power point presentation

User Generated

cenounxne

Computer Science

Description

I need the power point presentation for the below document

  • present an 8 to 10 ppt slide presentation
  • Introduction of the issue
  • Analysis of the tools used
  • What the group would have done differently
  • Presentation of final solution

Unformatted Attachment Preview

Running head: IT Security Audit Compliance and The need for compliance Mid Term IT Security Audit Compliance and The need for compliance Name: Rahul Reddy Jala University Of Potomac Date:05/22/2018 1 IT Security Audit Compliance and The need for compliance IT Security Audit Compliance and The need for compliance Looking at module one, the need for compliance, we see that in an IT based company, compliance is a need for various security reasons. A best case scenario is when a company has all the measures in place that protects data, both sensitive and non-sensitive. The worst case scenario for it is when it faces outside attack like an SQL-injection and its data is stolen or corrupted by a malicious party. In that case, a lot of damage will be done which will force the company into a very bad situation. The data can be used for malicious reasons like blackmail and security access. The company will also lose clients and face multiple law suits as it is their job to protect their client’s data. This will ultimately lead to their shut down as the damage will be done. The need for compliance is thus important. It puts the company in check and makes them implement all the required measures. Security auditing is one measure that if companies comply with, the need for compliance will be fulfilled and all the possible damage avoided. It is sad that organizations still fail to comply. Currently, the number stands at 80%. There are questions that if asked and a company can answered properly, then they will be able to pass he audit. First, does it have a security policy that is documented? For IT infrastructure to be maintained properly, documentation needs to be in place. Second, Does the company grant access privileges adequately? Privileged accounts are one target when it comes to security. Permissions on them should be according to security policies. The third question is, data is protected through what methods? Compliance standards focus on sensitive data protection. That kind of data should be protected and thus a company needs to provide evidence and show ways that it protects the data. The fourth question is, does the company have a recovery plan for disaster? Disasters happen out of the blue and they can cause serious damage unless the company has a recovery policy. For 2 IT Security Audit Compliance and The need for compliance example, a security bridge, the fifth question is, with the security policies and procedures in place are the employees familiar with them? This is particularly important as the employees could violate the procedures and measures. If a company can answer all the questions properly, then they will be in the clear and pass the audit on compliance. If they fail to, then there is a need for a restructuring and they should start putting up measures that are according to compliance policies. One major organization that complies with IT Security Audit Compliance is Google. Google is a major IT company that has put its audits and certificates out in the public. According to the report, it believes that the user is a priority and thus ensures their security. Some certificates include the International Standards Organization (ISO) 27001 Certificate, and SSAE 16/ISAE 3402 and SOC 2 Type II Audit. The first certificate covers aspects such as systems, technology, people, applications, data centers and processes. It certified areas such as cryptography, logical security, information security policies among others. The second certificate is on principles that have been defined by AICPA, American Institute of Certified Public Accountants. A service Control is one that oversees that. It aligns with NIST, National Institute of Standards and Technology. A few principles that are covered in the report include security. This ensures that the systems are protected against accesses that are unauthorized. The other principles are confidentiality, Integrity processing and availability. Confidentiality looks at data security, only those meant to see it will see it, especially in cloud technology. Processing integrity ensures that the systems work the way they are supposed to. Availability takes care of service outages; the systems should always be online if possible. Google compliance with the IT security compliance opens up their measures to the public. They have what needs to be protected in mind and act accordingly, no aspect is left 3 IT Security Audit Compliance and The need for compliance unprotected. Through them, we see the need for compliance. They will not wake up one day to find user data in the wrong hands as they are protected. Unless a hacker manages to bypass their systems and security, which have also been protected, they manage to be among the best IT companies of our times because everything matters to them and because the user is important and should be protected. They understand compliance and live by it. There are reasons why the audits need to be carried. Thus justifying the need for compliance. For google, on data centers, physical security controls that are in place do provide assurance that the data centers are protected. Their incident management controls assures that in case of an incidence, the company and its assets are protected. Logical security controls assures that access to systems is authorized to only the right individuals. A change management control assures that configuration and application changes are properly tracked, approved, tested and validated. An organization and administration control assures that management provides the needed infrastructure and mechanisms for the various processes in the company. System availability controls assures that alternative redundant sites are in place. For all of their services, Google complies with the IT security compliance audit and has certificates to show. These services include Google drive, Google hangouts, Gmail, Google calendar, Google docs, Google sheets, Google slides, Google talks among others. They are all included in the report. In conclusion, there is a need for compliance for every IT based organization and company. Compliance may see taxing but at the end of the day, it is actually for the good of the company and protection of the users. IT Security Audit Compliance ensures that all the security details are being observed by a company and that it does not take shortcuts at the expense of the users 4 IT Security Audit Compliance and The need for compliance who use their services and products. With the observance of that, there will be minimal IT related disasters. It is for the good and thus should be observed. 5 IT Security Audit Compliance and The need for compliance References 1. Google. Certification summary. Retrieved from: https://services.google.com/fh/files/blogs/btd-sec-op-2014-grey.pdf on 22nd May, 2018. 2. Stallings, W., Brown, L., Bauer, M. D., & Bhattacharjee, A. K. (2012). Computer security: principles and practice (pp. 978-0). Pearson Education. 3. Moeller, R. R. (2010). IT audit, control, and security (Vol. 13). John Wiley & Sons. 6
Purchase answer to see full attachment
Tags: a n
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hello,Attached find is the...


Anonymous
Awesome! Made my life easier.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags