Page 1 of 4 SBM4304 IS Security and Risk Management Semester 2, 2018 Assignment 2: Essay Due date: Week 7 Group/individual: Individual assignment Word count: 2000 Weighting: 40% Unit learning...

1 answer below »
I’m providing the assignment details below and I need it by the due time


Page 1 of 4 SBM4304 IS Security and Risk Management Semester 2, 2018 Assignment 2: Essay Due date: Week 7 Group/individual: Individual assignment Word count: 2000 Weighting: 40% Unit learning outcomes: [ULO3], [ULO5], [ULO6] Rationale In the Essay assignment students have to study the different types of IS control. Research must be conducted to understand and analyse the difference between general management controls and application controls. The students have also to evaluate the security and risk management techniques required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes. Finally, they have to demonstrate how the auditing can support data quality. Task Specifications Students should select an organisation. The organization must provide IS services to the staff and customers. The students have to write a report to answer the followings related to the selected organization: 1. Briefly illustrate the services the organization provided and how the use of information system supports the organization business operations. 2. Any organization use General Management Controls (GMCs) to manage its risks. This control forms the foundations of internal control system and help provide efficient defense against threats. Outline and discuss the GMC of the selected organization. 3. Application Controls (ACs) for IS are specific type of control used by organizations to control computerize applications such as payroll systems, online learning systems and other business-related applications. Discuss the different types of ACs. 4. Compare general management controls and application controls for IS. 5. Describe and evaluate the risk management techniques adopted by the selected organization required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes. Your evaluation of the risk management must include risk identification, risk assessment and risk control related to the selected organization. 6. Auditing is the process of reviewing of systems use to determine if misuse has occurred at any bussing process of the organization. Critique the importance of Page 2 of 4 auditing IS and safeguarding data quality for the selected organization. Illustrate the audit plan and process used by the organization. You may need to make some assumptions with the required justifications. Report Layout The report should be organised using the following headings and guidelines: 1. A Cover Title Page 2. Introduction - should clearly define the aims and objectives of the report. 3. A depiction of the services the organization provided and how the use of information system supports the organization business operations. 4. General Management Controls (GMCs) of the selected organization. 5. Types of Application Controls (ACs). 6. Compare general management controls and application controls for IS. 7. Risk management techniques adopted by the selected organization a. Reliability, confidentiality, availability, integrity and security. b. Risk identification, risk assessment and risk control. 8. Importance of auditing IS and safeguarding data quality for the selected organization. - audit plan - audit process 9. Conclusions and Recommendations - A summary of your findings and your recommendations regarded the security and risk management. 10. Reference Page 3 of 4 Assessment criteria SBM4304 IS Security and Risk Management Semester 1, 2018 Worth 40% Marking Criteria: Student ID: Student Name: Assessment Attributes Level of Attainment Fail Pass Credit Distinction High Distinction Compare general management controls and application controls for IS (30%) Inadequate understanding of general management controls and application controls for IS; cannot discuss concepts in own words Basic knowledge only of general management controls and application controls for IS; limited depth of basic concepts Exhibits breadth and depth of understanding of general management controls and application controls for IS Exhibits accurate and detailed breadth and depth of understanding of general management controls and application controls for IS Displays exceptional understanding of concepts and their practical application of general management controls and application controls for IS Evaluate the IS- related security and risk management techniques required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes (30%) Inadequate understanding of IS-related security and risk management techniques required to ensure the reliability, confidentiality , availability, integrity and security of digital business processes; cannot discuss concepts in own words Basic knowledge only of IS- related security and risk management techniques required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes; limited depth of basic concepts Exhibits breadth and depth of understanding of IS-related security and risk management techniques required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes Exhibits accurate and detailed breadth and depth of understanding of IS-related security and risk management techniques required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes Displays exceptional understanding of concepts and their practical application of IS-related security and risk management techniques required to ensure the reliability, confidentiality, availability, integrity and security of digital business processes Critique the Inadequate Basic knowledge Exhibits breadth Exhibits accurate Displays exceptional Page 4 of 4 importance of auditing IS and safeguarding data quality (20%) understanding of the importance of auditing IS and safeguarding data quality; cannot discuss concepts in own words only of the importance of auditing IS and safeguarding data quality; limited depth of basic concepts and depth of understanding of the importance of auditing IS and safeguarding data quality and detailed breadth and depth of understanding of the importance of auditing IS and safeguarding data quality understanding of concepts and their practical application of the importance of auditing IS and safeguarding data quality Written Communication skills (15%) Proposal lacks structure. Most components present Components present and mostly well integrated All elements are present and very well integrated. All elements are present and very well integrated. Citation of sources and list of references (5%) Lacks consistency with many errors Sometimes clear referencing style Generally good referencing style Clear referencing style Clear styles with excellent source of references. TOTAL MARKS: 100% Total Marks Obtained: Comments: Lecturer: Location: Date:
Answered Same DayAug 09, 2020SBM4304

Answer To: Page 1 of 4 SBM4304 IS Security and Risk Management Semester 2, 2018 Assignment 2: Essay Due date:...

Sanchita answered on Aug 10 2020
147 Votes
Assignment        1
    
Information System at Starbucks
Introduction
Starbucks is the biggest coffee-chains in the world. It is headquartered in America and has outlets in more than 60+ countries in the world. Though, Starbucks has not been too successful in Australia, nevertheless, it is an organisation that handles millions of transactions everyday across the globe and hence it is of prime significance for t
he organisation to have a proper and well integrated Information System (IS) in place. It is a known fact that irrespective of the size of the organisation, it needed to have a security plan so that it can well ensure the safety and security of their valuable information, confidential data and other ancillary aspects of transaction-handling; if compromised with can prove detrimental for the business. Thus, it is pivotal to have a security plan in place. A security plan ensures the safety of their assets, personnel and facilities.
Starbucks Corporation is a famous coffee-chain and it offers its customers man varieties of coffee, snacks and similar consumables. On an average day, a single outlet handles more than 5000+ customers a day. And as Starbucks operates in many different parts of the world, the number of customers that it handles it magnanimous, thus Information system is used to handle and aid in the transaction process. It is imperative to note that as an organisation, it does not form working and business relationship with just its long list of customers but also its wide network and range of vendors, suppliers and even investors. Starbucks uses Information System to handle all these transactions in an organised, safe and secure manner.
There are two types of the internal control in the world of computer audit, one is General management control (GMCs) and another is Application Control (AC). As now, almost in every sphere of business, computers and digitisation of data have become an indispensible part of the business, it has become increasingly easier to collect, organise, process and disseminate data. Such rapid explosion and adoption of technology has expanded the ambit of business and has made such large-scale expansion of business possible. However, it has also posed some great risks and dangers for the organisations. With rapid exchange and flow of data digitally, there is consistent possibility of security threat and risks. Such security threats can generate tremendous badwill and bad reputation for the organisation, This report aims to analyse and assess the IS used by Starbucks to handle such large transition traffic and how it safeguards such large pool of confidential and valuable data.
Outline and GMC of Starbucks
At Starbucks, General Management Control constitutes of transforming data into meaningful information and making it available for employee serving different department who use it as per their needs and requirements. At starbucks, there is huge interdependence between different departments for information, data and directions of flow of operations. At times, information is collected from different departments in order to make decisions. Hence, Starbucks takes it very seriously to establish a good communication channel for all the different departments of the organisation (Corp, 2016). Starbucks has curated a web portal that has two ways of access; the store portal and the partner portal. The store portal is used by workers who are employed at the store to gather information primarily about the customers and the partner portal is used by higher executives and managers to oversee other operations of the company such as expansion, investment, disinvestment, partnership, diversification etc. This system was implemented by Starbucks in the year 2003 and since then, it has turned out to be the primary tool of information dissemination at different organisational level. Over the years, the paper work has been drastically reduced and has been substituted by digital means of information storage (Perfil, 2013).
In the recent years, the GMC has moved towards building of Enterprise Security...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here