Scenario Peak View Sound Sources is a public company based


Peak View Sound Sources is a public company based in Denver, Colorado and is focused on providing digital media and Web sites to music companies and musicians through the Mountain and West Coast regions. The company has a solid reputation and is starting to get some national and worldwide attention, with new prospective companies wanting to take advantage of the quality services they have seen on other existing Web sites.

Your company has been hired to assist Peak View Sound Sources (PVSS) to ascertain the security posture of the company’s Information Systems resources and services. You are heading the team of auditors tasked to perform the audit and assessment.

You enter the company offices of PVSS and begin your analysis of the environment and situation. 

Initial analysis has allowed you to determine that the company is made up of the following divisions:

  • Corporate Management and      Support Staff: This      organization contains the executive management, human resources, and      accounting teams. All company decisions are directed from the      management team.
  • Information Technology: This team manages the networks, servers, Web sites, and      desktop environments for the company. The team has a perception of      being difficult to work with, as they are slow to adopt new technology and      slow to implement new offerings. The reality is that the team has      resources and wants to uptake the newest and greatest technology, but      they spend most of their time putting out fires and reacting to      issues.
  • Media Content and Design: This team is in charge of working with the record      companies and musicians to create the Web Sites and implement the product      offerings that are sold.
  • Sales and Marketing: This team works with the musicians and record companies      to offer and sell the services of PVSS.

There is a concern about the security of the infrastructure with respect to the ability to protect the copyrighted material that PVSS is given to host, because a single incident several years ago took place in which an entire new CD was released prematurely via the Internet. Although PVSS was not directly linked to the leak, there are suspicions surrounding PVSS.

  • Explain why you think the use      of these guidelines and procedures is not sufficient and may not solve the      problem. Consider how a company-wide policy program could help the      situation.
  • As you begin to prepare your      game plan to conduct an Information Security Audit, talk about why you      think this current situation makes it difficult to identify the controls      that need to be examined.
  • If you were performing this      security audit, with which regulations would you want to ensure that      PVSS complies? Why?

"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"