Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Peak View Sound Sources is a public company based in Denver, Colorado and is foc

ID: 3750924 • Letter: P

Question

Peak View Sound Sources is a public company based in Denver, Colorado and is focused on providing digital media and Web sites to music companies and musicians through the Mountain and West Coast regions. The company has a solid reputation and is starting to get some national and worldwide attention, with new prospective companies wanting to take advantage of the quality services they have seen on other existing Web sites.

Your company has been hired to assist Peak View Sound Sources (PVSS) to ascertain the security posture of the company's Information Systems resources and services. You are heading the team of auditors tasked to perform the audit and assessment.

You enter the company offices of PVSS and begin your analysis of the environment and situation.

Initial analysis has allowed you to determine that the company is made up of the following divisions:

Corporate Management and Support Staff: This organization contains the executive management, human resources, and accounting teams. All company decisions are directed from the management team.

Information Technology: This team manages the networks, servers, Web sites, and desktop environments for the company. The team has a perception of being difficult to work with, as they are slow to adopt new technology and slow to implement new offerings. The reality is that the team has resources and wants to uptake the newest and greatest technology, but they spend most of their time putting out fires and reacting to issues.

Media Content and Design: This team is in charge of working with the record companies and musicians to create the Web Sites and implement the product offerings that are sold.

Sales and Marketing: This team works with the musicians and record companies to offer and sell the services of PVSS.

There is a concern about the security of the infrastructure with respect to the ability to protect the copyrighted material that PVSS is given to host, because a single incident several years ago took place in which an entire new CD was released prematurely via the Internet. Although PVSS was not directly linked to the leak, there are suspicions surrounding PVSS.

Assignment Deliverables

As you continue your analysis, you see that the Information Technology (IT) department has developed several guidelines and procedures about how various systems should be considered and set up, but this is internal only to the IT department. Every time a new machine is set up and deployed, within a month, the configuration is changed.

Explain why you think the use of these guidelines and procedures is not sufficient and may not solve the problem. Consider how a company-wide policy program could help the situation.

As you begin to prepare your game plan to conduct an Information Security Audit, talk about why you think this current situation makes it difficult to identify the controls that need to be examined.

If you were performing this security audit, with which regulations would you want to ensure that PVSS complies? Why?

Explanation / Answer

Explain why you think the use of these guidelines and procedures is not sufficient and may not solve the problem.
-> It is known that the IT department is following its own internal policy and the company is followed policy need not be followed by IT team. I think this is the main reason for the issue.
-> There is a discrepancy between policies and procedures followed by the company and IT team which is within a company which slows down the processing involved.
-> The IT policy is not effective enough for many reasons. It is known that whenever a new machine is being set up and deployed a configuration is being changed. There should be a separate configuration team should have been set up to make any configuration changes in the system. Moreover, a new system cannot be adopted immediately. A proper training and steady adoption are needed for progressing from one to another.
-> There is something wrong with the process followed by support team for solving the issues. The issues are either temporarily fixed or closed due to lack of client action without giving a resolution.

Consider how a company-wide policy program could help the situation.
The company-wide policy would help to improve the process, avoids confusions, help to achieve a standardized goal of a company than a department. It helps to make things clear, easy and straightforward.

As you begin to prepare your game plan to conduct an Information Security Audit, talk about why you think this current situation makes it difficult to identify the controls that need to be examined.
-> The process followed by the company and department is different.
-> There are different new technologies adopted without proper training and support.
-> It might create ambiguity in understanding the policies.
-> Difficult to analyze the documents and Service Level Agreements.

If you were performing this security audit, with which regulations would you want to ensure that PVSS complies? Why?
-> Security benchmark followed by the company would be analyzed.
-> Identification of strengths and weakness of current security practices followed by the company.
-> Risk Mitigations processes in the place.
-> Validation of documents and policies.
-> Auto audit information of the process followed by the company.
-> Protection of confidential information as per precedence to a country.

Related Questions

Paz Inc. manufactures a product that contains a small motor. The company has alw
Question #2623158
Pb crystal has a FCC lattice structure with an atomic radius of 1.8 ? and atomic
Question #2288726
Pb(NO3)2 (aq) with KI (aq) What type of reaction is ? (combination synthesis, de
Question #839306
Pb(NO3)2(aq) and Na2CO3(aq). If a solid forms when solutions containing these sa
Question #1026414
Pb(s)| Pb 2+ (1M) || Ag + (1M) | Ag(s) Determine which of the following statemen
Question #545685
Pb(s)| Pb2+ (1M) || Ag+ (1M) | Ag(s) Determine which of the following statements
Question #950360
Pb(s)| Pb2+ (1M) || Ag+ (1M) | Ag(s) Determine which of the following statements
Question #950425
Pb+2 +2e- ---> Pb(s) Eo= -0.13V Ag+ + le- ---> Ag(s) Eo= +.80V Pb(s)| Pb2+ (1M)
Question #546008
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Peak Manufacturing produces snow blowers. The selling price per snow blower is $
Next
Peak experiences Please think back on your life and identify two peak experience

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.