Controls: The Case of iPremier ä»£å†™ ACC/ACF 2400
Edward TelloChief Examiner ACC ACF 2400 s2 2017 1ACC/ACF 2400Assignment 2Cybercrime and Information SystemsControls: The Case of iPremierSemester 2, 2017Overview of the Assignment TaskA lot of experts argue that cybersecurity is a must for businesses. In fact, data loss andbreaches can cost businesses plenty in terms of lost productivity, lost revenue, damage to thebrand, and expensive recovery efforts. Problems inherent to computer security will likelypersist so security issues are increasingly relevant to general managers, whether they like itor not.iPremier is a successful high-end web-based retailer. This company was shut down by aDistributed Denial of Service (DDoS) attack in 2009. The case presents a series of events before,during, and after the cyberattack (few minutes after it ended). Although the case does notdescribe actual events and iPremier is not a real company, everything that happens in the casehas happened to real companies.You are required to write a report about cybercrime and information systems controls. Yourreport should be guided by the specific questions documented in the section below titledâ€˜Requirements for the Report.â€™
Controls: The Case of iPremier ä»£å†™ ACC/ACF 2400Information available to your teamDetails of the business case can be accessed here:https://cb.hbsp.harvard.edu/cbmp/pl/65679173/65812602/ce74e24db3a61b856949919bbf23c311Please note, hard copies of the case can be printed for use, one copy per the assignmentteam member. Ensure the copyright statement is not removed when printing material.Learning objectives and outcomes expected to be achieved by this assignmentThis business case is aimed to illustrate a number of critical points about cybersecurity,internal controls and the COBIT framework. Specific objectives addressed by this assignmentinclude:Edward TelloChief Examiner ACC ACF 2400 s2 2017 2Objective 1: Examine the role of business processes and the use of accounting informationsystems in capturing and managing information that support the needs ofstakeholders.Objective 2: Analyse and evaluate the design of business processes and accountinginformation systems.Objective 3: Explain the importance of internal controls and recommend internal controlsthat cover key business processes and support the achievement of goals.Objective 4: Apply critical thinking, problem solving and communication skills to analyse,evaluate and interpret business processes and the accounting data that isgenerated.General Requirements1. The report should not exceed 2500 words (EXCLUDING introduction, conclusion,reference list, table of contents, and appendix) (alternative word count applies togroups with less than 4 members â€“ discuss with your tutor). It should be written usinga word processing software such as Microsoft Word. Please use Times New Roman anda 12 point font.2. The report should have appropriate headings and subheadings and include anINTRODUCTION and CONCLUSION.3. The report must include at least 10 references out of which at least 3 of them must bepeer-reviewed journal articles (EXCLUDING the textbook â€“ Romney et al. (2013)).4. You must follow Harvard system for citation and referencing (see:http://guides.lib.monash.edu/citing-referencing/harvard).5. Review the resources on the Student Q Manual for report writing skills includinginformation on plagiarism (http://business.monash.edu/students/study-resources/related/components/qmanual.pdf).6. In terms of the report, each group is responsible for assessing its level of plagiarism.Although you can submit the report to Turnitin as many times as you like before thedue date, ONLY the final submission will count to Turnitin. Remember that you needto wait at least 24 hours to try a new submission. This report is marked as a group.7. Review the marking rubric so that you understand how you will receive feedback.Submission Date/Time & ProcedureSubmission Date/Time: Sunday 15 October, 11:55pm (Week 11), penalties apply for latesubmission)Only one team member needs to submit the Report (this document is to be submitted toTurnitin and Assignment Submission Dropbox in Moodle)Only one team member needs to submit the video link (in the same AssignmentSubmission Dropbox as the aforementioned parts of the assignment)Each team member needs to complete a CATME Peer Evaluation (details about thissoftware and instructions on how to complete will be communicated shortly).Edward TelloChief Examiner ACC ACF 2400 s2 2017 3MarksThis assignment is a team assignment and is worth 20% of the total mark for this unit. Marksfor individual contributions to the team effort will be allocated using the CATME Team Self-Assessment tool (the information about software for conducting self-assessment as well asthe detailed instructions about the software will be communicated shortly).Mark breakdown per taskTask MarksA (report) 15B (oral presentation /video)5Total 20Submission format for different sections of the assignmentâ€¢ Submission format of the Report: .doc, .docx, or .pdf fileâ€¢ Online submission of the CATME Peer Evaluation Completion (team memberassessment document): to be announced shortlyâ€¢ Submission on a Word Document in which you provide the link to the video posted onYouTube: .doc, .docxA. Requirements for the ReportAfter reading the iPremier case study, you need to write a report that will cover the issues ofCybercrime and Information Systems Controls. The report should answer the followingquestions:1a. Based on the information provided, critically evaluate the role of iPremiermanagement in relation to information security [Hint: In your evaluation, usetwo (2) activities of Table 14.1 Romney et al. (2013 p. 423) which are related toCOBIT security control objective DS 5.1].1b. Do you think that security was a priority for iPremier management? Justify yourposition.2a. Did the risk reduction measures put in place by iPremier work appropriatelyduring the cyberattack? [Hint: Explain three (3) measures adopted and alsowhether they failed or not].2b. Assume iPremier wishes to insource their data centre. Under this new scenario,recommend three (3) internal controls that iPremier should implement to eitherprevent, detect or correct future cyber-attacks [Hint: Classify each control aseither Preventive, Detective or Corrective, explain and justify its importance].Edward TelloChief Examiner ACC ACF 2400 s2 2017 43a. At some point during the crisis, Bob asks Joanne whether they have emergencyprocedures such as a Business Continuity Plan (BCP). Discuss three (3) benefitsand three (3) challenges of BCPs.3b. Would you recommend iPremier adopting a Business Continuity Plan (BCP) or aDisaster Recovery Plan (DRP)? Justify your recommendation.4. The iPremier case was written in 2009. Investigate two (2) major data breacheswithin organisations over the last 3 years (since 2015). Explain what happened,what the cause was, what internal controls were absent or failed, and what theimplications were.Report Structure and Presentation:â€¢ Title page that lists all the authors (Name, Surname, Student ID, tutorial times, andthe name of the tutor),â€¢ Table of contents,â€¢ Introductionâ€¢ Main body,â€¢ Conclusionâ€¢ Reference List (all references listed must be cited somewhere in the text),â€¢ Appendices (in case if any supplementary information needs to be reported).*Note: The report must be attractive but donâ€™t go overboard: content is moreimportant.** More information on the style of business reporting is available in the Q Manual(http://business.monash.edu/students/study-resources/related/components/qmanual.pdf).B. Requirements for oral presentation, video recording and submissionTask DescriptionStep 1: Prepareyour oralpresentationâ€¢ Prepare a 5 min video presentation (alternative times apply togroups with less than 4 members â€“ discuss with your tutor) in whichyou provide the main findings of your report. You might also wantto provide a brief background about the case, but this is notrequired (remember the video should run for a maximum of 5minutes).â€¢ Be creative! You decide how you want to present your findings. Forexample, some students might want to prepare some visual aidsEdward TelloChief Examiner ACC ACF 2400 s2 2017 5(e.g., PowerPoint / Keynote slides) to support their presentation[note: you do not have to submit separately the visual aids used inyour presentation]. Other students, however, might want to do arole-play video presentation.â€¢ All team members must appear on the video, but not everyone hasto speak in front of the camera for the same length of time. Again,you decide how you want to present the information required. Step 2: Recordyour oralpresentationâ€¢ There are a vast number of ways that you can logistically record yourselfdelivering an oral presentation. If you have experience in this area and/orwould like to develop this skill, feel free to develop your own method. Forthose of you who do not know where to start, the following videosdemonstrate a simple and free process you can follow:o Record your video â€“ PC versiono Record your video â€“ mac versionVideo editing is optional for this assignment. However, it is important tomake sure your presentation recording looks polished and professional(e.g., plan what you will say beforehand, do a test recording to get therecording volume right, and film in a well-lit location, etc.). Refer to the fulllist of quality guidelines in the â€˜Presentationâ€™ section below.Step 3: Uploadvideo toYouTubeâ€¢ Very carefully follow the instructions for how to Upload your video toYouTube and then provide a link to your video via the assessmentsubmission point (see below).â€¢ Be aware that depending on your internet connection and file size, uploadtimes can be significant. Please allow sufficient time before the due datefor your video to upload to YouTube.Make sure you select the â€˜Unlistedâ€™ privacy setting when you upload yourvideo to YouTube, as shown in the help guide above. If your video is left asâ€™Privateâ€™, your marker will be unable to access your submission and if thisis the case, you may receive a zero on this assessment. So please doublecheck this!Time LimitThere is a strict time limit of 5 minutes for this assessment (alternative times apply to groupswith less than 4 members â€“ discuss with your tutor). Any information you include after the 6minute mark will not be assessed. The length of the presentation will be taken as therecording length. So edit out any fumbling around at the beginning / end of the recording ifnecessary to ensure your recording length is below the limit.PresentationNote that this part of the assignment is assessing your ability to deliver an oral presentationsummarising a report, and NOT to create multimedia. So, do not be overly concerned aboutEdward TelloChief Examiner ACC ACF 2400 s2 2017 6your video recording and/or editing skills. However, we do need to be able to clearly see andhear your presentation. This means:â€¢ All team members must appear in the video (at least once). However, not everyone hasto speak in front of the camera for the same length of time. For example, if you do arole-play video presentation, each member will have a different role and, consequently,will not necessarily speak on camera the same length of time.â€¢ Film in a location that has appropriate lighting (no back lighting that casts your face intoshadow)â€¢ Film in a location with little to no background noise so your voice can be clearly heardâ€¢ Noise from recording equipment/computer should not interfere with the presentationâ€¢ Audio quality should be high and your microphone volume adjusted so your voice can beclearly heardâ€¢ If using slides, use an appropriate font size so any text on your slides is easily readable bya person watching the video of your presentation. In addition, they need to be fully inframe and clearly visible throughout the presentation.Essentially, we can only award marks for what we can perceive. So, you will lose marks ifelements of your presentation cannot be seen or heard in the recording that is submitted formarking. Do a short test recording before filming your actual presentation to ensure all ofthe above points are addressed. Then check the quality of the video again after it has beenuploaded to YouTube to ensure the quality is still appropriate.FormatAs per the instructions above, you will upload your video presentation file to YouTube andprovide the weblink to your video for marking in a Word document.Names, Student IDs, Tutorial Times, and Roles of all Group Members (if applicable) should bepresented on a slide for at least few seconds â€“either at the beginning or at the end of thevideo. For the sake of time, you do not have to voice (pronounce) this information.Make sure you acknowledge the source of all references, images, videos, etc., used in yourpresentation. For images and videos, report the weblink for the source at the point where itis presented. For scholarly sources, in text citations and a reference list should be supplied asper usual. The reference list should be displayed for at least a few seconds at the end of thevideo.C. Team Member Assessment DocumentThe team assessment involves scoring each team memberâ€™s meeting attendance,contribution to ideas and planning, timeliness, whether an equitable amount of work wasperformed, and contribution to the overall success of the project. All group members mustsubmit the CATME Peer Evaluation (penalties will be applied to those who fail to completeit). More details about this part of the assessment will be posted soon.Edward TelloChief Examiner ACC ACF 2400 s2 2017 7Assignment 2 â€“ Assessment CriteriaCriteria Description MarksearnedMarkspossibleStatement of management proceduresManagement and security â€¢ Comprehensive and insightful assessment of managementâ€™s role in relation to information security.â€¢ Fully developed and supported assertions.18 %Risk Measures andInternal Controlsâ€¢ Comprehensive identification of all risks.â€¢ Proposed internal controls to mitigate risks are of consistently high quality and well-justified.18 %Business ContinuityPlanningâ€¢ Outstanding supported analysis of benefits and challenges.â€¢ Skilful identification & use of AIS & business concepts.â€¢ Fully developed & supported assertions.18 %Data breaches â€“ cases â€¢ Breaches covered are pertinent and significant.â€¢ Cause, explanation, and implications are thoroughly presented and amalgamate research from variousacademic and credible sources.â€¢ Analysis demonstrates a particularly in-depth reflection.â€¢ Viewpoints and interpretations are insightful and well supported.18 %Presentation includingIntroduction andConclusionâ€¢ Students presented information in an outstanding, logical, interesting, and entertaining structure whichaudience can follow. Excellent presentation.â€¢ Introduces the topic in an insightful way.â€¢ Strong, definitive conclusion.14 %Clarity, expression andreferencingâ€¢ Little or no grammatical punctuation, spelling or capitalisation errors that do not impede meaning.â€¢ Expression is consistently clear and concise.â€¢ At least 10 sources using Harvard referencing style with few or no mistakes.â€¢ The overall presentation of the report document confirms to the standards reported in the Q Manual(https://business.monash.edu/students/study-resources/related/components/qmanual.pdf)14 %Total
Controls: The Case of iPremier ä»£å†™ ACC/ACF 2400100 %Edward TelloChief Examiner ACC ACF 2400 s2 2017 8Oral presentation / videoFocus and content â€¢ Main points are clear and well argued.â€¢ Brings closure with action statement.â€¢ All presenters are clearly identified.40 %Verbal style â€“ clarity â€¢ Speaks clearly and distinctly. No mispronounced words.â€¢ Language is appropriate to non-technical audience.20 %Visual style â€“ creativityand visual aidsâ€¢ Imaginative design with role-play scenarios or other creative approaches integrated into presentation.â€¢ Visual aids, such as on-screen captions and signs, well-chosen & presented.30 %Length / time â€¢ Presentation within allotted time.10 %Total100 %Controls: The Case of iPremier ä»£å†™ ACC/ACF 2400
The post Controls: The Case of iPremier ä»£å†™ ACC/ACF 2400 appeared first on The Writer.