ASSIGNMENT ACTIVITY 2 8 Assignment Audit Plan OVERVIEWRUBRICCOMPLETIONFEEDBACK Activity Objectives After satisfactory completion of this activity, you should be able to Evaluate the audit plan process Create appropriate audit interview questions Develop an audit plan Assignment We will use a case study from previous courses that will allow you to demonstrate what you have learned this week As this case study will be familiar, be sure that you re read the details then see the assignment details and questions at the bottom of this assignment Company Case Study SnowBe Online SnowBe Online is a lifestyle brand for those who love the beach and snow The owners started the company with a laid back culture Their customers instantly connected with their brand taking them to $100 million in sales in three years After being so successful, the management team decided to take the company public Technical Information 1 The majority of their sales are processed online through their website, which is housed on the AWS platform 1 All credit cards are accepted and stored on the company's website 2 All customer information and purchase history are stored on the website indefinitely 2 They have multiple storefronts in the U S and Europe, all of which accept checks, cash, or credit cards The credit card transactions are processed using bank provided credit card terminals in each store 3 There are twenty desktops and thirty laptops in the main office in Los Angeles 1 The desktops are used to run the business and customer support 2 The thirty laptops are used for sales (retail and wholesale) The laptops use a VPN to log into the office to access company applications 4 There are six servers (on premise and on AWS) for access management, storage, customer relations management, order management, accounting, and vendor applications 5 As a result of SnowBe's laid back culture, they neglected to implement technical controls and processes They recently hired a technical consultant to assist with getting their neglected system and processes under control The consultant started with implementing controls using the NIST 800 53 framework 6 Due to SnowBe's laid back culture, the technical consultant was impressed to find a well run company with no reported technical issues or breaches Although, there had been a few attempts that did not cause any harm or alerts to worry anyone The technical consultant analyzed the risk of the company using the NIST Risk Management Framework Here are some initial steps he suggested 1 update the firmware of all network devices 2 update the patches for all PCs and Windows servers so they are on the latest Windows version 3 update their Anti Virus and backup software 4 implement more processes into the access management system since most employees had access to almost all data on each server 5 lock the servers in a secured area of the office 6 update the companies WordPress shopping cart Information added for week 2 The average sale size is $75 Credit or debit purchases account for ninety percent of the sales, which equates to 1,200,000 transactions a year Instructions Utilizing the information this week, your group will prepare for a PCI DSS audit interview and create a PCI DSS audit plan for SnowBe Copy Paste the question and then begin the answer on the line below it Please answer each question or section of a question separately (Please see Rubric for clarification ) Elaborate on your answers to demonstrate your depth of knowledge for this week's topics Remember, since this is a group assignment, great detail will be expected Additional resources have been provided to assist with this process Create a Word Document with the answers to the questions below 1 Document the steps you will take to design a generic audit plan (HINT Think Procedure) 2 How would you conduct an interview as you prepare for a PCI DSS audit for the fictitious company What questions would you ask (HINT Remember that audits make people nervous Audits cover the entire company, not just one level ) 3 Based on the steps from question 1, design a PCI DSS audit plan for the fictitious company Be thorough in your explanation

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Apr 15, 2024

ASSIGNMENT ACTIVITY 2.8 Assignment: Audit Plan OVERVIEWRUBRICCOMPLETIONFEEDBACK Activity Objectives After satisfactory completion of this activity, you should be able to: Evaluate the

ASSIGNMENT

ACTIVITY

2.8 Assignment: Audit Plan

OVERVIEWRUBRICCOMPLETIONFEEDBACK

Activity Objectives

After satisfactory completion of this activity, you should be able to:

Evaluate the audit plan process.
Create appropriate audit interview questions.
Develop an audit plan.

Assignment

We will use a case study from previous courses that will allow you to demonstrate what you have learned this week. As this case study will be familiar, be sure that you re-read the details then see the assignment details and questions at the bottom of this assignment.

Company Case Study: SnowBe Online

SnowBe Online is a lifestyle brand for those who love the beach and snow. The owners started the company with a laid-back culture. Their customers instantly connected with their brand taking them to $100 million in sales in three years. After being so successful, the management team decided to take the company public.

Technical Information:

1- The majority of their sales are processed online through their website, which is housed on the AWS platform.
2. 1- All credit cards are accepted and stored on the company's website.
4. 2- All customer information and purchase history are stored on the website indefinitely.
2- They have multiple storefronts in the U.S. and Europe, all of which accept checks, cash, or credit cards. The credit card transactions are processed using bank-provided credit card terminals in each store.
3- There are twenty desktops and thirty laptops in the main office in Los Angeles.
2. 1- The desktops are used to run the business and customer support.
4. 2- The thirty laptops are used for sales (retail and wholesale). The laptops use a VPN to log into the office to access company applications.
4- There are six servers (on-premise and on AWS) for access management, storage, customer relations management, order management, accounting, and vendor applications.
5- As a result of SnowBe's laid-back culture, they neglected to implement technical controls and processes. They recently hired a technical consultant to assist with getting their neglected system and processes under control. The consultant started with implementing controls using the NIST 800-53 framework.
6- Due to SnowBe's laid-back culture, the technical consultant was impressed to find a well-run company with no reported technical issues or breaches. Although, there had been a few attempts that did not cause any harm or alerts to worry anyone. The technical consultant analyzed the risk of the company using the NIST Risk Management Framework. Here are some initial steps he suggested:
2. 1- update the firmware of all network devices.
4. 2- update the patches for all PCs and Windows servers so they are on the latest Windows version.
6. 3- update their Anti-Virus and backup software.
8. 4- implement more processes into the access management system since most employees had access to almost all data on each server.
10. 5- lock the servers in a secured area of the office.
12. 6- update the companies WordPress shopping cart.

Information added for week 2:

The average sale size is $75.

Credit or debit purchases account for ninety percent of the sales, which equates to 1,200,000 transactions a year.

Instructions

Utilizing the information this week, your group will prepare for a PCI DSS audit interview and create a PCI DSS audit plan for SnowBe.

Copy/Paste the question and then begin the answer on the line below it.
Please answer each question or section of a question separately. (Please see Rubric for clarification.)
Elaborate on your answers to demonstrate your depth of knowledge for this week's topics. Remember, since this is a group assignment, great detail will be expected.
Additional resources have been provided to assist with this process.

Create a Word Document with the answers to the questions below:

1- Document the steps you will take to design a generic audit plan. (HINT: Think Procedure)
2- How would you conduct an interview as you prepare for a PCI DSS audit for the fictitious company? What questions would you ask? (HINT: Remember that audits make people nervous. Audits cover the entire company, not just one level.)
3- Based on the steps from question 1, design a PCI DSS audit plan for the fictitious company. Be thorough in your explanation.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

Steps to Design a Generic Audit Plan To design a generic audit plan for SnowBe Online well follow these steps a Preaudit Preparation This involves gathering relevant information about SnowBe Onlines b... blur-text-image