compliance-management-1

compliance-management-1

1. Our class focuses on integrating several aspects of information security/assurance. Part of an overall integrated approach to achieving a comprehensive information assurance program is compliance management. As you are aware there are a number of government regulations that affect both the public and private sector. Please read Learn the Science of Compliance.pdf. The author makes a strong case for centralized management of IT compliance and the use of software tools to assist in managing compliance programs.

You are the CISO of a large private financial company that is traded on the NY Stock Exchange. You were tasked by the the CIO to develop an IT compliance management program for your organization. What approach would you take to develop such a program? What regulations impact the organization? Would you consider the use of a compliance tool? If so which one and how would you justify the expense?

Remember to cite your sources and to give a complete answer to the questions posed above.

2. Wachovia case study

Read the Wachovia Case Study located here, http://gilbane.com/case_studies_pdf/CTW_Wachovia_Final.pdf#_Toc88022904.

Now, select five of the most important concepts that you identified that contributed to the success of integration of IT capabilities. Explain why you chose each one.

3.Google’s Privacy

Please read the Google Privacy Article.docx. The article discusses Google’s approach to Privacy. What do you think about their privacy policy? How would it impact an organization that is contemplating using Google as its enterprise communication platform? What social media services that Google provides would you allow your employees to use, and what type of policy would you recommend the company adopt for the use of Google services? What security risks do you foresee using Google Cloud services? Remember to cite your sources.

4.Vulnerability Assessment

After watching the two videos on Vulnerability Assessment, http://www.youtube.com/watch?v=EXyl0re1MZs and http://www.youtube.com/watch?v=GqhdQ6I6dMA, how can you use this methodology to combat risk? Describe a situation where you would use it and why? What challenges would you face in using it?