Security Audit Discussion Question
You are part of a team selected by the Chief Information Officer (CIO) to perform a security audit for one of the companies explored in this course:
Vampire Legends (Wk 1)
Cruisin’ Fusion (Wks 2–3)
Devil’s Canyon (Wks 4–5)
Create a 10- to 12-slide presentation (not including the title and reference slides) that shows the results of your security audit based on the following audit process:
Potential Risk to be Reviewed: Describe the risk.
Example: Viruses and malware can negatively impact the confidentiality, integrity, and availability of organizational data.
Regulation and Compliance Issues: Analyze how regulations and compliance issues could impact the organization.
Provide a detailed analysis of regulations and compliance issues, beyond the simple explanation in score point two.
Regulation and Compliance Resources and Tools: Analyze what resources and/or tools are available to address regulations and compliance issues.
Describe the control objective and the specific controls you will evaluate to determine potential risk is mitigated. Please note that typically, there will be more than one control that should be reviewed for a potential risk.
Example: Determine whether anti-virus software is in use.
Example: Determine whether virus signatures are periodically updated.
Example: Determine whether periodic virus scans are performed.
Provide a detailed analysis of the resources and/or tools available, beyond the simple explanation in score point two.
IT Security – Processes and Methods: Differentiate between the various processes and methods involved in management of IT security resources.
Review the various options available to address those processes and methods previously explained, and which ones might be feasible.
IT Security – Measures: Analyze the various security measures that could be taken within the organization.
Demonstrate a detailed understanding of what the alternatives are to approach security, how much security is needed, different methods to employ, etc.
Describe the criteria/measures that you will use to evaluate the adequacy of each area/review step that you review (i.e., what criteria will you use to perform your evaluation/how will you determine that the risk has been mitigated to an acceptable level).
Example: 100% of servers and PCs have virus software installed.
Example: 100% of the virus software installed is set to automatically update, including virus signatures.
Example: 100% of the virus software installed is set to automatically perform a scan at least weekly.
Include a 1/2- to 1-page executive summary to support your presentation. Include appropriate references.