CIS 558 Week 10 Term Paper Managing an IT Infrastructure Audit

 

Term Paper: Planning an IT Infrastructure Audit for Compliance

Due Week 10 and worth 200 points

The audit planning process directly affects the quality of the outcome. A proper plan ensures that resources are focused on the right areas and that potential problems are identified early. A successful audit first outlines what’s supposed to be achieved as well as what procedures will be followed and the required resources to carry out the procedures. Considering your current or previous organization or an organization you are familiar with, develop an IT infrastructure audit for compliance. Chapter 5 of the required textbook may be helpful in the completion of the term paper.

 

Write a ten to fifteen (10-15) page paper in which you:

  1. Define the following items for an organization in which you are familiar with:
    1. Scope
    2. Goals and objectives
    3. Frequency of the audit
  2. Identify the critical requirements of the audit for your chosen organization and explain why you consider them to be critical requirements.
  3. Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization.
  4. Develop a plan for assessing IT security for your chosen organization by conducting the following:
    1. Risk management
    2. Threat analysis
    3. Vulnerability analysis
    4. Risk assessment analysis
  5. Explain how to obtain information, documentation, and resources for the audit.
  6. Analyze how each of the seven (7) domains aligns within your chosen organization.
  7. Develop a plan that:
    1. Examines the existence of relevant and appropriate security policies and procedures.
    2. Verifies the existence of controls supporting the policies.
    3. Verifies the effective implementation and ongoing monitoring of the controls.
  8. Identify all critical security control points that must be verified throughout the IT infrastructure, and develop a plan that include adequate controls to meet high-level defined control objectives within this organization.
  9. Use at least three (3) quality resources in this assignment. Note:Wikipedia and similar Websites do not qualify as quality resources.