Assume iPremier wishes to insource their data centre. Under this new scenario, recommend three (3) internal controls that iPremier should implement to either prevent, detect or correct future cyber-attacks

[Hint: Classify each control as either Preventive, Detective or Corrective, explain and justify its importance].

ACC/ACF 2400 Assignment 2 Cybercrime and Information Systems Controls: The Case of iPremier Semester 2, 2017 Overview of the Assignment Task A lot of experts argue that cybersecurity is a must for businesses. In fact, data loss and breaches can cost businesses plenty in terms of lost productivity, lost revenue, damage to the brand, and expensive recovery efforts. Problems inherent to computer security will likely persist so security issues are increasingly relevant to general managers, whether they like it or not. iPremier is a successful high-end web-based retailer. This company was shut down by a Distributed Denial of Service (DDoS) attack in 2009. The case presents a series of events before, during, and after the cyberattack (few minutes after it ended). Although the case does not describe actual events and iPremier is not a real company, everything that happens in the case has happened to real companies. You are required to write a report about cybercrime and information systems controls. Your report should be guided by the specific questions documented in the section below titled 'Requirements for the Report.' Information available to your team Details of the business case can be accessed here: https://cb.hbsp.harvard.edu/cbmp/pl/65679173/65812602/ce74e24db3a61b856 949919bbf23c311 Please note, hard copies of the case can be printed for use, one copy per the assignment team member. Ensure the copyright statement is not removed when printing material. Learning objectives and outcomes expected to be achieved by this assignment This business case is aimed to illustrate a number of critical points about cybersecurity, internal controls and the COBIT framework. Specific objectives addressed by this assignment include: Edward Tello Chief Examiner ACC ACF 2400 s2 2017 1 Objective 1: Examine the role of business processes and the use of accounting information systems in capturing and managing information that support the needs of stakeholders. Objective 2: Analyse and evaluate the design of business processes and accounting information systems. Objective 3: Explain the importance of internal controls and recommend internal controls that cover key business processes and support the achievement of goals. Objective 4: Apply critical thinking, problem solving and communication skills to analyse, evaluate and interpret business processes and the accounting data that is generated. General Requirements 1. The report should not exceed 2500 words (EXCLUDING introduction, conclusion, reference list, table of contents, and appendix) (alternative word count applies to groups with less than 4 members - discuss with your tutor). It should be written using a word processing software such as Microsoft Word. Please use Times New Roman and a 12 point font. 2. The report should have appropriate headings and subheadings and include an INTRODUCTION and CONCLUSION. 3. The report must include at least 10 references out of which at least 3 of them must be peer-reviewed journal articles (EXCLUDING the textbook - Romney et al. (2013)). 4. You must follow Harvard system for citation and referencing (see: http://guides.lib.monash.edu/citing-referencing/harvard). 5. Review the resources on the Student Q Manual for report writing skills including information on plagiarism (http://business.monash.edu/students/studyresources/related/components/qmanual.pdf). 6. In terms of the report, each group is responsible for assessing its level of plagiarism. Although you can submit the report to Turnitin as many times as you like before the due date, ONLY the final submission will count to Turnitin. Remember that you need to wait at least 24 hours to try a new submission. This report is marked as a group. 7. Review the marking rubric so that you understand how you will receive feedback. Submission Date/Time & Procedure Submission Date/Time: Sunday 15 October, 11:55pm (Week 11), penalties apply for late submission) Only one team member needs to submit the Report (this document is to be submitted to Turnitin and Assignment Submission Dropbox in Moodle) Only one team member needs to submit the video link (in the same Assignment Submission Dropbox as the aforementioned parts of the assignment) Each team member needs to complete a CATME Peer Evaluation (details about this software and instructions on how to complete will be communicated shortly). Edward Tello Chief Examiner ACC ACF 2400 s2 2017 2 Marks This assignment is a team assignment and is worth 20% of the total mark for this unit. Marks for individual contributions to the team effort will be allocated using the CATME Team SelfAssessment tool (the information about software for conducting self-assessment as well as the detailed instructions about the software will be communicated shortly). Mark breakdown per task Task Marks A (report) 15 B (oral presentation / video) 5 Total 20 Submission format for different sections of the assignment Submission format of the Report: .doc, .docx, or .pdf file Online submission of the CATME Peer Evaluation Completion (team member assessment document): to be announced shortly Submission on a Word Document in which you provide the link to the video posted on YouTube: .doc, .docx A. Requirements for the Report After reading the iPremier case study, you need to write a report that will cover the issues of Cybercrime and Information Systems Controls. The report should answer the following questions: 1a. Based on the information provided, critically evaluate the role of iPremier management in relation to information security [Hint: In your evaluation, use two (2) activities of Table 14.1 Romney et al. (2013 p. 423) which are related to COBIT security control objective DS 5.1]. 1b. Do you think that security was a priority for iPremier management? Justify your position. 2a. Did the risk reduction measures put in place by iPremier work appropriately during the cyberattack? [Hint: Explain three (3) measures adopted and also whether they failed or not]. 2b. Assume iPremier wishes to insource their data centre. Under this new scenario, recommend three (3) internal controls that iPremier should implement to either prevent, detect or correct future cyber-attacks [Hint: Classify each control as either Preventive, Detective or Corrective, explain and justify its importance]. Edward Tello Chief Examiner ACC ACF 2400 s2 2017 3 3a. At some point during the crisis, Bob asks Joanne whether they have emergency procedures such as a Business Continuity Plan (BCP). Discuss three (3) benefits and three (3) challenges of BCPs. 3b. Would you recommend iPremier adopting a Business Continuity Plan (BCP) or a Disaster Recovery Plan (DRP)? Justify your recommendation. 4. The iPremier case was written in 2009. Investigate two (2) major data breaches within organisations over the last 3 years (since 2015). Explain what happened, what the cause was, what internal controls were absent or failed, and what the implications were. Report Structure and Presentation: Title page that lists all the authors (Name, Surname, Student ID, tutorial times, and the name of the tutor), Table of contents, Introduction Main body, Conclusion Reference List (all references listed must be cited somewhere in the text), Appendices (in case if any supplementary information needs to be reported). *Note: The report must be attractive but don't go overboard: content is more important. ** More information on the style of business reporting is available in the Q Manual (http://business.monash.edu/students/study-resources/related/components/qmanual.pdf). B. Requirements for oral presentation, video recording and submission Task Description Step 1: Prepare your oral presentation Prepare a 5 min video presentation (alternative times apply to groups with less than 4 members - discuss with your tutor) in which you provide the main findings of your report. You might also want to provide a brief background about the case, but this is not required (remember the video should run for a maximum of 5 minutes). Be creative! You decide how you want to present your findings. For example, some students might want to prepare some visual aids Edward Tello Chief Examiner ACC ACF 2400 s2 2017 4 Step 2: Record your oral presentation o o (e.g., PowerPoint / Keynote slides) to support their presentation [note: you do not have to submit separately the visual aids used in your presentation]. Other students, however, might want to do a role-play video presentation. All team members must appear on the video, but not everyone has to speak in front of the camera for the same length of time. Again, you decide how you want to present the information required. There are a vast number of ways that you can logistically record yourself delivering an oral presentation. If you have experience in this area and/or would like to develop this skill, feel free to develop your own method. For those of you who do not know where to start, the following videos demonstrate a simple and free process you can follow: Record your video - PC version Record your video - mac version Video editing is optional for this assignment. However, it is important to make sure your presentation recording looks polished and professional (e.g., plan what you will say beforehand, do a test recording to get the recording volume right, and film in a well-lit location, etc.). Refer to the full list of quality guidelines in the 'Presentation' section below. Step 3: Upload video to YouTube Very carefully follow the instructions for how to Upload your video to YouTube and then provide a link to your video via the assessment submission point (see below). Be aware that depending on your internet connection and file size, upload times can be significant. Please allow sufficient time before the due date for your video to upload to YouTube. Make sure you select the 'Unlisted' privacy setting when you upload your video to YouTube, as shown in the help guide above. If your video is left as 'Private', your marker will be unable to access your submission and if this is the case, you may receive a zero on this assessment. So please double check this! Time Limit There is a strict time limit of 5 minutes for this assessment (alternative times apply to groups with less than 4 members - discuss with your tutor). Any information you include after the 6 minute mark will not be assessed. The length of the presentation will be taken as the recording length. So edit out any fumbling around at the beginning / end of the recording if necessary to ensure your recording length is below the limit. Presentation Note that this part of the assignment is assessing your ability to deliver an oral presentation summarising a report, and NOT to create multimedia. So, do not be overly concerned about Edward Tello Chief Examiner ACC ACF 2400 s2 2017 5 your video recording and/or editing skills. However, we do need to be able to clearly see and hear your presentation. This means: All team members must appear in the video (at least once). However, not everyone has to speak in front of the camera for the same length of time. For example, if you do a role-play video presentation, each member will have a different role and, consequently, will not necessarily speak on camera the same length of time. Film in a location that has appropriate lighting (no back lighting that casts your face into shadow) Film in a location with little to no background noise so your voice can be clearly heard Noise from recording equipment/computer should not interfere with the presentation Audio quality should be high and your microphone volume adjusted so your voice can be clearly heard If using slides, use an appropriate font size so any text on your slides is easily readable by a person watching the video of your presentation. In addition, they need to be fully in frame and clearly visible throughout the presentation. Essentially, we can only award marks for what we can perceive. So, you will lose marks if elements of your presentation cannot be seen or heard in the recording that is submitted for marking. Do a short test recording before filming your actual presentation to ensure all of the above points are addressed. Then check the quality of the video again after it has been uploaded to YouTube to ensure the quality is still appropriate. Format As per the instructions above, you will upload your video presentation file to YouTube and provide the weblink to your video for marking in a Word document. Names, Student IDs, Tutorial Times, and Roles of all Group Members (if applicable) should be presented on a slide for at least few seconds -either at the beginning or at the end of the video. For the sake of time, you do not have to voice (pronounce) this information. Make sure you acknowledge the source of all references, images, videos, etc., used in your presentation. For images and videos, report the weblink for the source at the point where it is presented. For scholarly sources, in text citations and a reference list should be supplied as per usual. The reference list should be displayed for at least a few seconds at the end of the video. C. Team Member Assessment Document The team assessment involves scoring each team member's meeting attendance, contribution to ideas and planning, timeliness, whether an equitable amount of work was performed, and contribution to the overall success of the project. All group members must submit the CATME Peer Evaluation (penalties will be applied to those who fail to complete it). More details about this part of the assessment will be posted soon. Edward Tello Chief Examiner ACC ACF 2400 s2 2017 6 Assignment 2 - Assessment Criteria Criteria Description Marks earned Marks possible Statement of management procedures Management and security Comprehensive and insightful assessment of management's role in relation to information security. Fully developed and supported assertions. 18 % Risk Measures and Internal Controls Comprehensive identification of all risks. Proposed internal controls to mitigate risks are of consistently high quality and well-justified. 18 % Business Continuity Planning Outstanding supported analysis of benefits and challenges. Skilful identification & use of AIS & business concepts. Fully developed & supported assertions. 18 % Data breaches - cases Breaches covered are pertinent and significant. Cause, explanation, and implications are thoroughly presented and amalgamate research from various academic and credible sources. Analysis demonstrates a particularly in-depth reflection. Viewpoints and interpretations are insightful and well supported. 18 % Students presented information in an outstanding, logical, interesting, and entertaining structure which audience can follow. Excellent presentation. Introduces the topic in an insightful way. Strong, definitive conclusion. 14 % Presentation including Introduction and Conclusion Clarity, expression and referencing Little or no grammatical punctuation, spelling or capitalisation errors that do not impede meaning. Expression is consistently clear and concise. At least 10 sources using Harvard referencing style with few or no mistakes. The overall presentation of the report document confirms to the standards reported in the Q Manual (https://business.monash.edu/students/study-resources/related/components/qmanual.pdf) 100 % Total Edward Tello Chief Examiner ACC ACF 2400 s2 2017 14 % 7 Oral presentation / video Focus and content Main points are clear and well argued. Brings closure with action statement. All presenters are clearly identified. Verbal style - clarity Speaks clearly and distinctly. No mispronounced words. Language is appropriate to non-technical audience. 40 % 20 % Visual style - creativity and visual aids Imaginative design with role-play scenarios or other creative approaches integrated into presentation. Visual aids, such as on-screen captions and signs, well-chosen & presented. 30 % Length / time Presentation within allotted time. 10 % 100 % Total Edward Tello Chief Examiner ACC ACF 2400 s2 2017 8