RESPONSES 1:
What advice does the FBI provide in protecting against computer fraud? Do you feel that the Government is doing a sufficient job in this area?
The FBI provides tips on how to avoid being a victim and what to do if you believe you have been a victim. The FBI's Cybercrime division includes a wealth of material on its website, including Key Priorities, Ransomware, Identity Theft, Related Priorities, How to Protect Your Computer, and External Links, all of which are intended to assist in the fight against cybercrime and computer fraud. (Federal) A few crucial factors of safeguarding oneself against computer fraud are discussed on the website. The primary source of fraud and identity theft is Personally Identifiable Information (PII). A user must be aware of how to avoid revealing personally identifiable information (PII). If a person is a victim of fraud, there are procedures that may be done to mitigate the negative consequences, such as alerting any major credit cards and credit monitoring agencies. The government is doing all it can legally to protect, control, and punish criminals. They may, however, focus on getting the information out to the public. Because technology is becoming more complicated and pervasive in all parts of life, it is critical to disseminate cyber security knowledge to the general population.
Define COBIT and it's control objective. Do you feel the framework is detailed enough to serve your organization? Why or why not?
The effectiveness of Control Objectives for Information and Related Technologies (COBIT) is entirely dependent on the organization's objectives. It's a framework based on "best practices" for maximizing corporate efficiency via IT governance and management. COBIT 5 focuses on five key aspects to ensure success. Audit and assurance, risk management, information security, regulatory compliance, and enterprise IT governance are the domains covered. (Federal) Given COBIT 5's in-depth approach, I find it difficult to disagree with the framework for any company. The government, overall, is doing all it can to protect, govern, and punish violators. They may, however, focus on getting the information out to the public. Because technology is becoming more complicated and pervasive in all parts of life, it is critical to disseminate cyber security knowledge to the general population.
What are the components of a good policy framework? Provide an example of each of these components.
The COBIT 5 components that make up a good framework are given above. If a company employed all five of them, I think there would be very little space for mistake. The five sections seem to include both risk assessment and management, as well as ensuring that the business is compliant and well-governed.
What is the Deming cycle approach? How does this approach help improve quality?
The Deming cycle technique, often known as the Plan-Do-Check-Act (PDCA) wheel, is a good, simple way to solve problems. The PDCA loop is similar to the OODA loop used by the Air Force for decision-making. The distinction is in the words rather than the notion. Observe, orient, decide, act is like PDCA, but with subtle differences that make sense for the government and may be too detailed for private enterprises at times.
Why is it important for IT Auditors to know about the legal environment of information systems?
Information systems may be placed everywhere on the planet and operate in a variety of legal "environments." When auditing IT systems, IT auditors must be aware of local, national, and occasionally worldwide rules and regulations. It's a difficult process, but it's vital to assure compliance.
RESPONSES 2:
The FBI offers some very scant information in regards in how to protect yourself and your businesses from internet fraud. Generally, their guidelines follow the typical measures that you would find in any environment. They recommend that you keep your firewall turned on, install or update antivirus software, install or update antispyware tools, keep your OS up to date, be careful in what you download, and turn off your computer when it is not needed. The FBI also offers a word of warning for P2P systems. I feel that while for specific enterprises this is likely an insufficient list of measures to be taken, as each business needs to determine what is acceptable risk and what is not it is a good general list to abide by. I believe that what they could do better is to tell users reading this information that it is not exhaustive, and their case may require different controls to maintain a secure cyber posture.
COBIT is a framework used for IT governance and management. It is supposed to be a tool for management to be able to better control security issues within the organization. It provides a method for bridging technical issues, business risks and control requirements. Its main control objective is to give effective organizational governance for management teams. This framework would work well in most organizations but should probably be used in conjunction with other frameworks because COBIT in and of itself does not necessarily provide all the tools and methods for completing certain tasks.
To craft a good policy framework there needs to be three components of the framework itself, Policies, Standards, and Guidelines. Policy frameworks start at the top with the policy which describes the general belief, goal, or objective. An example of the policy portion of the framework could be “Users are required to identify themselves when in corporate buildings.” The standards come next and they support the policies, and example of a standard could be “Users are required to wear company provided identification in clear view on your person”. Lastly are guidelines that further support the policy and the standard, which could be something like “Be sure to keep your ID on you at all times during working hours, report to HR if you forgot your ID or have lost it.”
The Demning cycle is a way to conduct specific tasks within an organization. It is a cycle where you are required to plan, do, check, and act. This approach helps improve quality by providing a method in which we can implement changes to a system and monitor is ability to perform the required functions.It is important for IT auditors to know the legal environment of information systems because there are many regulatory requirements for organizations to follow, which will need to be taken in account when conducting and IT Audit of that particular system.
Sample Solution