Term Paper: Managing an IT Infrastructure Audit
Due Week 10 and worth 200
This assignment consists of four (4) sections: an internal IT
audit policy, a management plan, a project plan, and a disaster recovery plan.
You must submit all four (4) sections as separate files for the completion of
this assignment. Label each file name according to the section of the assignment
it is written for. Additionally, you may create and /or assume all necessary
assumptions needed for the completion of this assignment.
As a manager,
you will be directly responsible for the planning and oversight of IT audits.
The planning and management aspects of IT audit are critical to the overall
success of the audit, and as a result, the overall success of the systems
implemented within the organization. Imagine you are an Information Security
Manager in a medium-sized organization where you must develop a policy for
conducting IT audits and develop a project plan for conducting two week IT
In addition to the typical networking and Internetworking
infrastructure of a medium-sized organization, the organization has the
- They have a main office and 20 branches in the U.S.
- They utilize a cloud computing environment for storage and
- Their IT infrastructure includes Cisco workgroup and core switches, Cisco
routers, Cisco firewalls and intrusion prevention systems, and servers running
Microsoft Windows Server 2008 R2.
- They have over 1000 desktops and approximately 500 organization-owned
- They allow employees to bring their own devices into the organization;
however, they are subject to being searched upon entry and exit from the
- They enable remote access to corporate information assets for employees and
limited access to extranet resources for contractors and other business
- They enable wireless access at the main office and the branches.
Section 1: Internal IT Audit Policy
Write a three to four (3-4) page
paper in which you:
1.Develop an Internal IT Audit Policy, which
includes at a minimum:
c. Goals and objectives
with applicable laws and regulations
e. Management oversight and
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this assignment. Note:
Wikipedia and similar Websites do not qualify as quality
Section 2: Management Plan
Write a four
to six (4-6) page paper in which you:
2. Explain the management plan for
conducting IT audits, including:
a. Risk management
System Software and Applications
c. Wireless Networking
f. Cybersecurity and
g. BCP and DRP
h. Network Security
i. Use at
least three (3) quality resources in this assignment. Note: Wikipedia and
similar Websites do not qualify as quality
Section 3: Project Plan
Project or an Open Source alternative, such as Open Project to:
Develop a project plan which includes the applicable tasks for each of the major
areas listed below for each element of the IT audit mentioned above; plan for
the audit to be a two-week audit.
a. Risk management
System software and applications
c. Wireless networking
f. Cybersecurity and privacy
g. Network security
Section 4: Disaster Recovery Plan
five to seven (5-7) page paper in which you:
4. Develop a disaster
recovery plan (DRP) for recovering from a major incident or disaster affecting
a. The organization must have no data loss.
b. The organization must have immediate access to organizational data in the
event of a disaster.
c. The organization must have critical systems
operational within 48 hours.
d. Include within the DRP the audit
activities needed to ensure that the organization has an effective DRP and will
be able to meet
the requirements stated above.
e. Use at least three (3)
quality resources in this assignment. Note: Wikipedia and similar Websites do
not qualify as quality
Your assignment must follow these formatting
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch
margins on all sides; citations and references must follow APA or
school-specific format. Check with your professor for any additional
- Include a cover page containing the title of the assignment, the student’s
name, the professor’s name, the course title, and the date. The cover page and
the reference page are not included in the required assignment page
The specific course learning outcomes associated with this
- Describe the Sarbanes Oxley (SOX) act and Committee of Sponsoring
Organizations (COSO) framework.
- Describe the process of performing effective information technology audits
and general controls.
- Describe the various general controls and audit approaches for software and
architecture to include operating systems, telecommunication networks, cloud
computing, service-oriented architecture and virtualization.
- Explain the role of cybersecurity privacy controls in the review of system
- Discuss and develop strategies that detect and prevent fraudulent business
- Describe and create an information technology disaster recovery plan.
- Develop an audit plan and control framework that addresses and solves a
proposed business problem.
- Use technology and information resources to research issues in information
technology audit and control.
- Write clearly and concisely about topics related to information technology
audit and control using proper writing mechanics and technical style