You are an ERM consultant, retained by Intuit to re-implement their ERM. They have decided to start over and develop a new ERM for their current organization. Would you recommend that the base their new ERM on PM2 Risk Scorecard or ISO 31000? Explain why you would choose one over the other. You must use at least 2 paragraphs (of you own words) to justify your answer.

To complete this assignment, you must do the following

 As indicated above, assume that you are an ERM consultant, retained by Intuit to re-implement their ERM. They have decided to start over and develop a new ERM for their current organization. Would you recommend that the base their new ERM on PM2 Risk Scorecard or ISO 31000? Explain why you would choose one over the other. You must use at least 2 paragraphs (of you own words) to justify your answer.

 

"Looking for a Similar Assignment? Order now and Get 10% Discount! Use Code "GET10" in your order"

In today’s world, both government and the private sector are struggling to provide a secure, efficient, timely, and separate means of delivering essential services internationally. As a result, these critical national infrastructures systems remain at risk from potential attacks via the Internet.

It is the policy of the United States to prevent or minimize disruptions to the critical national information infrastructure in order to protect the public, the economy, government services, and the national security of the United States. The Federal Government is continually increasing capabilities to address the cyber risk associated with critical networks and information systems.

Please explain how you would reduce potential vulnerabilities, protect against intrusion attempts and better anticipate future threats.

 You must do the following:

1) Create a new thread. As indicated above, please explain how you would reduce potential vulnerabilities, protect against intrusion attempts, and better anticipate future threats.

 

"Looking for a Similar Assignment? Order now and Get 10% Discount! Use Code "GET10" in your order"

Read through the following scenario complete the following case study:

Background:

No-Internal-Controls, LLC is a mid-sized pharmaceutical company in the Midwest of the US employing around 150 employees. It has grown over the past decade by merging with other pharmaceutical companies and purchasing smaller firms.

Recently No-Internal-Controls, LLC suffered a ransomware attack. The company was able to recover from the attack with the assistance of a third party IT Services Company.

Attack Analysis:

After collecting evidence and analyzing the attack, the third party was able to recreate the attack.

No-Internal-Controls, LLC has a number of PCs configured for employee training

These training computers use generic logins such as “training1”, “training2”, etc. with passwords of “training1”, “training2”, etc.

The generic logins were not subject to lock out due to incorrect logins

One of the firms purchased by No-Internal-Controls, LLC allowed Remote Desktop connections from the Internet through the firewall to the internal network for remote employees

Due to high employee turnover and lack of documentation none all of the IT staff were aware of the legacy remote access 

The main office has only a single firewall and no DMZ or bastion host exists to mediate incoming remote desktop connections

The internal network utilized a flat architecture

An attacker discovered the access by use of a port scan and used a dictionary attack to gain access to one of the training computers

The attacker ran a script on the compromised machine to elevate his access privileges and gain administrator access

The attacker installed tools on the compromised host to scan the network and identify network shares

The attacker copied ransomware into the network shares for the accounting department allowing it spread through the network and encrypt accounting files

Critical accounting files were backed up and were recovered, but some incidental department and personal files were lost

Instructions:

You have been hired by No-Internal-Controls, LLC in the newly created role of CISO and have been asked to place priority on mitigating further attacks of this type.

Suggest at least two policies that would help mitigate against attacks similar to this attack

Suggest at least two controls to support each policy (so a minimum of 4 controls)

Identify each of the controls as either physical, administrative, or technical and either preventative, detective, or corrective (so one control might be a physical, preventive control)

Keep in mind that No-Internal-Controls, LLC is a mid-sized company with a small IT staff and limited budget

Do not attempt to write full policies, simply summarize each policy you suggest in one or two sentences.  

Clearly indicate how each policy you suggest will help mitigate similar attacks and how each control will support the associated policy

All policies will be uploaded to SafeAssign, so ensure your papers are original!  As an indicator of length, this would probably be one or two pages in length.

 

"Looking for a Similar Assignment? Order now and Get 10% Discount! Use Code "GET10" in your order"

Finding a recent article about Cyber security threats on the News. It has to be no older than 2 months and about Cyber security threats. I’ll submit a file that has the requirements in how the report should be done. You will have to erase the red color sentences and write beside the black color. Make sure that the article is not older than 2 months and has a correct source information, so I can find and print out. It is only one page long. 

 

"Looking for a Similar Assignment? Order now and Get 10% Discount! Use Code "GET10" in your order"

Joan is currently being considered for an internal promotion with her organization as a Staff Development Trainer. She is very excited about the opportunity. This is a highly competitive position that Joan has been pursuing for years .She has been invited for her second round of interviews and has been informed that she will need to complete a 10 minute oral presentation on any topic of her choice. She has been advised that the presentation will be held in front of the human resources team.

Task: Prepare a 10 minute presentation on any topic (something interesting yet appropriate for the audience).  Be sure to stand out from the other candidates.

Using PowerPoint or similar program create a visual aid to use for the presentation. As well as a full outline for the presenter.

Structure your presentation: The first slide should give an overview of the contents of your presentation. Your introductory slide following this could contain a “grabber” i.e. – an interesting fact, quote or statistic relating to your presentation topic which will make the interviewer sit up and take notice. Each slide following that should provide a headline of what that slide is about, then either a great visual or a few succinct bullet points which you are able to talk around and provide further detail on. Conclude your presentation with a provocative or memorable statement/quote that is intrinsically related to your presentation and vision.

Be sure that the presentation does not exceed 10 minutes. Remember to keep the audience engaged. 

 

"Looking for a Similar Assignment? Order now and Get 10% Discount! Use Code "GET10" in your order"