Planning an IT Infrastructure Audit for Compliance, programming homework help

Question Description

The audit planning process directly affects the quality of the outcome. A proper plan ensures that resources are focused on the right areas and that potential problems are identified early. A successful audit first outlines the objectives of the audit, the procedures that will be followed, and the required resources.

Choose an organization you are familiar with and develop an eight to ten (8-10) page IT infrastructure audit for compliance in which you:

  1. Define the following items for an organization you are familiar with:
    1. Scope
    2. Goals and objectives
    3. Frequency of the audit
    4. Duration of the audit
  2. Identify the critical requirements of the audit for your chosen organization and explain why you consider them to be critical requirements.
  3. Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization.
  4. Develop a plan for assessing IT security for your chosen organization by conducting the following:
    1. Risk management
    2. Threat analysis
    3. Vulnerability analysis
    4. Risk assessment analysis
  5. Explain how to obtain information, documentation, and resources for the audit.
  6. Analyze how each of the seven (7) domains aligns within your chosen organization.
  7. Align the appropriate goals and objectives from the audit plan to each domain and provide a rationale for your alignment.
  8. Develop a plan that:
    1. Examines the existence of relevant and appropriate security policies and procedures.
    2. Verifies the existence of controls supporting the policies.
    3. Verifies the effective implementation and ongoing monitoring of the controls.
  9. Identify the critical security control points that must be verified throughout the IT infrastructure, and develop a plan that includes adequate controls to meet high-level defined control objectives within this organization.
  10. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

  • Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance.
  • Describe the components and basic requirements for creating an audit plan to support business and system considerations
  • Develop IT compliance audit plans
  • Use technology and information resources to research issues in security strategy and policy formation.
  • Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.

Final Answer


Planning an IT Infrastructure Audit

The scope is a term in project management referring to combined requirements and
objectives required to complete a project. By defining scope of Coca-Cola company, allows the
manager to estimate cost and time required to accomplish a specific task

Goals and objectives is an important part of the planning process that describes what coca
cola company intends to achieve throughout the year and are outlined in the business plan. They
may pertain to departments, company as whole, customers, employees and marketing efforts and
the company uses certain measurements in keeping track them

The frequency of the audit is the number of times in which automated method are used to
do risk and control assessment at a high frequency, in which technology plays the major role in
automating activities of a continuous audit. Which help in identifying anomalies or exceptions,
review trends, analyze digits in line with numeric fields and test control, among other

Duration of the audit is the time frame within which objective evaluation and
examination are done on financial statements of coca cola company to ensure that records are the
accurate and fair representation of transactions they represent. It can be conducted internally by
employees of coca cola company or by an external firm. Internal revenue service may be used to
perform audits in order to check on accuracy taxpayers returns among her transactions
The audit must play it’s legitimate role in order to be successful, the success of the audit
will call for training and selection of auditors, audit guidance by the management and the ability
to involve people towards achieving opportunities of improvement that have been identified by
the audit. For effectiveness ,the audit procedure must be managed properly as its part of the


overall continuous improvement in the company and is a vehicle of recognizing excellence in the
company .Poorly conducted audits make a company suffer from over-control and also instill the
fear in an organization and can misdirect management with information that is not accurate
.Audits that are well managed provide the process that foster communication, learning and vital
improvements that are vital to the ultimate success of an organization.

A number of privacy laws provide for directives, regulations, federal protection laws,
instruction letters ,policies, and references. The privacy laws include and not limited to; the
privacy act of 1974, computer abuse and fraud act of the year 1986, justice guidance department
on privacy act, record management, an act of E-governance, paperwork reduction and privacy
protection and computer matching act of the year 1988.The office of management and
budget(OMB) provide guidance on implementation of information security and privacy act. It
set the privacy act procedures and requirements which give guidance to federal agencies on
how to comply with security requirements and fair information which is required in maintaining
automated information systems


All offices confront a specific level of danger connected with different dangers. These
dangers might be the consequence of regular occasions, mischances, or purposeful acts to bring
about mischief. Despite the way of the danger, office proprietors have an obligation to confine or
oversee dangers from these dangers to the degree conceivable. The national government has
executed The Risk Management Process for Federal Facilities: An Interagency Security
Committee Standard which states. The danger is a component of the estimations of risk, result,
and powerlessness. The goal of danger administration is to make a level of insurance that
mitigates vulnerabilities to dangers and the potential outcomes, along these lines decreasing
danger to a satisfactory level. An assortment of scientific models is accessible to figure hazard
and to show the effect of expanding defensive measures on the danger condition.

The initial phase of a danger administration project is a risk appraisal. A danger appraisal
considers the full range of dangers that is normal, criminal, terrorist and coincidental for a given
office. The ISC standard just addresses man-made dangers, yet singular organizations are
allowed to develop the dangers they consider. The appraisal ought to look at supporting data to
assess the relative probability of the event for every danger. For characteristic dangers,
chronicled information concerning recurrence of an event for given regular catastrophes, for
example, tornadoes, storms, surges, flame, or...

jim85 (140)
Rice University

The tutor managed to follow the requirements for my assignment and helped me understand the concepts on it.

The tutor was knowledgeable, will be using the service again.

Awesome quality of the tutor. They were helpful and accommodating given my needs.

Similar Questions
Related Tags

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors