Rewrite the attached Doc. in your words

Phase 3.docx 

 

Absolute no plagiarism 

 

I need it in 6 hours

Phase 3. Execution

3.1 Process orientation.  Assessors focus on how processes function and analyze systems, data flow, security, operating procedures, and metrics. This review is likely to uncover controls also and may be combined with the next step simultaneously.  However, the next step focuses on controls and risks.

3.2 Control orientation.  Assessors focus on controls during control orientation, whether they are procedural, regulatory, or technical.  They will use the review areas determined in Phase 2 and guide their efforts towards risk-based issues.  Auditors will try and identify weaknesses and problems with existing controls.  They will also review logs, checklists, and records as necessary.

3.2.1  Auditors will focus on the following areas which present increased risk:

- Software patching and updating

- Wireless network security

- Antivirus/malware protection

- Log in security, both at workstation and remote. Password reset processes

- Physical asset security

- File security, permissions, and access rules

- Non-company (vendor) site access

- Security training, initial and refresher

- While these focus areas are high priority, other areas will be reviewed as discoveries are made during the audit.  Random sampling will also be conducted on areas deemed low risk, primarily to ensure they remain low risk.

3.3 Issue Discovery & Validation.  Potential issues will be listed and described.  Auditors will seek to validate issues and determine issue severity in conjunction with DWC.  This phase may involve testing, detailed analysis, interviews, or simple sampling of tested materials.  Once the issue is validated, the audit team will seek to determine risks and risk residuals.

3.4 Solution Development.  The audit team and DWC personnel will develop potential resolutions to the discovered issues.  Potential solutions will be narrowed to a course of action for each actionable finding in the monitor/control phase since this is an overarching effort.  Solutions will focus on the risks, especially the net effect of each solution and potential residual risk.  Each identified action and its corresponding resolution will generate an action plan.

3.5 Report Drafting.  The audit team generates the first draft report.  The solutions are drafted into the report also and the team will seek management coordination before moving on to the last phase.