Information Security Audit Assignment -

OBJECTIVES - This assignment is designed to assess students' ability to:

• Produce a concise detailed report about the importance of information security audit policy and its components
• To have excellent understanding relating to information security audit policy and its components
• To develop skills in manipulating and performing an information security audit
• To be able to define components of information security audit policy according to corporate requirements
• To be able to manage metrics, statistics, and facts about security audit policy effectively.
• Use of CU Harvard referencing system to cite and reference academic resources.

OUTCOME - Student must have understanding of the following points

• Develop Information Security audit baseline(s).
• Perform an audit to identify events and corrective actions.
• Produce an audit-letter (report) to the organization's senior management.

Tasks:

These days, most of organizations are considering information security audit as a high priority due to the above said reasons. Hence, An information security audit is an audit on the level of information security in an organization. The organization's IT environment has to be controlled to meet the business requirements. For that purpose, an effective risk-based Information Security audit program with generally accepted audit standards and guidelines should be developed. Critically analyze and provide your findings on the following four aspects of information security audit.

Task 1: Assignment work proposal submission

Task 2: The auditor should have a sufficient knowledge about the company and its critical business activities before starting an audit review. Critically analyze the part of an Information Security auditor towards audit planning and preparation.

Task 3: The auditor should consider various criteria the auditing approach. Analyze one of information security auditing frameworks or approaches that an auditor should establish over starting the auditing process.

Task 4: The technical auditing is consider main phase of IS auditing. Therefore, as IS auditor evaluate the different types of controls and their use in Information Security audit.

Task 5: As an Information Security Auditor, conduct an audit on network security tools of any organization (of your choice) and provide a comprehensive report to its senior management. The auditing report should include the auditor's (in this case your) inquiries and procedures followed during audit in detail.

GUIDELINES - Follow the guidelines mentioned below for your assignment.

-Assignment should be submitted through Moodle (Turnitin).

-Handwritten assignments will not be accepted

-Assignment should have a Title Page. Title Page should contain the following information.

• College logo
• Module Name & code
• Semester details
• Student name
• Student ID

-It should have Table of Contents

-Use page numbers

-Assignment should be typed in your own words using Times New Roman font size 12.

-Heading should be with Font Size 14, Bold, Underline.

-Use Diagrams and Examples to explain your topic.

-Copy paste from the Internet is strictly not acceptable.

-In-text citation and referencing using Harvard Coventry style.