IFSM 201 University of Maryland Risk Assessment Summary Professional Memorandum

User Generated

xmnl87

Other

IFSM 201

University of Maryland Global Campus

IFSM

Description

Unformatted Attachment Preview

IFSM 201 Professional Memo Before you begin this assignment, be sure you have read the Small Merchant Guide to Safe Payments documentation from the Payment Card Industry Data Security Standards (PCI DSS) organization. PCI Data Security Standards are established to protect payment account data throughout the payment lifecycle, and to protect individuals and entities from the criminals who attempt to steal sensitive data. The PCI Data Security Standard (PCI DSS) applies to all entities that store, process, and/or transmit cardholder data, including merchants, service providers, and financial institutions. Purpose of this Assignment You work as an Information Technology Consultant for the Greater Washington Risk Associates (GWRA) and have been asked to write a professional memo to one of your clients as a follow-up to their recent risk assessment (RA). GWRA specializes in enterprise risk management for state agencies and municipalities. The county of Anne Arundel, Maryland (the client) hired GWRA to conduct a risk assessment of Odenton, Maryland (a community within the Anne Arundel County), with a focus on business operations within the municipality. This assignment specifically addresses the following course outcome to enable you to: • Identify ethical, security, and privacy considerations in conducting data and information analysis and selecting and using information technology. Assignment Your supervisor has asked that the memo focus on Odenton’s information systems, and specifically, securing the processes for payments of services. Currently, the Odenton Township offices accept cash or credit card payment for the services of sanitation (sewer and refuse), water, and property taxes. Residents can pay either in-person at township offices or over the phone with a major credit card (American Express, Discover, MasterCard and Visa). Over the phone payment involves with speaking to an employee and giving the credit card information. Once payment is received, the Accounting Department is responsible for manually entering it into the township database system and making daily deposits to the bank. The purpose of the professional memo is to identify a minimum of three current controls (e.g., tools, practices, policies) in Odenton Township (either a control specific to Odenton Township or a control provided by Anne Arundel county) that can be considered best practices in safe payment/data protection. Furthermore, beyond what measures are currently in place, you should highlight the need to focus on insider threats and provide a minimum of three additional recommendations. Below are the findings from the Risk Assessment: • The IT department for Anne Arundel County requires strong passwords for users to access and use information systems. Professional Memo 1 • • • • • The IT department for Anne Arundel County is meticulous about keeping payment terminal software, operating systems and other software (including anti-virus software) updated. Assessment of protection from remote access and breaches to the Anne Arundel network: Odenton Township accesses the database system for the County when updating resident’s accounts for services. It is not clear whether a secure remote connection (VPN) is standard policy. Assessment of physical security at the Odenton Township hall: the only current form of physical security are locks on the two outer doors; however, the facility is unlocked Monday-Friday, 8am-5pm (EST), excluding federal holidays. Employee awareness training on data security and secure practices for handling sensitive data (e.g., credit card information) are not in place. The overarching conclusion of the risk assessment was that Odenton Township is not fully compliant with the PCI Data Security Standards (v3.2). Note: The Chief Executive for Anne Arundel County has asked for specific attention be paid to insider threats, citing a recent article about an administrator from San Francisco (see Resources). Anne Arundel County wants to understand insider threats and ways to mitigate so that they protect their resident’s personal data as well as the County’s sensitive information. These are threats to information systems, including malware and insider threats (negligent or inadvertent users, criminal or malicious insiders, and user credential theft). Expectations and Format Using the resources listed below, you are to write a 2-page Professional Informational Memo to the Chief Executive for Anne Arundel County that addresses the following: • • • • Risk Assessment Summary: Provide an overview of your concerns from the risk assessment report. Include broad ‘goal’ of the memo, as a result of the risk assessment, the broad recommendations. Specific Action Steps will come later. The summary should be no more than one paragraph. Background: Provide a background for your concerns. Briefly highlight why the concerns are critical to the County of Anne Arundel and Odenton Township. Clearly state the importance of data security and insider threats when dealing with personal credit cards. Be sure to establish the magnitude of the problem of insider threats. Concerns, Standards, Best Practices: The body of the memo needs to justify your concerns and clarify standards, based on the resources listed below, at minimum. The PCI DSS standards are well respected and used globally to protect entities and individual’s sensitive data. The body of the memo should also highlight three current controls that are considered best practice; that is, you should highlight the positive, what is currently in place, based on the risk assessment. Action Steps: Provide a conclusion establishing why it is important for Anne Arundel County to take steps to protect residents and county infrastructure from insider threats based on your concerns. Recommend a minimum of three (3) practical action steps, including new security controls, best practices and/or user policies that will mitigate the concerns in this memo. Be sure to include cost considerations so that the County is Professional Memo 2 • • getting the biggest bang for the buck. The expectations are not for you to research and quote actual costs, but to generalize potential costs. For instance, under the category of physical security, door locks are typically less expensive than CCTV cameras. Be sure to review the PowerPoint presentation (in pdf format) Effective Professional Memo Writing that accompanies these instructions. Use the Professional Memo template that accompanies these instructions. o Use four section subtitles, in bold. ▪ Risk Assessment Summary ▪ Background ▪ Concerns, Standards, Best Practices ▪ Action Steps o Do not change the font size or type or page margins. o Do not include any graphics, images or ‘snips’ of any content from copyrighted sources. The PCI Standards (PCI DSS) document is copyrighted material. o Paragraph text should be single spaced with ONE ‘hard return’ (Enter) after each paragraph and after each section subtitle. Note: Do not create a new ‘paragraph’ after each sentence. A single sentence is not a paragraph. o ‘Subject’ is the subject of your memo, not the course name or number. o Be sure to remove any remaining ‘placeholder’ text in the template file before submitting. o The length of the template when you download it is NOT the intended length of the entire memo. Your completed memo should be between 1.5 pages and 2 pages (total document, including the To:/From:/Re:/Subject header). *Note: the Professional Memo is to be in a MS Word file and all work is to be in the student’s own words (no direct quotes from external sources or the instructions) * APA documentation requirements: • • • As this is a professional memo, as long as you use resources provided with or linked from these instructions, APA documentation is NOT required. Citing material or resources beyond what is provided here is NOT required. However, you should use basic attribution and mention the source of any data, ideas or policies that you mention, which will help establish the credibility and authority of the memo. o For example, mentioning that the Payment Card Industry Data Security Standards (PCI DSS) identify a certain control as best practice holds more weight than simply stating the control is a best practice without basic attribution. o Mentioning that Wired Magazine reported that a City of San Francisco IT technician effectively hijacked and locked 60% of the city’s network capacity, is more effective than saying “I read somewhere that…” Professional Memo 3 Resources 1. Examples of Security Breaches Due to Insider Threats San Francisco Admin Charged With Hijacking City's Network Microsoft database leaked because of employee negligence General Electric employees stole trade secrets to gain a business advantage Former Cisco employee purposely damaged cloud infrastructure Twitter users scammed because of phished employees 2. PCI DSS Goals: (source: https://www.pcisecuritystandards.org/merchants/process) Professional Memo 4 3. References FBI. (2021). The Insider Threat: An Introduction to Detecting and Deterring an Insider Spy. https://www.fbi.gov/file-repository/insider_threat_brochure.pdf/view PCI DSS. (2021, Feb. 12). Payment Card Industry Security Standards. https://www.pcisecuritystandards.org/ Jingguo Wang, Gupta, M., & Rao, H. R. (2015). Insider threats in a financial institution: Analysis of attack-proneness of information systems applications. MIS Quarterly, 39(1), 91-A7. https://search-ebscohostcom.ezproxy.umgc.edu/login.aspx?direct=true&db=bth&AN=100717560&site=ehostlive&scope=site Professor Messer. (2014). Authorization and access control [Video file]. YouTube. https://www.youtube.com/watch?v=6aXMuJPkuiU U.S. DHS. (2021). Insider Threat. https://www.dhs.gov/science-and-technology/cybersecurityinsider-threat Wizuda. (2017). Data anonymisation simplified [Video file]. YouTube. https://www.youtube.com/watch?v=m9UxV4XaXwg Yuan, S., & Wu, X. (2021). Deep learning for insider threat detection: Review, challenges and opportunities. Computers & Security. https://doiorg.ezproxy.umgc.edu/10.1016/j.cose.2021.102221 Keywords: risk assessment, insider threats, data security Submitting Your Assignment Submit your document via your Assignment Folder as Microsoft Word document, or a document that can be ready using MS Word, with your last name included in the filename. Use the Grading Rubric below to be sure you have covered all aspects of the assignment. Professional Memo 5 GRADING RUBRIC: Criteria Summary of Risk Assessment Background and Importance (to the Client) of Data Security and Insider Threats Concerns, Standards, Best Practices: Justify Concerns and Clarify Standards Concerns, Standards, Best Practices: Three current practices identified and justified as best practice Far Above Standards Above Standards Meets Standards Below Standards Well Below Standards Possible Points 15 Points 12.75 Points 10.5 Points 9 Points 0-8 Points 15 Summary is highly effective, thorough and professional. Summary is effective, thorough and professional. Summary is somewhat effective, thorough and professional. Summary is lacking. 10 Points 8.5 Points 7 Points 6 Points 0-5 Points Discussion of ba5ckground, data security and insider threats is highly effective, thorough, and professional. Discussion of background, data security and insider threats is effective, thorough, and professional. Discussion of background, data security and insider threats is lacking. Stated requirements for this section are severely lacking or absent. 15 Points 12.75 Points Discussion of background, data security and insider threats is somewhat effective, thorough, and professional. 10.5 Points 9 Points 0-8 Points Discussion of concerns and standards is highly effective, thorough, and professional. Discussion of concerns and standards is effective, thorough, and professional. Discussion of concerns or standards is lacking. Stated requirements for this section are severely lacking or absent. 15 Points 12.75 Points Discussion of concerns and standards is somewhat effective, thorough, and professional. 10.5 Points 9 Points 0-8 Points Three highly relevant current practices are offered and justified as best practices. Overall presentation is clear, concise, and professional. Section may be lacking in number of recommendations or relevancy or justification or overall presentation. Section is lacking in number of recommendations or relevancy or justification or overall presentation. Section is lacking in two or more of the following: number of recommendations or relevancy or justification or overall presentation. Stated requirements for this section are severely lacking or absent. Professional Memo Stated requirements for this section are severely lacking or absent. 10 15 15 6 Action Steps: Three recommendati ons minimum identified and justified including some discussion of cost considerations Basic Attribution (overall) Overall Format: APA documentatio n needed only if sources external to the assignment are introduced 20 Points 17 Points 14 Points 12 Points 0-11 Points Three highly relevant recommendations are offered and justified, with effective discussion of cost considerations. Overall presentation is clear, concise, and professional. 10 Points Section may be lacking in number of recommendations or relevancy or justification or a discussion of cost considerations or overall presentation. Section is lacking in number of recommendations or relevancy or justification or a discussion of cost considerations or overall presentation. Section is lacking in two or more of the following: number of recommendations or relevancy or justification or a discussion of cost considerations or overall presentation. Stated requirements for this section are severely lacking or absent. 8.5 Points 7 Points 6 Points 0-5 Points Overall use of basic attribution is highly effective in establishing credibility and authority. Overall use of basic attribution is effective in establishing credibility and authority. Overall use of basic attribution is partially effective in establishing credibility and authority. 15 Points 12.75 Points 10.5 Points Submission reflects effective organization and sophisticated writing; follows instructions provided; uses correct structure, grammar, and spelling; presented in a professional format; any references used are appropriately incorporated and cited using APA style. Submission reflects effective organization and clear writing; follows instructions provided; uses correct structure, grammar, and spelling; presented in a professional format; any references used are appropriately incorporated and cited using APA style. Submission is adequate, is somewhat organized, follows instructions provided; contains minimal grammar and/or spelling errors; and follows APA style for any references and citations. 10 Overall use of basic attribution is partially effective in establishing credibility and authority. Additional basic attribution may have been needed. 9 Points Overall use of basic attribution was minimally effective or not used. Submission is not well organized, and/or does not follow instructions provided; and/or contains grammar and/or spelling errors; and/or does not follow APA style for any references and citations. May demonstrate inadequate level of writing. Document is poorly written and does not convey the necessary information. 0-8 Points 15 100 TOTAL Points Possible Professional Memo 20 7 MEMORANDUM TO: CHIEF EXECUTIVE, ANNE ARUNDEL COUNTY FROM: YOUR NAME RE: ENTER SUBJECT DATE: ENTER DATE Risk Assessment Summary This is only placeholder text, be sure to read the Assignment Instructions for specific details about what should be included in this section and the sections that follow. To get started right away, just select any placeholder text (such as this) and start typing to replace it with your own. Be sure to remove any placeholder text before submitting your assignment. Do not change font size, type or page margins. Text should be single spaced, with one ‘hard return’ at the end of each paragraph which will add a blank line between paragraphs. There should also be one hard return after the subtitles. Background To get started right away, just select any placeholder text (such as this) and start typing to replace it with your own. Text should be single spaced, with one ‘hard return’ at the end of each paragraph which will add a blank line between paragraphs. There should also be one hard return after the subtitles. Concerns, Standards, Best Practices To get started right away, just select any placeholder text (such as this) and start typing to replace it with your own. Example of a second paragraph: Text should be single spaced, with one ‘hard return’ at the end of each paragraph which will add a blank line between paragraphs. There should also be one hard return after the subtitles. Action Steps To get started right away, just select any placeholder text (such as this) and start typing to replace it with your own. Text should be single spaced, with one ‘hard return’ at the end of each paragraph which will add a blank line between paragraphs. There should also be one hard return after the subtitles. Effective Professional Writing: The Memo IFSM 201 Adapted from a presentation by Xavier de Souza Briggs, Department of Urban Studies and Planning, MIT Licensing Information This work “Effective Professional Writing: The Memo”, a derivative of Effective Professional Writing: The Memo, by the Massachusetts Institute of Technology, is licensed under a Creative Commons AttributionNonCommercial-ShareAlike 4.0 International License. “Effective Professional Writing: The Memo” by UMGC is licensed under a Creative Commons Attribution-NonCommercialShareAlike 4.0 International License. “To do our work, we all have to read a mass of papers. Nearly all of them are far too long. This wastes time, while energy has to be spent in looking for the essential points. I ask my colleagues and their staffs to see to it that their Reports are shorter.” - WINSTON CHURCHILL, AUGUST 9, 1940 - SOURCE (A ONE PAGE READ): CHURCHILL’S “BREVIT Y” MEMO Writing Memos The context of professional writing Why write memos? How to write them? How to make them better? 3 The Context The workplace or field: ◦ Time is precious. ◦ Information has substantive as well as political implications. The decision-maker as reader: ◦ Busy and distracted (attention “spread thin”), not necessarily patient while you get to the point. ◦ Info needs are varied, unpredictable, fluid. ◦ Decision-maker sometimes offers vague instructions. 4 Academic vs. professional writing Differences (when writing concisely) ◦ The academic reader often demands nuance and relevance to established lines of thinking, while the professional reader wants the “so what’s” for their decision making emphasized (relevance to their actions). ◦ An academic assignment assumes a small and benevolent audience, but professional documents can be “leaked,” end up in the hands of unintended readers. Similarities ◦ Strong essays and strong memos both start with your main ideas, but essays usually build toward conclusion and synthesis. The memo’s conclusions are usually right up top. ◦ In both, persuasive argument = clear viewpoint + evidence ◦ In both, addressing counter-arguments tends to strengthen your case. 5 Top mistakes in memos Content: ◦ off point or off task (major substantive omissions, given the request); ◦ impolitic (risks political costs if leaked); ◦ inappropriate assumptions as to background knowledge; ◦ no evidence. Organization: ◦ important info “buried,” ◦ no summary up top, format confusing, not “skim-able.” ◦ Sentences long and dense, ◦ headings an after-thought. Style: ◦ language too academic, too “preachy,” or too casual; ◦ sentences long and/or dense. 6 Why write memos? Professional communication ◦ Efficient ◦ Persuasive ◦ Focused Two types of memos: ◦ Informational (provide analytic background) ◦ Decision or “action” (analyze issues and also recommend actions) 7 Consider Your Message in Context Audience Purpose Message 8 Use a Clear Structure Summary: ◦ Summarize the entire memo ◦ Highlight major points to consider Background: ◦ State the context Body: ◦ Prove it, analyze it, address counter arguments (if any) Conclusion: ◦ Outline Next Steps or Next Questions 9 Action Memos: Recommend Decisions Summary: ◦ Summarize the entire memo, clearly, but more importantly, concisely ◦ State the broad recommendation(s) ◦ If the decision-maker reads only this section/paragraph, will he/she know what the situation is/recommendation(s) is/are (without necessarily knowing specific action steps) Background: ◦ Provide the context Body: ◦ Prove it/Analyze it, perhaps with pros/cons by option (if there are multiple options) Conclusion: ◦ Outline next steps, don’t merely restate recommendation(s) 10 Tip: Construct a Clear, Concise, Coherent Argument In your opening summary, you may use more than one sentence to describe overall goals or recommendations, however, as an exercise it typically helps to try to state your argument in one sentence. Expand on the sentence as needed as your construct your opening summary. Examples: ◦ In order to recreate the organization’s image and reorganize our internal structure in the next 6 months, we should focus on X, Y and Z. ◦ While the company is in compliance with State of California Privacy laws with respect to X, Y and Z, there are two areas that still need to be addressed to reach our goal of 100% compliance: A and B. 11
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.

Course preparation.
The course suites students who wish to develop a reasonable and compatible framework for
comprehending risk assessments.
Goals of the course.
The main objective of this paper is to help students develop a logical understanding of issues related
to risk assessment.
Learning outcomes.
On completion of the paper, students are expected to:
1.) Understand security threats and concerns concerning information and payment methods.
2.) Identify the causes of security threats about work ethics, security and privacy of customers
information.
3.) Understand the roles of system administrators in inspiring security of the company.
4.) Comprehend the downfalls of credit payment methods.
5.) Be able to create cyber awareness of any organization.


1

Professional Memo

Student’s Name
Professor
Institutional Affiliation
Course
Date

2

Professional Memo
TO: CHIEF EXECUTIVE, ANNE ARUNDEL COUNTY
FROM:
RE:
Date
Risk Assessment Summary
Odenton Town accepts credit cards and cash payment...


Anonymous
Really helpful material, saved me a great deal of time.

Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Similar Content

Related Tags