Risk Managementthreat Analysisvulnerability Analys

Risk Managementthreat Analysisvulnerability Analys

The audit planning process directly affects the quality of the
outcome. A proper plan ensures that resources are focused on the right
areas and that potential problems are identified early. A successful
audit first outlines the objectives of the audit, the procedures that
will be followed, and the required resources.

Choose an organization you are familiar with and develop an 7 page IT infrastructure audit for compliance in which you:

  1. Define the following items for an organization you are familiar with:
    1. Scope
    2. Goals and objectives
    3. Frequency of the audit
    4. Duration of the audit
  2. Identify the critical requirements of the audit for your chosen
    organization and explain why you consider them to be critical
    requirements.
  3. Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization.
  4. Develop a plan for assessing IT security for your chosen organization by conducting the following:
    1. Risk management
    2. Threat analysis
    3. Vulnerability analysis
    4. Risk assessment analysis
  5. Explain how to obtain information, documentation, and resources for the audit.
  6. Analyze how each of the seven (7) domains aligns within your chosen organization.
  7. Align the appropriate goals and objectives from the audit plan to each domain and provide a rationale for your alignment.
  8. Develop a plan that:
    1. Examines the existence of relevant and appropriate security policies and procedures.
    2. Verifies the existence of controls supporting the policies.
    3. Verifies the effective implementation and ongoing monitoring of the controls.
  9. Identify the critical security control points that must be verified
    throughout the IT infrastructure, and develop a plan that includes
    adequate controls to meet high-level defined control objectives within
    this organization.
  10. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

  • Include a cover page containing the title of the assignment, the
    student’s name, the professor’s name, the course title, and the date.
    The cover page and the reference page are not included in the required
    assignment page length.

The specific course learning outcomes associated with this assignment are:

  • Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance.
  • Describe the components and basic requirements for creating an audit plan to support business and system considerations
  • Develop IT compliance audit plans
  • Use technology and information resources to research issues in security strategy and policy formation.
  • Write clearly and concisely about topics related to information
    technology audit and control using proper writing mechanics and
    technical style conventions.