Description
Note: Chapter 5 of the required textbook may be helpful in the completion of the assignment.
The audit planning process directly affects the quality of the outcome. A proper plan ensures that resources are focused on the right areas and that potential problems are identified early. A successful audit first outlines the objectives of the audit, the procedures that will be followed, and the required resources.
Choose an organization you are familiar with and develop an eight to ten page IT infrastructure audit for compliance in which you:
- Define the following items for an organization you are familiar with:
- Scope
- Goals and objectives
- Frequency of the audit
- Duration of the audit
- Identify the critical requirements of the audit for your chosen organization and explain why you consider them to be critical requirements.
- Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization.
- Develop a plan for assessing IT security for your chosen organization by conducting the following:
- Risk management
- Threat analysis
- Vulnerability analysis
- Risk assessment analysis
- Explain how to obtain information, documentation, and resources for the audit.
- Analyze how each of the seven (7) domains aligns within your chosen organization.
- Align the appropriate goals and objectives from the audit plan to each domain and provide a rationale for your alignment.
- Develop a plan that:
- Examines the existence of relevant and appropriate security policies and procedures.
- Verifies the existence of controls supporting the policies.
- Verifies the effective implementation and ongoing monitoring of the controls.
- Identify the critical security control points that must be verified throughout the IT infrastructure, and develop a plan that includes adequate controls to meet high-level defined control objectives within this organization.
- Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
- Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance.
- Describe the components and basic requirements for creating an audit plan to support business and system considerations
- Develop IT compliance audit plans
- Use technology and information resources to research issues in security strategy and policy formation.
- Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.
Explanation & Answer
Attached.
Running head: PLANNING FOR AN AUDIT AT JIDO
Planning an IT Infrastructure Audit for Compliance: Joint Improvised-Threat Defeat
Organization
Student’s Name
Institutional Affiliation
1
PLANNING FOR AN AUDIT AT JIDO
2
Planning an IT Infrastructure Audit for Compliance: Joint Improvised-Threat Defeat
Organization
Introduction
An IT audit seeks to examine and review the strength and validity of information
processing systems and any relevant non-automated processes in an organization to establish
whether the appropriate measures and controls are in place for the enhancement of systems
security and compliance (Rhodes-Ousley, 2013). The Joint Improvised-Threat Defeat
Organization (JIDO) is an organization under the Department of Defense whose primary role is
to counter and neutralize improvised threats. The organization relies on the anticipatory
acquisition and tactical responsiveness to support the efforts of combatant commanders in such
missions as counter-IED, counter-insurgency, and counter-terrorism. The current plan outlines
the procedures that will be taken in conducting an IT infrastructure audit at JIDO, as well as the
laws and policies that will be followed in the process.
Scope
The scope of the IT audit will generally include the fundamental communication tools,
hardware, key systems, and all other IT resources that play a role in the delivery of tasks and
programs at JIDO. It will specifically explore management processes such as IT infrastructure
planning, availability, governance, and performance monitoring. It will include the review of the
standards, reviews, procedures, assessments, and policies related to the IT infrastructure; disaster
recovery plans; infrastructure-related human resources plans; IT investment plans; IT strategic
plans; IT infrastructure monitoring activities. Procedures used by the organization to meet the
professional standards and policies established by such bodies as ISACA will also be reviewed.
PLANNING FOR AN AUDIT AT JIDO
3
Evidence of compliance with directives and standards of such policies established by the
Department of Defense will also be explored.
Goals and Objectives
The primary objective of the audit was to establish whether the Joint Improvised-Threat
Defeat Organization complies with the relevant security regulations, policies, and requirements
in the furtherance of its infrastructural security. It was aimed at assessing the controls that the
management has put in place over the sustainability of the infrastructure within each of its
departments to ensure that the IT infrastructure conforms to all the fundamental requirements in
the pursuit of organizational efficiency. One of the most important goals of the audit will be to
gain an understanding of the JIDO management’s controls and policies, as well as the existing
information systems. Second, it will seek to have some sense of assurance regarding the presence
of the necessary IT controls in every department to ensure that security flaws are mitigated.
Specifically, the audit team will want to know whether the management believes in the influence
and capability of inner controls. It will also endeavor to establish whether the accessibility
system controls related to data security have the necessary confidentiality, integrity, and privacy.
Further, it will be important to know whether IT implementation and compliance can be
associated with the strategic objectives of JIDO.
The frequency of the Audit
Depending on the likelihood of threats and resource capability, audits at JIDO may vary
from time to time. Further, it will depend on the function or department being checked. For
example, the fundamental structures and areas will typically demand more consistent audit
checks than the noncritical ones. The compliance audit will normally take place twice a year
unless there is an issue that demands immediate attention. Nonetheless, there is a need for speedy
PLANNING FOR AN AUDIT AT JIDO
4
paced changes whenever an unforeseen event occurs to establish urgent audits in the system
before serious damage could occur. A peril assessment process would be befitting in such a
situation.
Duration of the Audit
The audit generally takes around three months. This time will include the on-site rime
period spent at the offices of JIDO as well as the interval spent off-site in such processes as file
and res...
Review
Review
