Project #4: IT Audit Policy and Plans Company Background & Operating Environment Use the assigned case study for information about “the company.” Policy Issue & Plan of Action The corporate board was recently briefed by the Chief Information Officer concerning the company’s IT Security Program and how this program contributes to the company’s risk management strategy. During the briefing, the CIO presented assessment reports and audit findings from IT security audits. These audits focused upon the technical infrastructure and the effectiveness and efficiency of the company’s implementation of security controls. During the discussion period, members of the corporate board asked about audits of policy compliance and assessments as to the degree that employees were (a) aware of IT security policies and (b) complying with these policies. The Chief Information Officer was tasked with providing the following items to the board before its next quarterly meeting: Issue Specific Policy requiring an annual compliance audit for IT security policies as documented in the company’s Policy System Audit Plan for assessing employee awareness of and compliance with IT security policies Are employees aware of the IT security policies in the Employee Handbook? Do employees know their responsibilities under those policies? Audit Plan for assessing the IT security policy system Do required policies exist? Have they been updated within the past year? Are the policies being reviewed and approved by the appropriate oversight authorities (managers, IT governance board, etc.)? Your Task Assignment As a staff member supporting the CISO, you have been asked to research this issue (auditing IT security policy compliance) and then prepare an “approval draft” for a compliance policy. You must also research and draft two separate audit plans (a) employee compliance and (b) policy system audit. The audit policy should not exceed two typed pages in length so you will need to be concise in your writing and only include the most important elements for the policy. Make sure that you include a requirement for an assessment report to be provided to company management and the corporate board of directors. For the employee compliance assessment, you must use an interview strategy which includes 10 or more multiple choice questions that can be used to construct a web-based survey of all employees. The questions should be split between (a) awareness of key policies and (b) awareness of personal responsibilities in regards to compliance. For the policy system audit, you should use a documentation assessment strategy which reviews the contents of the individual policies to determine when the policy was last updated, who “owns” the policy, who reviewed the policy, and who approved the policy for implementation. Research: Review the weekly readings including the example audit assessment report. Review work completed previously in this course which provides background about the IT Policy System and specific policies for the case study company. Find additional resources which discuss IT compliance audits and/or policy system audits. Write: Prepare briefing package with approval drafts of the three required documents. Place all three documents in a single MS Word (.doc or .docx) files. Your briefing package must contain the following: Executive Summary “Approval Drafts” for Issue Specific Policy for IT Security Policy Compliance Audits Audit Plan for IT Security Policy Awareness & Compliance (Employee Survey) Audit Plan for IT Security Policies Audit (Documentation Review) As you write your policy and audit plans, make sure that you address security issues using standard cybersecurity terminology (e.g. 5 Pillars of IA, 5 Pillars of Information Security). See the resources listed under Course Resources > Cybersecurity Concepts Review for definitions and terminology. Use a professional format for your policy documents and briefing package. Your policy documents should be consistently formatted and easy to read. Common phrases do not require citations. If there is doubt as to whether or not information requires attribution, provide a footnote with publication information or use APA format citations and references. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. Submit For Grading Submit briefing package in MS Word format (.docx or .doc file) for grading using your assignment folder. (Attach the file.)

    Red Remains Restitutions

    Safeguard Audit Policies and Sketchs

    It is peremptorily ce a weighty interest being such as Red remains to voicelessness that the continued aggression in technology comes with increased safeguard threats. Therefore, a stalk towards the luck of safeguard tests obedience is indispensable. Method audit obedience and employee awareness are requisite since the employees entireure deficiency to know safeguard policies are reasond to guide the way of method and employee obedience audit. As a corporation affianced in abode restitution, customization, and upgrading, technology becomes the backbundivided of operations safeguard awareness and obedience audit sketch, the IT safeguard obedience audit sketch, and the IT safeguard policies audit sketch.

    Safeguard Cunning Obedience Audit Sketch

    Among the centre appraises of Red Remains restitutions, is the appraise of upholding the primary always virtue test as courteous-mannered-mannered-mannered as pliancy in emanation and labor grant to its clientele. It is the external of the strong to handle its safeguard protocols and policies render with the federal guidement and topical guidement laws, rules and regulations on counsel technology safeguard.  These measures are aimed at twain the employees and the outsiders. The mind of this sketch is to secure that measures are set-down in fix that entireure strengthen the corporation assures its customers of virtue, pliancy in labor grant and agency.

    This sketch has been undersigned by the conductor of the municipal table, the prominent counsel safeguard dignitary and the prominent counsel dignitary as an conformance of the buttress of the tpotent of directors and senior skillful-treatment to the audit of employee and method obedience cunning and that the way has been confident with their buttress.

    Renovations Received by:

    Chairman, the tpotent of directors……………………………………………………Date……………………………………………..

    Prominent Counsel Safeguard Dignitary…………………………………………………..Date…………………………………………….

    Prominent Counsel Dignitary…………………………………………………………………Date……………………………………………

    Audit Sketch ce IT Safeguard Cunning Awareness and Obedience (employees)

    It entireure be requisite ce Red Remains restitutions to fashion stpotent that entire its employees know and recognize their roles, duties and best practices ce handling and launched with counsel methods. This resources they should be potent to substantiate and tidings them straightway time enclosing the avail of having a courteous-mannered-mannered-secured counsel environment (Symantec, 2016). The superintend entireure be aimed at ensuring obedience of twain employees and the method (Bond, 2016). A questionnaire entireure be reasond where employees entireure be assessed to bridle their attainments of the method and their ability to safely interact with the method. The audit entireure prosecute to prosecute encircling their positions, attainments of real safeguard method, attainments encircling computer safeguard, whether they handle there is adequate safeguard and what they would do in circumstance of an assault (Winnipeg, 2016).

    Received by:

    Chairman, the tpotent of directors……………………………………………………Date……………………………………………..

    Prominent Counsel Safeguard Dignitary…………………………………………………..Date…………………………………………….

    Prominent Counsel Dignitary…………………………………………………………………Date……………………………………………

    IT safeguard Cunning Audit (Documentation)

    It is material that the IT safeguard is audited. This entireure strengthen the strong to evaluate the documentation and availability of the policies as courteous-mannered-mannered-mannered as when they were updated lastly. The documentation should specify the proprietor the special who conducted the reconsideration as courteous-mannered-mannered-mannered as the undivided who received. The policies in considerations at Red Remains ce Auditing involve the Bring Your Device (BYOD), Counsel technology reason cunning and the digital technology instrument rereason sanitization and perdition cunning, municipal collective instrument exercitation cunning, guide of umbration Counsel Technology cunning and violation cunning. The mind is to evaluate the cunning update policies, the fellow-creatures compromised in updating and the authorizing parties.

    BYOD cunning

    Last Update: ____________________ Cunning proprietor: _____________________

     

    Reviewed by: _____________________ Authorizing dignitary:……………………………..

    Counsel Technology reason Cunning

    Last Update: ____________________ Cunning proprietor: _____________________

     

    Reviewed by: _____________________ Authorizing dignitary:……………………………..

    Digital instrument reuse, sanitization and perdition cunning

    Last Update: ____________________ Cunning proprietor: _____________________

     

    Reviewed by: _____________________ Authorizing dignitary:……………………………..

    Cunning on guide of umbration counsel technology

    Last Update: ____________________ Cunning proprietor: _____________________

     

    Reviewed by: _____________________ Authorizing dignitary:……………………………..

    Cunning on Domain spectry skillful-treatment Last Update: ____________________ Cunning proprietor: _____________________

     

    Reviewed by: _____________________ Authorizing dignitary:……………………………..

     

    Web impression cunning

    Last Update: ____________________ Cunning proprietor: _____________________

     

    Reviewed by: _____________________ Authorizing dignitary:……………………………..

     

     

    References

    Bond, T. (2016) . Retrieved from sans.edu Employee safeguard awareness superintend

    Symantec, (2016). Conducting a Safeguard Audit: An Introductory Overview | Symantec Connect Symantec.com

    Winnipeg, (2008). Retrieved 23 September Assessment of Counsel Safeguard Awareness