Accounting Information Systems (Coursework Sample)

Article Critique Grading Rubric
You will find an article in a scholarly journal dealing with information systems theory or application, and will then summarize and critique it in 2-4 pages. A proper APA title page, running head, and reference list are required for these critiques. No abstract is needed for this assignment. Each critique should have at least four references. Upon completion of each Article Critique, the assignment must be submitted in both a discussion board thread as well as through the SafeAssign submission link located in the assigned module by 11:59 p.m. (ET) on Sunday of the assigned module/week.
Explanation of Rubric:
Each assignment will be assessed on 5 criteria:
1) Content
2) Organization
3) Format
4) Spelling, Grammar & Punctuation
5) Clarity & Style
There are 3 ranges for assessment within each category:
1) Exceptional
2) Satisfactory
3) Needs Improvement
The assessment of each component for your assignments will be highlighted and distinguished in bold blue type. This rubric and assessment will be attached to each of your written assignments.
CRITERIA
NEEDS IMPROVEMENT
SATISFACTORY
EXCEPTIONAL
CONTENT
(50 pts.)
FEWER THAN 37.5 POINTS
Assignment does not demonstrate understanding of subject matter, and the purpose of the paper is not stated. The objective, therefore, is not addressed and supporting materials are not correctly referenced.
37.5 to 44.5 POINTS
Assignment demonstrates limited understanding of the subject matter Theories are not well connected to a practical experience or appropriate examples. An attempt to research the topic is evident, materials are correctly referenced.
45 to 50 POINTS
Assignment demonstrates thorough understanding of the subject matter. Clearly states the objective of the paper and links theories to practical experience. The paper includes relevant material that is correctly referenced, and this material fulfills the objective of the paper.
ORGANIZATION
(20 pts.)
FEWER THAN 15 POINTS
Paragraphs do not focus around a central point, and concepts are disjointedly introduced or poorly defended (i.e., stream of consciousness).
15 to 17.5 POINTS
Topics/content could be organized in a more logical manner. Transitions from one idea to the next are often disconnected and uneven.
18 to 20 POINTS
Assignment focuses on ideas and concepts within paragraphs. Sentences are well-connected and meaningful. Each topic logically flows from the objective. Introduction clearly states the objective; purpose of the paper. Conclusion draws the ideas together.
FORMAT
(10 pts.)
FEWER THAN 7.5 POINTS
The paper does not conform to APA style.
7.5 to 8.5 POINTS
Paper does not conform completely to APA style (e.g., margins, spacing, pagination, headings, headers, citations, references).
9 to 10 POINTS
The paper is correctly formatted to APA style (e.g., margins, spacing pagination, headings, headers, citations, references).
SPELLING, GRAMMAR, & PUNCTUATION
(10 pts.)
FEWER THAN 7.5 POINTS
Paper demonstrates limited understanding of formal rules of written language; writing is colloquial (i.e., conforms to spoken language). Grammar and punctuation are consistently incorrect. Spelling errors.
7.5 to 8.5 POINTS
Assignment occasionally uses awkward sentence construction; overuse or inappropriate use of complex sentence structure. Problems with word usage (e.g., incorrect context, tense, etc) and punctuation persist, often causing difficulties with grammar.
9 to 10 POINTS
Assignment demonstrates correct usage of formal English language in sentence construction. Variation in sentence structure and word usage promotes readability. There are no spelling, punctuation, or word usage errors.
CLARITY & STYLE
(10 pts.)
FEWER THAN 7.5 POINTS
Assignment uses limited vocabulary. Paper has difficulty conveying sophisticated concepts. Only the broad, general messages are presented.
7.5 to 8.5 POINTS
Some words, transitional phrases, and conjunctions are overused. Ideas may be overstated, and sentences with limited contribution to the subject are included.
9 to 10 POINTS
Assignment uses appropriate language (i.e., avoids jargon, uses complex concepts appropriately). Writing is concise, in active voice, avoids awkward transitions/overuse of conjunctions.
Ch1 Introduction to AIS
Ch2 Enterprise Systems
Ch3 E Business Systems
Ch4 Documenting Information Systems
Behavior Patterns That Can Indicate an Insider Threat (http://deloitte.wsj.com/cio/2014/08/07/the-behavior-patterns-that-can-indicate-an-insider-threat/?KEYWORDS=%22information+systems%22)
Paragraph 1
Improvements in technology have made it easier for public and private sector organizations to identify the behavioral patterns that may indicate a malicious insider threat, but technology is just one component of an overall insider threat program.
SUMMARY
The advances in technology and information systems have helped company’s become more aware of fraud and malicious threats within the company.
OPINION
The advances in technology help companies find fraudulent activity, but it also gives users the opportunity to hide the fraudulent activity longer. In most information systems users learn how to get around certain internal control activities to conduct fraud. Although, the software is helping the company it is hurting the company as well.
Paragraph 2
Insider threats are seldom impulsive acts. Employees wishing to harm a current or former employer, business partner, or client—whether by stealing trade or government secrets, sabotaging information systems, or even opening fire on colleagues—usually plan their actions. Some wish to get revenge against an organization they believe wronged them. Others seek some kind of personal or financial gain, or to point out a perceived injustice. Still others may operate as spies for a foreign government. Regardless of their motivation, their plans often percolate for weeks, months, or even years before they act. Recent revelations about a member of the U.S. intelligence community leaking national security documents has once again put public and private sector organizations on alert to insider threats.
SUMMARY
Fraud and malicious activity conducted within entities is a rarely a spontaneous act. The individuals who take part in this activity are usually doing it for revenge or basically to recoup some form of benefit or satisfaction. Most of the time; they have planned the task for weeks to months at a time. This type of behavior can happen within any entity; commercial or government.
OPINION
Although this article appears to focus on physical threats within entities, it compares to the act and process of conducting fraudulent activity in the workplace. This is why it is very important for companies to implement internal controls and segregation of duties. Of course there are those who are successful in manipulating information systems. There is no way that this can be a spontaneous act, it takes time to try to conduct fraud without getting caught.
Paragraph 3
“Insiders move along a continuum from idea to action,” says Michael Gelles, a director with Deloitte Consulting LLP and a former chief psychologist for the Naval Criminal Investigative Service (NCIS). “They don’t wake up one morning and decide to exploit confidential information. They get an idea, ruminate, and then begin testing the waters to see if they can execute the idea—maybe by trying to access sensitive data or a secure facility.”
SUMMARY
OPINION
Paragraph 4
As insiders move along the idea-to-action continuum, they leave evidence, no matter how hard they may try to cover their tracks. Red flags frequently take the form of changes in attitude or behavior: The insider may grow frustrated or disgruntled, begin violating corporate policies, come in or stay late at the office, show “undue interest” in information that may not be relevant to their work, or attempt to access physical areas where they don’t typically—or shouldn’t—work, according to Gelles.
SUMMARY
OPINION
Paragraph 5
To detect insiders’ actions before they do harm, Gelles advises organizations to establish a series of threat indicators, such as policy violations, job performance difficulties, or disregard for rules, based on high-value assets they wish to protect. For example, potential indicators that a rogue software developer appears likely to steal his company’s source code may include a vengeful attitude, isolation from co-workers, accessing the system on which the source code is stored during off-hours, and a bad performance rating. (An employee with a bad ranking who believes he’s going to lose his job may try to steal intellectual property that could help him land a job with a competitor or start his own company.) Manufacturers seeking to safeguard new product designs may keep an eye out for insiders trying to access or download those plans, traveling to countries where intellectual property theft is prevalent, sending emails with large attachments, and/or experiencing financial difficulty.
SUMMARY
OPINION
Paragraph 6
“There’s no (psychological) profile for an insider,” says Gelles. “An individual’s personality isn’t nearly as important as their actions. That said, you’re not looking for a specific behavior, but a pattern of behaviors that may indicate a potential insider threat.”
SUMMARY
OPINION
Paragraph 7
With insider threat indicators established, companies can then begin to collect and correlate virtual and nonvirtual data about employees, according to Gelles. Virtual data refers to the digital trails employees leave when they log on and off the corporate network, access systems, download or print documents, send email, and use the Web. Nonvirtual data includes information about an individual’s role in an organization, performance ratings, compliance with corporate policies, and work habits (such as the times of day they start and stop working, the people they typically interact with, and their physical movement throughout an office).
SUMMARY
OPINION
Paragraph 8
Gelles has analyzed a variety of insider threat detection tools that use advanced analytics to correlate virtual and nonvirtual data. Even though these systems are first-generation, he notes, they’re capable of integrating disparate data sources and analyzing structured and unstructured information.
SUMMARY
OPINION
Paragraph 9
Keith Brogan, a senior manager with Deloitte & Touche LLP’s Cyber Risk Services practice, says many of these systems work by establishing and maintaining a baseline for “normal” or “typical” employee behavior and tracking deviations from it. For example, if during the course of a day a financial securities trader calls a competitor in addition to his normal client base, attempts to badge into the investment research area of his company’s business (a policy violation), and executes a trade outside the rules he’s allowed to trade within (another policy violation), the system will raise an alert for follow-up. “These systems include rules and logic that establish thresholds for risk indicators, and release an alert when those thresholds are exceeded,” he says.
SUMMARY
OPINION
Paragraph 10
While today’s insider threat monitoring systems may be effective, Gelles cautions organizations against relying solely on technology to mitigate insider threats. Instead, he suggests they institute an insider threat program that defines the assets a company wants to protect; establishes policies, procedures, controls, and training designed to protect those assets; and brings together stakeholders and data owners from a variety of functions, including HR, legal, compliance, finance, and administration.
SUMMARY
OPINION
Paragraph 11
“Correlating people centric data over time can allow organizations to identify threats that might otherwise go undetected and stop a malicious insider’s forward progress,” says Gelles. “But without full participation from leadership, CIOs and CISOs may have trouble getting the data required to build that pattern of precursors that may indicate a potential insider threat.”
SUMMARY
Being more involved with today’s people centered information will give organizations the capability to catch fraudulent activity sooner. Since there is generally a lack of involvement from shareholders and leaders within these entities; the malicious activity will only get worse.
OPINION