Audit policy

docx

School

University of Phoenix *

*We aren’t endorsed by this school

Course

20

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

6

Uploaded by BarristerMoose2237

Report
Running head: IT POLICY AND AUDIT 1 I.T Audit Policy and Plans Patrice Leke University of MaryLand
IT POLICY AND AUDIT 2 IT Audit Policy and Plans Executive Summary Being an internationally recognized company, Red clay Renovations has to ensure that availability, confidentiality and integrity of data and information are observed. The company had recently received some briefings from CIO on IT security program matters and how this contributes significantly to the company’s risk management. It is during these briefings that CIO presented the audit findings from IT security audit. The audit of policy compliance and also the degree in which employees are aware of the policies and also their level of compliance. The following information was expected from CIO before the next meeting The audit plan which could help to assess the level of compliance from employees with IT security plans The audit plan for assessing IT security policy system Issue specific policy requiring an annual compliance audit for IT security policies as it has been documented in the policy system of the company Audit Plan for assessing employee awareness of and compliance with IT security policies Audit Plan for assessing the IT security policy system Issue specific policy requiring an annual compliance audit Red Clay Renovations has policies that deal with particular technological areas, call for regular updates, and include a policy document on subjects that the group supports. The following are among some of the concerns the policy addresses:
IT POLICY AND AUDIT 3 Appropriate use -This policy provides a way in which users or employees are allowed o use their devices with the previous management allowing them to use the local area network. One important thing that is outlined is that employees should use their devices with approval from the IT department Systems management- The policy states that it is the network administrator's obligation to make sure that there are access points that are properly set to guarantee that the network's security is not compromised. The authentication and encryption procedures will be set by network administrators. Violations of policy - In the unlikely event that there is improper use of the network or any other hardware or software utilized by the business, Red Clay Renovations reserves the right to take whatever actions are considered necessary in that particular circumstance. The policy solution aids in scanning the usage criteria provided in the policy to see whether any violations have occurred inside the company. The main goal of the audit is to verify that all security rules are being followed in order to protect the availability, confidentiality, and integrity of data and information. The policy is genuinely applicable to all Red Clay Renovations personnel, from the highest level to the lowest one, in terms of who is covered by it. Failure to adhere to the rules of the policy will result in disciplinary action involving different administrative personnel. All the rules are written down and delivered to each employee's email address to guarantee that everyone abides by the policy. Others are strategically positioned throughout the business so all employees may see them. Effective training and instruction on the policy are also available. The business also carries out some auditing and monitoring to make sure there is compliance. Additionally, there is enforcement through widely known disciplinary procedures. Any employee
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
IT POLICY AND AUDIT 4 who would need clarification, he or she contact this address: Eric_Carpenter@hq.redclayrenovations.com Audit Plan for IT Security Policy Awareness & Compliance (Employee Survey) When determining whether or not employees understand what the policies require of them, it is crucial to consider their knowledge of and responsibility for their actions (Knapp, Morris Jr, Marshall & Byrd, 2009). This aids the business in assessing the level of knowledge and training received on the policy. The interview questions listed below will be crucial in helping the organization make decisions regarding information and data security, therefore reducing the likelihood that the integrity, confidentiality, and accessibility of data and information would be compromised. Interview questions on employee awareness If approved to use your personal computing devices, are you aware of security measures you should take? (A)Yes (B) No Do you adhere to the organization’s physical security practices? (A)Yes (B) No Do you use virus protection software to protect your computing devices? (A)Yes (B) No Are you aware that utilizing third-party storage to publish and text sensitive information on social media platforms may be against the law or policy? (A)Yes (B) No Do you secure your mobile computing devices?
IT POLICY AND AUDIT 5 (A)Yes (B) No Interview questions on employee responsibility and understanding of the policy Do you now what you are supposed to do in case you suspect a cyber-attack? (A)Yes (B) No Do you know what to do to secure your personal devices? (A)Yes (B) No Do you know what you are responsible for in handling organization’s data and information? (A)Yes (B) No Do you know how you should handle company’s software and hardware materials? (A)Yes (B) No Do you know the role of IT department in countering cyber-attacks? (A)Yes (B) No Audit Plan for I.T Security Policies Audit (Documentation Review) The policies have been in place for a while now, ever since the first policy paper was created and sent to the staff of the business. Below are the years and dates that the document was updated: The first revision was done on 10 th May 2012 The second revision was done on second June 2015 The third revision was done on third July 2018 The documentation is anticipated to be updated within the month to address any issues that have emerged after the last update. The Chief Information Officer of the company is the owner of the policy and also member of the IT department.
IT POLICY AND AUDIT 6 References Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2017). Organizational information security policies: a review and research framework. European Journal of Information Systems , 26 (6), 605-641. Knapp, K. J., Morris Jr, R. F., Marshall, T. E., & Byrd, T. A. (2009). Information security policy: An organizational-level process model. computers & security , 28 (7), 493-508.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

WGU C838 (74).pdf
RAHMAN-Forensics.edited.docx
answers.docx
Unit 11 forum A grade 17.docx
IMG_1529.jpeg
Saved.docx
The content objective related to this assessment was followed.1.edited.docx
Análisis y valuación de puestos Puntos extra 1 autocalificable_ Revisión del intento.pdf
Capture 2.PNG
Zero Trust Security Architecture.docx
QFD HOQ.png
Analytics.edited.docx