Risk Mitigation Step Plan Research Paper
Order ID 53563633773 Type Essay Writer Level Masters Style APA Sources/References 4 Perfect Number of Pages to Order 5-10 Pages
Risk Mitigation Step Plan Research Paper
Gail Industries: Smallville Collections Processing Entity Case Study
This case study will be used to complete your assignments throughout the course. Some sections of the case study will be necessary in multiple assignments. See the assignment instructions for specific assignment requirements.
Gail Industries is a partner to many Fortune 1000 companies and governments around the world. Gail Industries’ role is to manage essential aspects of their clients’ operations while interacting with and supporting the people their clients serve. They manage millions of digital transactions every day for various back office processing contracts.
One of Gail Industries’ clients is the city of Smallville. Smallville, despite its name, is a metropolis seated in the heart of the nation. The city has 2.5 million residents, and the greater Smallville metropolitan area has a population of about 4 million people.
The Smallville Collections Processing Entity (SCOPE) provides collections processing services to the city of Smallville. SCOPE receives tax payments, licensing fees, parking tickets, and court costs for this major municipality.
The city of Smallville sends out invoices and other collections notices, and SCOPE processes payments received through the mail, through an online payment website, and through an interactive voice response (IVR) system. Payments are in the form of checks, debit cards, and credit cards. After processing invoices, SCOPE deposits the monies into the bank account for the city.
SCOPE is responsible for ensuring the security of the mail that comes into the possession of all employees, subcontractors, and agents at its processing facility, located within Smallville. Controls and procedures for money and mail handling are established by SCOPE to ensure payments are accounted for, from the earliest point received through processing and deposit. These controls and procedures provide:
- Assurances for proper segregation of duties
- The design and use of satisfactory documentation to ensure proper recording of transactions
- The safeguarding of access to and use of all assets and records
- Independent checks on performance
The purpose of collections processing is to receive and process various types of payments, post the payment data to the Central Collections System (CCS), and deposit the accompanying funds in the Smallville bank account. This process includes the following types of payment receipts:
- Regular mail – paper checks only
- Website – credit and debit card payments; electronic checks
- IVR – credit and debit card payments
A bonded courier picks up the payments from the United States Postal Service (USPS) facility in Smallville. SCOPE uses a subcontractor for courier services. This courier is dedicated, picking up and delivering mail only for SCOPE. This courier is also required to sign for registered, certified, and express delivery envelopes.
The daily success of payment processing depends on receiving mail quickly from the postal service, opening that mail, and properly sorting the contents for processing. Batches contain similar payment types: tax payments are processed together, court collections together, and so forth.
Deposits are made daily into the Smallville bank account. Electronic payments (debit cards, credit cards, and paperless checks) are deposited through an interface between CCSys and the bank. Checks are converted to electronic debits and deposited electronically. However, those that cannot be converted to electronic form are deposited in physical form.
Gail Industries uses the following specific functional areas of operations for SCOPE:
- Contract manager – responsible for the overall management of contract deliverables of the payment processing operation, including the monitoring of financial expenditures to ensure compliance with contract budgets.
- Operations manager – responsible for planning, managing, and controlling the day-to-day activities of the team that provides operational support for the business unit, including the establishment of operational objectives and work plans and delegation of assignments to subordinate managers.
- Information technology (IT) manager – responsible for developing and maintaining the strategy of the future direction of IT infrastructure, including developing plans for the implementation of new IT projects and managing relationships with IT-related vendors and subcontractors.
- Accounting – responsible for performing a variety of routine clerical and accounting functions within the accounting department, including daily balancing of receipts. In addition, the accountant resolves exception transactions, including charged back checks (bounced checks), forgery affidavits, and recoupment.
- Call center – the city of Smallville does not have a centralized call center for handling questions relating to payments and invoices. It is considering adding one to the scope of services offered by Gail Industries.
Gail Industries services are designed around the following tools and technologies:
- Data Capture and Imaging – real-time instrument imaging and data capture—provides imaging, accountability and reporting of checks and remitted payments.
- Invoice Management and Reporting – data correction and maintenance utilizing automated payment auditing and historical analysis. A browser-based application is available for internal SCOPE and Smallville staff to perform administrative functions. A separate internet-accessible payment portal allows for citizens, business owners, and others to view invoices and make payments.
Gail Industries currently utilizes cloud-based servers on the Amazon Web Services (AWS) platform for internet-accessible application. Data capture, imaging, and the payment processing application run on local servers in a secured computer room. Local servers run both Linux and Windows Server operating systems. Data is stored on Microsoft SQL Server to provide storage of payment, image, and balancing data.
The servers supporting the CCS are housed within the server room (also known as the data center) and are managed by Gail Industries’ IT staff. The IT staff provides the following services:
- Firewall management – monitoring and management of the firewall systems and networks on a 24/7/365 basis.
- Network monitoring – proactive network and server monitoring services to help maximize system performance and uptime.
- Data backup – data backup services for the production payment, imaging, and balancing data.
- Incident management – IT incident monitoring, documentation, and resolution management.
Note: Only select control objectives and related controls are included in the list below.
Control Objective 1: The controls provide reasonable assurance that physical access to computer resources within Gail Industries’ data center is restricted to authorized and appropriate personnel.
To protect physical assets, management has documented and implemented physical access procedures to grant, control, monitor, and revoke access to the on-site data center.
The data center requires two-factor authentication: a biometric credential via retinal eye scanner and a badge access card. Individuals requesting badge access document the request on a standardized employee management form that must be approved by departmental management. Administrative access to the badge access system is restricted to authorized IT personnel.
When an employee is terminated, IT personnel revoke the badge access privileges as a component of the termination process. In addition, the IT manager performs a review of badge access privileges on a monthly basis to help ensure that terminated employees do not retain badge access.
All visitors must sign a logbook and present picture ID to their escort upon entering the data center. Access is restricted to authorized IT personnel and equipment technicians.
CCTV surveillance cameras are utilized throughout the facility and the data center to record activity; these images are retained for a minimum of 45 days.
Control Objective 2: Controls provide reasonable assurance that physical access to assets within Gail Industries’ facilities is restricted to authorized and appropriate personnel.
To protect physical assets, management has documented and implemented physical access procedures to grant, control, monitor, and revoke access to the on-site facility for SCOPE.
A door badge access system is employed to control access to areas within the facility (including the data center) through the use of predefined security zones.
Individuals requesting badge access to the facility document the request on a standardized employee management form, accessible through Gail Industries’ employee on-boarding system (known as GEO). All requests must be approved by departmental management. Administrative access to the badge access system is restricted to authorized IT personnel.
Upon termination (voluntary or involuntary), IT personnel revoke badge access privileges as a task in the termination process. In addition, the IT manager performs a monthly review of badge access privileges to ensure that terminated employees do not retain badge access.
Both entrances into the facility are locked and are monitored by administrative personnel. The receptionist must unlock the door for visitor access. Visitors are required to ring a video doorbell and announce themselves to the receptionist. Visitors sign a logbook when entering the facility, and they are required to wear a visitor’s badge at all times. Visitors must be escorted by an authorized employee when accessing sensitive facility areas such as the mail room and server room.
CCTV surveillance cameras are utilized throughout the facility and server room to record activity. Video images are retained for a minimum of 45 days.
Control Objective 4: Controls provide reasonable assurance that changes to network infrastructure and system software are documented, tested, approved, and properly implemented to protect data from unauthorized changes and to support user entities’ internal control over financial reporting.
Documented change management policies and procedures are in place to address change management activities. Further, there are provisions for emergency changes to the infrastructure and operating systems. Change requests are documented via a change request (CR) form.
CRs include details of the change, including the change requestor, the date of the request, the change description, and change specifications. Management, through the Change Advisory Board (CAB), holds a weekly meeting to review and prioritize change requests. During this meeting, management authorizes change requests by signing off on the CR form.
Detailed testing is performed prior to implementation of the change in test environments that are logically separated from the production environment. The CAB approves the changes prior to implementation. The ability to implement infrastructure and operating system updates to the production systems is restricted to user accounts of authorized IT personnel.
Control Objective 5: Controls provide reasonable assurance that administrative access to network infrastructure and operating system resources is restricted to authorized and appropriate users to support user entities’ internal control over financial reporting.
Information security policies have been documented and are updated annually to assist personnel in the modification of access privileges to information systems and guide them in safeguarding system infrastructure, information assets, and data. Infrastructure and operating system users are authenticated via user account and password prior to being granted access.
Password requirements are configured to enforce minimum password length, password expiration intervals, password complexity, password history requirements, and invalid password account lockout threshold, as documented in the IT Policies and Procedures Manual.
The CCS application authenticates users through the use of individual user accounts and passwords before granting access to the applications. CCS utilizes predefined security groups for role-based access privileges. The application enforces password requirements of password minimum length, password expiration intervals, password complexity, password history, and invalid password account lockout threshold.
Version 1.0, 12/31/2016
Date Author Notes 12/31/2016 Ken Smith Version 1.0, accepted by client
This policy is intended to establish guidelines for effectively creating, maintaining, and protecting passwords at SCOPE.
This policy shall apply to all employees, contractors, and affiliates of SCOPE, and shall govern acceptable password use on all systems that connect to SCOPE network or access or store SCOPE, city of Smallville, or Gail Industries data.
- All user and admin passwords must be at least  characters in length. Longer passwords and passphrases are strongly encouraged.
- Where possible, password dictionaries should be utilized to prevent the use of common and easily cracked passwords.
- Passwords must be completely unique, and not used for any other system, application, or personal account.
- Default installation passwords must be changed immediately after installation is complete.
- User passwords must be changed every 60 days. Previously used passwords may not be reused.
- System-level passwords must be changed on a monthly basis.
- Passwords must not be shared with anyone (including coworkers and supervisors), and must not be revealed or sent electronically.
- Passwords shall not be written down or physically stored anywhere in the office.
- When configuring password “hints,” do not hint at the format of your password (e.g., “zip + middle name”)
- User IDs and passwords must not be stored in an unencrypted format.
- User IDs and passwords must not be scripted to enable automatic login.
- “Remember Password” feature on websites and applications should not be used.
- All mobile devices that connect to the company network must be secured with a password and/or biometric authentication and must be configured to lock after 3 minutes of inactivity.
It is the responsibility of the end user to ensure enforcement with the policies above.
If you believe your password may have been compromised, please immediately report the incident to the IT Department and change the password.
QUALITY OF RESPONSE NO RESPONSE POOR / UNSATISFACTORY SATISFACTORY GOOD EXCELLENT Content (worth a maximum of 50% of the total points) Zero points: Student failed to submit the final paper. 20 points out of 50: The essay illustrates poor understanding of the relevant material by failing to address or incorrectly addressing the relevant content; failing to identify or inaccurately explaining/defining key concepts/ideas; ignoring or incorrectly explaining key points/claims and the reasoning behind them; and/or incorrectly or inappropriately using terminology; and elements of the response are lacking. 30 points out of 50: The essay illustrates a rudimentary understanding of the relevant material by mentioning but not full explaining the relevant content; identifying some of the key concepts/ideas though failing to fully or accurately explain many of them; using terminology, though sometimes inaccurately or inappropriately; and/or incorporating some key claims/points but failing to explain the reasoning behind them or doing so inaccurately. Elements of the required response may also be lacking. 40 points out of 50: The essay illustrates solid understanding of the relevant material by correctly addressing most of the relevant content; identifying and explaining most of the key concepts/ideas; using correct terminology; explaining the reasoning behind most of the key points/claims; and/or where necessary or useful, substantiating some points with accurate examples. The answer is complete. 50 points: The essay illustrates exemplary understanding of the relevant material by thoroughly and correctly addressing the relevant content; identifying and explaining all of the key concepts/ideas; using correct terminology explaining the reasoning behind key points/claims and substantiating, as necessary/useful, points with several accurate and illuminating examples. No aspects of the required answer are missing. Use of Sources (worth a maximum of 20% of the total points). Zero points: Student failed to include citations and/or references. Or the student failed to submit a final paper. 5 out 20 points: Sources are seldom cited to support statements and/or format of citations are not recognizable as APA 6th Edition format. There are major errors in the formation of the references and citations. And/or there is a major reliance on highly questionable. The Student fails to provide an adequate synthesis of research collected for the paper. 10 out 20 points: References to scholarly sources are occasionally given; many statements seem unsubstantiated. Frequent errors in APA 6th Edition format, leaving the reader confused about the source of the information. There are significant errors of the formation in the references and citations. And/or there is a significant use of highly questionable sources. 15 out 20 points: Credible Scholarly sources are used effectively support claims and are, for the most part, clear and fairly represented. APA 6th Edition is used with only a few minor errors. There are minor errors in reference and/or citations. And/or there is some use of questionable sources. 20 points: Credible scholarly sources are used to give compelling evidence to support claims and are clearly and fairly represented. APA 6th Edition format is used accurately and consistently. The student uses above the maximum required references in the development of the assignment. Grammar (worth maximum of 20% of total points) Zero points: Student failed to submit the final paper. 5 points out of 20: The paper does not communicate ideas/points clearly due to inappropriate use of terminology and vague language; thoughts and sentences are disjointed or incomprehensible; organization lacking; and/or numerous grammatical, spelling/punctuation errors 10 points out 20: The paper is often unclear and difficult to follow due to some inappropriate terminology and/or vague language; ideas may be fragmented, wandering and/or repetitive; poor organization; and/or some grammatical, spelling, punctuation errors 15 points out of 20: The paper is mostly clear as a result of appropriate use of terminology and minimal vagueness; no tangents and no repetition; fairly good organization; almost perfect grammar, spelling, punctuation, and word usage. 20 points: The paper is clear, concise, and a pleasure to read as a result of appropriate and precise use of terminology; total coherence of thoughts and presentation and logical organization; and the essay is error free. Structure of the Paper (worth 10% of total points) Zero points: Student failed to submit the final paper. 3 points out of 10: Student needs to develop better formatting skills. The paper omits significant structural elements required for and APA 6th edition paper. Formatting of the paper has major flaws. The paper does not conform to APA 6th edition requirements whatsoever. 5 points out of 10: Appearance of final paper demonstrates the student’s limited ability to format the paper. There are significant errors in formatting and/or the total omission of major components of an APA 6th edition paper. They can include the omission of the cover page, abstract, and page numbers. Additionally the page has major formatting issues with spacing or paragraph formation. Font size might not conform to size requirements. The student also significantly writes too large or too short of and paper 7 points out of 10: Research paper presents an above-average use of formatting skills. The paper has slight errors within the paper. This can include small errors or omissions with the cover page, abstract, page number, and headers. There could be also slight formatting issues with the document spacing or the font Additionally the paper might slightly exceed or undershoot the specific number of required written pages for the assignment. 10 points: Student provides a high-caliber, formatted paper. This includes an APA 6th edition cover page, abstract, page number, headers and is double spaced in 12’ Times Roman Font. Additionally, the paper conforms to the specific number of required written pages and neither goes over or under the specified length of the paper.
GET THIS PROJECT NOW BY CLICKING ON THIS LINK TO PLACE THE ORDER
Do You Have Any Other Essay/Assignment/Class Project/Homework Related to this? Click Here Now [CLICK ME] and Have It Done by Our PhD Qualified Writers!!
Risk Mitigation Step Plan Research Paper
Tired of getting an average grade in all your school assignments, projects, essays, and homework? Try us today for all your academic schoolwork needs. We are among the most trusted and recognized professional writing services in the market.
We provide unique, original and plagiarism-free high quality academic, homework, assignments and essay submissions for all our clients. At our company, we capitalize on producing A+ Grades for all our clients and also ensure that you have smooth academic progress in all your school term and semesters.
High-quality academic submissions, A 100% plagiarism-free submission, Meet even the most urgent deadlines, Provide our services to you at the most competitive rates in the market, Give you free revisions until you meet your desired grades and Provide you with 24/7 customer support service via calls or live chats.