Nolls is an online retailer that specializes in connecting local artisans directly to consumers. You work for a public accounting firm as anIT audit consultant and have been staffed on the Nolls cybersecurity engagement. Nolls hired your firm to help implement the NISTCybersecurity Framework. Your team is performing a gap analysis to identify areas where Nolls lacks internal controls, and you havebeen tasked with mapping Nolls' existing internal controls to specific NIST control families.Use the word bank to identify the NIST family in which each of the following internal controls belongs.Word Bank:Physical and Environmental ProtectionAwareness and TrainingPersonnel SecurityAccess ControlIdentification and AuthenticationConfiguration ManagementRisk AssessmentSystem and Communications ProtectionSystem and Information IntegritySecurity Assessment and Authorization Internal controls:The Human Resources and IT departments collaborate to provide annualtraining about phishing emails.Nolls' IT department conducts penetration testing on an annual basis.1.2.3.4.5.6.7.8.System resources are monitored to ensure that sufficient resources exist tosupport unexpected network traffic.Nolls' corporate office requires two forms of identification for visitors to thedata center.System capacity, bandwidth, and redundancy are managed proactively.Malicious code protection mechanisms are employed at access points of theinformation system.Nolls' IT department scans for vulnerabilities randomly.The corporate password requirements include a minimum of eight characters,along with at least one symbol, at least one number, and at least one capitalletter.<<<<<<

Internal controls can be defined as the measures, and processes that are employed with a motive to…

Answered: Nolls is an online retailer that…

Understanding Business

12th Edition

ISBN:9781259929434

Author:William Nickels

Publisher:William Nickels

Chapter1: Taking Risks And Making Profits Within The Dynamic Business Environment

Section: Chapter Questions

Problem 1CE

See similar textbooks

Similar questions

The COSO's component that does 'encompass the actions, policies, and procedures that reflect the overall attitudes of top management, directors, and owners of an entity about internal control and its importance to the entity' is: A- Control environment. B- Risk assessment. C- Control activities. D- Information and communication.
Disruptors are focused on a particular innovative technology or process in everything from mobile payments to insurance. they have been attacking some of the most profitable elements of the financial services value chain. This has been particularly damaging to the incumbents who have historically subsidized important but less profitable service offerings. Identify an existing and real life example on how a specific financial disruptor have affected a certain industry/company. How did the certain industry/company have mitigated the damaging effect of the Financial Disruptor?
A recent incident involving access control or authentication might be studied as a case study to assist highlight best practises for avoiding similar security breaches. Do you believe that it has altered the method in which the company does business? Can you give me an accurate estimate of how much money the company has lost?
Which analysis of both - PEST or SWOT, will outline the below statement and why? Some cars were created especially for luxury lovers and offered them the level of comfort they desired, thus BMW acquired acceptance and popularity in the market. As a result, by applying pressure and having an impact on business operations, it increased the company's engagement with the external environment, which interfered with the moral relationships between the internal participants.
In a 1,000 words conduct an analysis of the risk management process/ framework implemented at J.P Morgan Chase (including risk assessment and risk control mechanisms). You are required to report on key risks that J.P Morgan Chase is exposed to and explain aspects of the framework, emphasizing the effectiveness of the risk management strategies used.
Critical Thinking If a company of which you are a cus- tomer suffered a data breach (in which some of the data customers created or shared by customers with the company were compromised), would your percep- tions of that company change and if so, why? Would it matter what type of data was compromised? Are there other factors that would lessen or heighten your view of the severity of the event? If so, what might they include?
As a strategic consultant to ABC Ltd., explain to the board of directors, a reliable approach to developing and implementing staffing policy guidelines that will ensure reinforcement of the desired culture in the organization, essential to achieving its goals and objectives
One of the ways public health will be transformed is through how we are Using Data. While public health practitioners are skilled at the collection and interpretation of population-level information, unfortunately it is still possible for our workforce to suffer from problems with how we are collecting and interpreting data. Name and briefly describe one of the most serious flaws in data collection that can happen , making sure to detail how this flaw can influence the decisions we are making about public health policies and/or interventions .
IT governance needs to be supported from bottom-up by senior managers to achieve good value from IT investments. Discuss in your own words how effective IT governance goals may be achieved in the department that you are heading taking into account IT investments at your disposal and any control measures in place.
What is the engagement risk affiliated with the Oscars? What is the information risk? Is there business risk?
Is there any downside to biometric identification systems?When it comes to biometrics, what should privacy advocates be concerned about? Do you agree or disagree with the following concerns? Please offer a rationale for what you're saying.
Indicate a situation in which each of the four potential access control strategies may be used. What makes this alternative different from others in its industry?

SEE MORE QUESTIONS

Recommended textbooks for you

Understanding Business

Management

ISBN:

9781259929434

Author:

William Nickels

Publisher:

McGraw-Hill Education

Management (14th Edition)

Management

ISBN:

9780134527604

Author:

Stephen P. Robbins, Mary A. Coulter

Publisher:

PEARSON

Spreadsheet Modeling & Decision Analysis: A Pract…

Management

ISBN:

9781305947412

Author:

Cliff Ragsdale

Publisher:

Cengage Learning

Understanding Business

Management

ISBN:

9781259929434

Author:

William Nickels

Publisher:

McGraw-Hill Education

Management (14th Edition)

Management

ISBN:

9780134527604

Author:

Stephen P. Robbins, Mary A. Coulter

Publisher:

PEARSON

Spreadsheet Modeling & Decision Analysis: A Pract…

Management

ISBN:

9781305947412

Author:

Cliff Ragsdale

Publisher:

Cengage Learning

Management Information Systems: Managing The Digi…

Management

ISBN:

9780135191798

Author:

Kenneth C. Laudon, Jane P. Laudon

Publisher:

PEARSON

Business Essentials (12th Edition) (What's New in…

Management

ISBN:

9780134728391

Author:

Ronald J. Ebert, Ricky W. Griffin

Publisher:

PEARSON

Fundamentals of Management (10th Edition)

Management

ISBN:

9780134237473

Author:

Stephen P. Robbins, Mary A. Coulter, David A. De Cenzo

Publisher:

PEARSON

SEE MORE TEXTBOOKS