1
Discussion1
It was only June 29th, 2007 when the first iPhone came out, but it feels like we have been living with these devices and their apps for much longer. Smartphones have created a new way of living. We are always connected, have instant access to information, instant directions to any location, and much more. The mobile experience is now expected, and enterprises have to adapt and provide these experiences to their customers, employees, and partners.
· How has mobile application development impacted the use of tablets and smartphones? Explain
· Why is understanding mobile application users important to mobile app development?
· Why are mobile apps an expected part of enterprise development and marketing?
To participate in the Discussion, respond to the Discussion prompt by Day 3. Then, read a selection of your colleagues’ postings. Finally, respond to at least two classmates by Day 5 in one or more of the following ways:
· Complete the Week #4 Discussion by the assigned due date. Late assignments will not be accepted.
· This is not a graded assignment.
· You must apply and use the basic citation styles of APA.
· Do not claim credit for the words, ideas, and concepts of others.
· Use in-text citation and list the reference of your supporting source following APA’s style and formatting
· Do not copy and paste information or concepts from the Internet and claim that is your work. It will be considered Plagiarism and you will receive a zero for your work.
· Use this link to access the Discussion Board
· This activity is not graded
Discussion 2
A fundamental component of internal control is the separation of duties for high-risk transactions. The underlying separation of duties concept is that no individual should be able to execute a high-risk transaction, conceal errors, or commit fraud in the normal course of their duties.
You can apply separation of duties at either a transactional or an organizational level. For example, payroll has access to employee financial records, but only payroll managers can approve raises.
Answer the following question(s):
1. How do you define a high-risk transaction?
2. If you were a security professional in a company, what are four roles (two sets of two related roles) you would separate and why? Provide examples not mentioned in the description for this discussion.
LAB QUESTION
1. Using your favorite search engine, locate and read the following scholarly, peer-reviewed research article referencing separation of duties policies.
Lu, J., Li, R., Lu, Z., & Jin, Y. (2009, December 31). Dynamic Enforcement of Separation-of-Duty Policies. Paper presented at the International Conference on Multimedia Information Networking and Security. http://dx.doi.org/10.1109/MINES.2009.102
Write a brief summary of the article. In your summary, focus on the need for a Separation of Duties policy and its key elements.
2. Review the following scenario for the fictional Bankwise Credit Union:
· The organization is a local credit union that has multiple branches and locations throughout the region.
· Online banking and use of the internet are the bank’s strengths, given its limited human resources.
· The customer service department is the organization’s most critical business function.
· The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.
· The organization wants to monitor and control use of the Internet by implementing content filtering.
· The organization wants to eliminate personal use of organization-owned IT assets and systems.
· The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls.
· The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training.
· The organization wants to define a policy framework, including a security management policy defining the separation of duties for information systems security.
Create a security management policy with defined separation of duties for the Bankwise Credit Union.
A. Policy Statement
(Define your policy verbiage.)
B. Purpose/Objectives
(Define the policy’s purpose as well as its objectives.)
C. Scope
(Define whom this policy covers and its scope. What elements, IT assets, or organization-owned assets are within this policy’s scope?)
D. Standards
(Does the policy statement point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards.)
E. Procedures
(Explain how you intend to implement this policy for the entire organization.)
F. Guidelines
(Explain any roadblocks or implementation issues that you must overcome in this section and how you will surmount them per defined guidelines. Any disputes or gaps in the definition and separation of duties responsibility may need to be addressed in this section.)
3. Locate and read the following research article:
Ballesteros, S., Pan, L., Batten, L., & Li, G. (2015). Segregation-of-Duties Conflicts in the Insider Threat Landscape: An Overview and Case Study. Paper presented at the Second International Conference on Education Reform and Modern Management. https://doi.org/10.2991/ermm-15.2015.96
Discuss how a separation of duties policy would help to resolve the issues at Bankwise Credit Union, as discussed in this case study. Assume your audience is the CEO and Board of Bankwise Credit Union.
1
D
iscussion1
It
was
only
June
29th,
2007
when
the
first
iPhone
came
out,
but
it
feels
like
we
have
been
living
with
these
devices
and
their
apps
for
much
longer.
Smartphones
have
created
a
new
way
of
living.
We
are
always
connected,
have
instant
access
to
information,
instant
directions
to
any
location,
and
much
more.
The
mobile
experience
is
now
expected,
and
enterprises
have
to
adapt
and
provide
these
experiences
to
their
customers,
employees,
and
partners.
·
How
has
mobile
application
development
impacted
the
use
of
tablets
and
smartphones?
Explain
·
Why
is
understanding
mobile
application
users
important
to
mobile
app
development?
·
Why
are
mobile
apps
an
expected
part
of
enterprise
development
and
marketing?
To
participate
in
the
Discussion,
respond
to
the
Discussion
prompt
by
Day
3.
Then,
read
a
selection
of
your
colleagues’
postings.
Finally,
respond
to
at
least
two
classmates
by
Day
5
in
one
or
more
of
the
following
ways:
·
Complete
the
Week
#4
Discussion
by
the
assigned
due
date.
Late
assignments
will
not
be
accepted.
·
This
is
not
a
graded
assignment.
·
You
must
apply
and
use
the
basic
citation
styles
of
APA.
·
Do
not
claim
credit
for
the
words,
ideas,
and
concepts
of
others.
·
Use
in-text
citation
and
list
the
reference
of
your
supporting
source
following
APA
’
s
style
and
formatting
·
Do
not
copy
and
paste
information
or
concepts
from
the
Internet
and
claim
that
is
your
work.
It
will
be
considered
Plagiarism
and
you
will
receive
a
zero
for
your
work.
·
Use
this
link
to
access
the
Discussion
Board
·
This
activity
is
not
graded
Discussion
2
A
fundamental
component
of
internal
control
is
the
separation
of
duties
for
high-risk
transactions.
The
underlying
separation
of
duties
concept
is
that
no
individual
should
be
able
to
execute
a
high-risk
transaction,
conceal
errors,
or
commit
fraud
in
the
normal
course
of
their
duties.
