Description
A: In 1–2 pages,
You have recently been promoted to Chief Information Security Officer of a large healthcare organization with 10 hospitals under management. Your fist task is to design an information security audit to determine the state of cyber security of your organization as you enter into your new role. You know that the implementation of a robust and effective information security program is only the start of providing for the confidentiality, integrity and availability of information assets. Those tasked with the responsibility for information security will also implement a routine audit of their information security controls. The National Institute of Standards and Technology (NIST) publishes the cyber security framework for improving critical infrastructure cyber security. Review this framework and prepare a sample audit to be reviewed by your organizations Chief Information Officer for approval. Your sample audit should include the 5 primary areas of your information security program that you would audit, the details of what you would audit for and a 1 paragraph summary per section that describe your goals for that section of the audit.
Click here to review the NIST Cyber Security Framework.
Please reference your work
B: In 4–6 paragraphs,
As you prepare for the final presentation to the LSS management of your information systems audit, you want to ensure that they will accept the audit results and properly address the findings.
A sound project management practice for any project (and an audit can be considered a project) is to conduct a postmortem of the audit.
Take this opportunity to do the following:
- Describe the audit process you have just competed for LSS.
- Outline the relationship between an information governance program and the culture of compliance in an organization.
- Discuss what
went well and what did not.
- Talk about what changes you would implement in the future to ensure the success of an audit.
- Please reference your work
- Please reference your work
Explanation & Answer
Hi, kindly find attached
Running Head: MANAGING INFORMATION SECURITY AUDITS
Managing Information Security Audits
Student Name
Institution
Date
1
MANAGING INFORMATION SECURITY AUDITS
2
Managing Information Security Audits
Section A
Cyber security is an important critical element of any system. With the increase of cyberattacks, there is a need to evaluate the security of the system to determine if it is strong enough to
protect itself from outside attack. Healthcare organizations hold sensitive data which needs to
remain within the organization at all times. This audit was prompted by a leak that happened in
another healthcare organization and caused irreparable damage to it. The executives want to gauge
the strength the information system it is currently using across its ten hospitals. There are five
main areas in a security audit. These are identity, protect, detect, respond, and recover
("Cybersecurity Framework," 2018). In my audit, I will primarily focus on these five areas.
In identity, I will identify the vulnerabilities of the system. Vulnerabilities are entities that
provide a passageway for an attacker to access the system (Furnell, Papadaki, Magklaras, &
Alayed, 2001). Knowing the vulnerabilities will help the organization know which angles the
attacker might attack from and look for ways of ensuring that they get taken care of to prevent any
attack. The organization has a total of ten hospitals which are inter-linked. A patient may come in
with the condition that proves hard for the attending doctor to decipher the best way to approach
it. This doctor can consult with another doctor in another hospital about it. The other doctor will
receive the information about the patient. They c...
Review
Review
