Developing an IT Audit Process
In this Group Project, you will take the perspective of a recently hired security manager who finds that the company has a financial auditing process but does not routinely audit the physical and computer security of its business units and subsidiaries. The security manager must work with the appropriate IT teams to develop an IT audit process.
Answer the following question with 2-3 paragraphs
1. Describe the types of tools and reports unit security administrators could use along with the security audit checklist you developed below.
(Checklist that was developed)
1.Communication and operations management,
To protect the sincerity of the software and information by identifying and detecting unauthorized codes, computer viruses, network worms, and Trojan horses.
To establish a backup system policy and procedure, as well as a restoration policy.
To protect the exchange of information, software, and physical media with the company, and third party companies.
2. Access control security,
To verify that only authorized users have access to protected information, and that unauthorized users do not have access to the information systems, and applications.
To ensure that users are only accessing information using the proper identification codes.
3. System development and maintenance,
To make sure applications process information correctly by preventing error, loss of information, misuse of information, and unauthorized modifications.
To protect and control your organization’s system files, and program codes by making sure protected information is secure.
To identify the security requirements that your information
systems, operating systems, business applications, user developed applications, must meet before you implementation
4.Business continuity
To establish a business continuity plan to minimize the impact of system failures, ensure systems are reestablished quickly, and recover lost information.
Analyze the impact of system failures, natural and mechanical disaster have on the business