Making IT Governance

Discussion: Due 08/05

Prior to beginning work on this discussion, please read the Making IT Governance Work (Links to an external site.) article and review the Data Breach Investigation Report (Links to an external site.) by Verizon Enterprise.

Use your favorite search engine and search for “world’s greatest data breaches and hacks.” Scan through the hits until you find visual diagrams or a text-based list of major data breaches that have occurred recently. (Major data breaches are defined as those in excess of 30,000 records.) Select and carefully review at least two of these data breaches. Briefly describe the two data breaches you selected. Explain in layman’s terms how you think these breaches occurred. Discuss whether or not you agree with Verizon’s assertion that over 80% of breaches are caused by human error. Describe how appropriate governance frameworks might have prevented these data breaches from occurring. Support your statements with evidence from your sources.

Your post should be at least 200 words.

Final Project: Due 08/09

For this assignment you will take on the role of a compliance consultant who has been hired to create a plan that will assist an institution in meeting its professional or governmental compliance standards.

This compliance plan will be based on the scenario you chose and researched in Week 2 download. Include the following information in your compliance plan.

  • Carefully review the standards for the option you chose. Identify the specific compliance requirements within the standards, and briefly discuss the business reasons for implementing the standards chosen.
  • Explain the type of network design that would best meet the standards identified. Revise your network diagram from Week 2, using Visio within your lab environment. This diagram must be copied into your plan document as an image. (The Visio diagram may be included in your assignment by means of a screenshot pasted into your document prior to submission. Assistance with capturing a screenshot of your Visio may be found at Take-a-screenshot.org (Links to an external site.).) Describe how you would recommend segmenting the network in order to best meet compliance standards, providing a rationale for your suggestions and supporting your statements with your research.
  • Examine the firewall types necessary to ensure the security of the individual network segments within your institutional setting. Create a plan for the implementation of firewalls within each partition of the network.
  • Analyze the potential uses of intrusion detection systems (IDSs) within each network partition and recommend the placement of IDS within the partitions based on the standards for your institution. Evaluate the controls needed for maintaining your recommended IDS infrastructure and create a brief plan that outlines your recommendations for this maintenance. Provide a rationale for your suggestions supporting your statements with your research.
  • Classify the types of data included in your chosen scenario and evaluate the IT governance methodologies that apply to the classified data types. Explain which IT governance methodology would need to be implemented within each partition of the network in order to meet compliance standards.

The Compliance Plan