamaya, mrityo ma amritam gamaya ‘Lead me from the superficial to the worthy, from darkness to light and from stagnation to zestful living’ Brahadaranyaka Upanishad (1,3,28) [pic]M C Escher http://www.theorsociety.com/Science_of_Better/htdocs/prospect/index.asp What is Operational Research? The discipline of applying appropriate analytical methods to help make better decisions. By using techniques such as problem structuring methods (sometimes known as 'Soft O.R.') and mathematical modelling to analyse complex situations, operational research gives executives the power to make more effective decisions and build more productive systems based on: • More complete data • Consideration of all available options • Careful predictions of outcomes and estimates of risk • The latest decision tools and techniques Linear Programming Operations management often presents complex problems that can be modelled by linear functions. The mathematical technique of linear programming is instrumental in solving a wide range of operations management problems. Linear programming is used to solve problems in many aspects of business administration including: • product mix planning • distribution networks • truck routing • staff scheduling • financial...

Words: 1401 - Pages: 6

Free Essay

Abcd

...Course credit Course credit Course credit Language Skills @ Written Analysis & Communication @ Soft skills II @ Employability Skills @ IT & MIS 2 Soft skills I @ Computing skills 2 Social Media Marketing @ 2 Legal Aspects of Business 2 Business Strategy 3 Management Control Systems 3 Micro Economics 3 Macro Economics 3 Business Environment 3 Business Ethics & Corporate Governance 2 Quantitative Methods-1 3 Business Research Methods 3 Quantitative Methods-2 3 Core Elective-1 3 Core Elective1 3 Core Elective-2 3 Core Elective2 3 Elective-1 3 Elective-1 3 Elective-2 3 Elective-2 3 Grand Project-1 3 Grand Project-2 3 Principles of Management Basic Building Blocks Autumn Break Executive Skills Organisational Behavior Human Resources Management 3 Marketing Management 1 3 Marketing Management -2 3 Understanding Financial Statements 3 Financial Mgt 3 Operation Management Management Domain 3 3 Basics of Business Planning 2 Electives Credits Autumn Break credit SUMMER INTERNSHIP Course S 1 22 S 2 24 Total Credits 2 8 S 3 21 S 4 20 95 Index Sr.No Subject Faculty Credits 1 Written Analysis & Communication Prof. Dhriti Banerjee @ ...

Words: 7010 - Pages: 29

Premium Essay

Savanah City Manager

...Schulich School of Business York University Course Outline MGMT 5150K: Skills for Leadership September, 2015 Instructor: Alexandra Campbell acampbell@schulich.yorku.ca COURSE DESCRIPTION This course develops the thinking and reflective skills required for leadership in a turbulent world. Drawing on complexity science, the course applies a multiple perspectives framework to challenge embedded assumptions and advance students’ ability to think creatively, analytically and strategically. Students learn to identify and reframe complex problems more effectively, and to develop and communicate actionable solutions compellingly. This course will introduce MBA students to some of the new mindsets needed for success in today’s turbulent and complex global environment. For example, today’s leaders must have the capacity to accept and deal with unpredictability and be adept at recognizing and integrating multiple perspectives and priorities. They must be able to spot and anticipate emerging trends and patterns; ask and explore provocative questions about their organizations and the world at large; deal with challenging ethical issues; and generally think both “inside” and “outside the box” in a deep and probing way. LEARNING OUTCOMES The course develops and enhances students’ ability to deliver compelling and coherent presentations; to apply analytic, critical and strategic thinking to complex business problems and to reflect and identify underlying assumptions...

Words: 2396 - Pages: 10

Premium Essay

Project Management for Business

...Project Management for Business LO1 Project management principles Introduction of project management Project management is a planned and structured effort to achieve an objective or is the process of managing, allocating, and timing available resources to achieve the desired goal of a project in an efficient and expedient manner, for example, creating a new system or constructing a project. Project management is widely recognized as a practical way of ensuring that projects meet objectives and products are delivered on time, within budget and to correct quality specification, while at the same time controlling or maintaining the scope of the project at the correct level. Project management includes developing a project plan, which includes defining and confirming the project goals and objectives, identifying tasks and how goals will be achieved, quantifying the resources needed, and determining budgets and timelines for completion. It also includes managing the implementation of the project plan, along with operating regular 'controls' to ensure that there is accurate and objective information on 'performance' relative to the plan, and the mechanisms to implement recovery actions where necessary. Projects usually follow major phases or stages (with various titles for these), including feasibility, definition, project planning, implementation, evaluation and support/maintenance Principles of project management The Success Principle The main goal of project management...

Words: 7296 - Pages: 30

Premium Essay

Acc 578 Complete Course Acc578 Complete Course

...Discussion "Fraud  "  Please respond to the following: * From the e-Activity, evaluate the cause(s) of the fraud. Recommend a strategy that could have prevented the fraud. Support your recommendation with examples. ACC 578 Week 2 Discussion 1 "Data Analysis and Fraud Investigation" Please respond to the following: * Imagine that you have been hired as a fraud examiner to review the risk of fraud at a major retailer. Analyze the data analysis tools available to you and propose a plan for which tools you will use. Provide a rationale for your plan. ACC 578 Week 2 Discussion 2 "Audit Objectives and Computer Analysis" Please respond to the following: * You have been tasked by your audit manager to develop an audit plan of a major bank.  Propose the key elements of your audit plan and the end result you expect from implementing the audit. Justify the key elements you chose for the plan. * From the e-Activity, analyze the systems the company used and propose a computer analysis plan that would have detected the fraud. Support your analysis with examples.  ACC 578 Week 2 Assignment 1 Fraud Prevention and Detection Policy Due Week 2 and worth 160 points You are a senior accountant at a new start-up information technology company known as Dingwow Inc. You have just recently been hired and the company has charged you with recommending a fraud policy. Use the Internet, Strayer databases, or your text, to research the elements of an effective fraud policy. Write a...

Words: 2341 - Pages: 10

Premium Essay

Accounting Information Systems

...design. Topics include business information systems, business processes and data flows, database concepts and tools, internal control and risks, auditing the information system, and using the information system to perform audit functions. Policies Faculty and students/learners will be held responsible for understanding and adhering to all policies contained within the following two documents: University policies: You must be logged into the student website to view this document. Instructor policies: This document is posted in the Course Materials forum. University policies are subject to change. Be sure to read the policies at the beginning of each class. Policies may be slightly different depending on the modality in which you attend class. If you have recently changed modalities, read the policies governing your current class modality.   Course Materials   Bagranoff, N. A., Simkin, M. G., & Strand Norman, C. (2008). Core concepts of accounting information systems (10th ed.). New York, NY: Wiley.   Hunton, J. E., Bryant, S. M., & Bagranoff, N. A. (2004). Core concepts of information technology auditing. Hoboken, NJ: Wiley.   O’Brien, J. A. & Marakas, G. M. (2008). Management information systems (8th ed.). Boston, MA: McGraw-Hill.   All electronic materials are available on the student website.   Week One: Characteristics of Accounting Information Systems |   | Details | Due | Points | Objectives | 1.1   Describe the characteristics...

Words: 2104 - Pages: 9

Premium Essay

Threats/Vulnerabilities

...Week1 Assignment 1: Application of Risk Management Assume the role of an IT manager assigned by Yield More's senior management to conduct the following risk management tasks. 1. Identify, analyze, and explain several (at least five) likely threat/vulnerability pairs and their likelihood of occurrence in this scenario. In this scenario some of the most likely pairs of threat/vulnerability pairs are location, equipment failure, social engineering, Denial of Service (DOS), and Mal ware. The reason I chose these threats is because they seem to be the most problematic for this company. The first one is location according to the scenario the servers are all housed in the company headquarters where if an a natural or man made disaster happened it would cripple the companies infrastructure. I would have advised the management to distribute there severs to different locations. In doing this if one goes down due to any natural or man made disaster it wouldn't matter because the other two could take up the slack. Another pair is equipment failure according to the scenario each server has its own specific function that it handles and nothing else. It would help mitigate some of the risk that would happen if each server along with handling there own problems would also handle tasks if the other servers went down. Social engineering is a problem because it is dependent on the user or the person. Social engineering is hacking the person for information that might need to be able...

Words: 825 - Pages: 4