ComputerScienceExpert
$18/per page/
Hello
See attachment (Week 8). Every other information below are the other attachment will help you answer the project 4 which I submitted earlier. Thank you.
1.Â
Conducting a security audit: An introductory overview (Hayes, 2003)
Â
Hayes, B. (2003, May 26). Conducting a security audit: An introductory overview. Retrieved from http://www.symantec.com/connect/articles/conducting-security-audit-introductory-overviewÂ
This resource provides a brief and informal overview of a technology-focused IT audit. The Hayes (2003) noted: "Computer security auditors perform their work though personal interviews, vulnerability scans, examination of operating system settings, analyses of network shares, and historical data. They are concerned primarily with how security policies - the foundation of any effective organizational security strategy - are actually used" (p. 1).
2.Â
Assessment of IT Security Awareness (City of Winnipeg, 2008)Â
Â
City of Winnipeg. (2008). Assessment of IT security awareness. Retrieved from http://www.winnipeg.ca/audit/pdfs/reports/ITSecurityAwareness.pdf
This report explains how the auditors assessed the degree to which the city's employees were aware of the city's IT security policies, how well those policies were understood, and what opportunities existed for improvement in both the policies and the employees' awareness of them.
Â
3.
How to get action on audit recommendations (GAO, 1991) Link Topic
Â
Government Accounting Office. (1991). How to get action on audit recommendations (GAO/OP-9.2.1). Retrieved from http://www.gao.gov/special.pubs/p0921.pdf
Read chapters 1 & 2 for an overview of auditing. The remainder of this document presents recommendations and strategies for getting organizations to take audit results seriously and to how to write audit findings in ways that encourage organizations to take corrective action.
4.
Internal Audit Plan Sample (Department of Housing & Urban Development)
(the link is attached)
This sample provides a template which can be used for your IT Audit Plans which are due this week. Remember that you are not auditing IT systems (change the wording to reflect the fact that you are auditing policies and compliance with policies).
5.
Information Security Audit (State of West Virginia)
http://www.technology.wv.gov/SiteCollectionDocuments/Policies%20Issued%20by%20the%20CTO/July2015/AuditPolicy_July2015.pdfÂ
 ATTACHMENT PREVIEW Download attachment
for number 4.doc
INTERNAL
AUDIT
PLAN
Project or System Name
U.S. Department of Housing and Urban Development
Month, Year Revision Sheet Revision Sheet
Release No.
Rev. 0
Rev. 1 Date
5/30/00
4/10/02 Internal Audit Plan Revision Description
Internal Audit Plan Template and Checklist
Conversion to WORD 2000 format Page i Internal Audit Plan
Authorization Memorandum I have carefully assessed the Internal Audit Plan for the (System Name). This document has been
completed in accordance with the requirements of the HUD System Development Methodology.
MANAGEMENT CERTIFICATION - Please check the appropriate statement.
______ The document is accepted.
______ The document is accepted pending the changes noted.
______ The document is not accepted.
We fully accept the changes as needed improvements and authorize initiation of work to proceed. Based on
our authority and judgment, the continued operation of this system is authorized.
_______________________________
NAME
Project Leader _____________________
DATE _______________________________
NAME
Operations Division Director _____________________
DATE _______________________________
NAME
Program Area/Sponsor Representative _____________________
DATE _______________________________
NAME
Program Area/Sponsor Director _____________________
DATE Internal Audit Plan Page ii Notification Letter Guidelines NOTE TO AUTHOR: Highlighted, italicized text throughout this template is provided solely as
background information to assist you in creating this document. Please delete all such text, as well as
the instructions in each section, prior to submitting this document. ONLY YOUR PROJECTSPECIFIC INFORMATION SHOULD APPEAR IN THE FINAL VERSION OF THIS
DOCUMENT.
The Internal Audit Plan, developed by the Inspector General’s (IG) staff, verifies involvement, which may
range from review of completed work to active audit participation in system activities. The project
manager must formally notify the IG of the existence of the project at the Define stage of the system
development lifecycle, and again at the Build and Evaluate stages to update the list of deliverables.
The project leader fills in the following notification letter template and forwards to the IG.
Introduction
(Project Name) (PCAS Number) (System ID) has transitioned from the Initiate to the Define phase of the
system development lifecycle.
System Overview
Provide a brief system overview description.
Points of Contact
Provide a list of the points of organizational contact.
Schedule Dates
Provide the start date of the Define phase. In subsequent updates, provide the start dates of the Build and
Evaluate phases.
Deliverable List
For each phase (Define, Design, Build, and Evaluate), provide a list of deliverables to be completed. Internal Audit Plan Page iii INTERNAL AUDIT PLAN
TABLE OF CONTENTS
Page #
1.0 GENERAL INFORMATION...............................................................................................................
1.1
1.2
1.3
1.4
1.5
1.6 Purpose.......................................................................................................................................
Scope..........................................................................................................................................
System Overview........................................................................................................................
Project References......................................................................................................................
Acronyms and Abbreviations......................................................................................................
Points of Contact........................................................................................................................
1.6.1
1.6.2 2.0 AUDIT PROCESS...............................................................................................................................
2.1
2.2
2.3
2.4
2.5 3.0 Information...................................................................................................................................
Coordination................................................................................................................................. Type of Internal Audit.................................................................................................................
Internal Audit Subject.................................................................................................................
Roles and Responsibilities..........................................................................................................
Method of Internal Audit.............................................................................................................
Schedule..................................................................................................................................... EVALUATION.....................................................................................................................................
3.1
3.2 Strategy......................................................................................................................................
Metrics....................................................................................................................................... Internal Audit Plan General Information 1.0 Internal Audit Plan GENERAL INFORMATION 1.0 General Information This section is an Internal Audit Plan template to be completed by the Inspector General’s office. The
Project Manager is not responsible for completing this template. 1.0 GENERAL INFORMATION 1.1 Purpose Describe the purpose of the Internal Audit Plan. 1.2 Scope Describe the scope of the Internal Audit Plan as it relates to the project. 1.3 System Overview Provide a brief system overview description as a point of reference for the remainder of the document. In
addition, include the following: Responsible organization System name or title System code System category Major application: performs clearly defined functions for which there is a readily
identifiable security consideration and need General support system: provides general ADP or network support for a variety of users
and applications Operational status Operational Under development Undergoing a major modification System environment and special conditions Internal Audit Plan Page 1 1.0 General Information 1.4 Project References Provide a list of the references that were used in preparation of this document. Examples of references
are: Previously developed documents relating to the project Documentation concerning related projects HUD standard procedures documents 1.5 Acronyms and Abbreviations Provide a list of the acronyms and abbreviations used in this document and the meaning of each. 1.6 Points of Contact 1.6.1 Information
Provide a list of the points of organizational contact (POCs) that may be needed by the document user for
informational and troubleshooting purposes. Include type of contact, contact name, department, telephone
number, and e-mail address (if applicable). Points of contact may include, but are not limited to, helpdesk
POC, development/maintenance POC, and operations POC. 1.6.2 Coordination
Provide a list of organizations that require coordination between the project and its specific support
function (e.g., installation coordination, security, etc.). Include a schedule for coordination activities. Internal Audit Plan Page 2 2.0 Audit Process 2.0 Internal Audit Plan AUDIT PROCESS 2.0 Audit Process 2.0 AUDIT PROCESS 2.1 Type of Internal Audit Identify the type of Internal Audit being completed. (e.g., financial, performance, operational) 2.2 Internal Audit Subject Identify the subject area and/or organization to be audited. 2.3 Roles and Responsibilities Identify roles and responsibilities for each organization and management area within each organization that
will influence the Internal Audit of the project. 2.4 Method of Internal Audit Explain the Internal Audit Process. Include descriptions and sources of forms and checklists that will be
used for the Internal Audit. 2.5 Schedule Identify and describe all activities and events associated with the Internal Audit. List all deliverables. Internal Audit Plan Page 1 3.0 Evaluation 3.0 Internal Audit Plan EVALUATION 3.0 Evaluation 3.0 EVALUATION 3.1 Strategy Describe the strategy used, which will result in a successful audit. 3.2 Metrics Describe how Internal Audits will be measured, and the results analyzed. Internal Audit Plan Page 3-1
Week 8 Choose one of your two audit plans employee awareness of IT security policies
assessment of the IT policy system
Prepare a one page briefing statement for the IT Governance board which explains the purpose of the
audit and provides the following details: who will conduct the audit (and why)
what will be covered by the audit (and why)
when will the audit be conducted (does that date/time have significance to the organization (i.e.,
fiscal year end?))
where will the audit be conducted (locations) (and why)
how will be audit be conducted (what audit process?)
Provide in-text citations and references for 3 or more authoritative sources. Put the reference list at the
end of your posting.
Make sure you also use the discussion rubric when creating this response to ensure you have all the
required elements.