Planning an IT Infrastructure Audit for Compliance

Motivation: involves the psychological processes that arouse and direct behavior.
January 16, 2017
picot statement
January 16, 2017
Show all
0

Planning an IT Infrastructure Audit for Compliance

Note: Chapter 5 of the required textbook may be helpful in the completion of the assignment.

The audit planning process directly affects the quality of the outcome. A proper plan ensures that resources are focused on the right areas and that potential problems are identified early. A successful audit first outlines the objectives of the audit, the procedures that will be followed, and the required resources.

Choose an organization you are familiar with and develop an eight to ten (8-10) page IT infrastructure audit for compliance in which you:

Define the following items for an organization you are familiar with:
Scope
Goals and objectives
Frequency of the audit
Duration of the audit
Identify the critical requirements of the audit for your chosen organization and explain why you consider them to be critical requirements.
Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization.
Develop a plan for assessing IT security for your chosen organization by conducting the following:
Risk management
Threat analysis
Vulnerability analysis
Risk assessment analysis
Explain how to obtain information, documentation, and resources for the audit.
Analyze how each of the seven (7) domains aligns within your chosen organization.
Align the appropriate goals and objectives from the audit plan to each domain and provide a rationale for your alignment.
Develop a plan that:
Examines the existence of relevant and appropriate security policies and procedures.
Verifies the existence of controls supporting the policies.
Verifies the effective implementation and ongoing monitoring of the controls.
Identify the critical security control points that must be verified throughout the IT infrastructure, and develop a plan that includes adequate controls to meet high-level defined control objectives within this organization.
Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:

Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
Include a cover page containing the title of the assignment, the student?s name, the professor?s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:

Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance.
Describe the components and basic requirements for creating an audit plan to support business and system considerations
Develop IT compliance audit plans
Use technology and information resources to research issues in security strategy and policy formation.
Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.
Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.

Points: 200
Term Paper: Planning an IT Infrastructure Audit for Compliance
Criteria

Unacceptable
Below 60% F
Meets Minimum Expectations
60-69% D

Fair
70-79% C

Proficient
80-89% B

Exemplary
90-100% A
1. Define the following items for an organization you are familiar with: a) Scope; b)Goals and objectives; c)Frequency of the audit; d) Duration of the audit.
Weight: 5%
Did not submit or incompletelydefined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit.
Insufficiently defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit.
Partially defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit.
Satisfactorily defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit.
Thoroughly defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit.
2. Identify the critical requirements of the audit for your chosen organization and explain why you consider them to be critical requirements.

Weight: 10%
Did not submit or incompletelyidentified the critical requirements of the audit for your chosen organization and did not submit or incompletelyexplained why you consider them to be critical requirements.
Insufficientlyidentified the critical requirements of the audit for your chosen organization and insufficientlyexplained why you consider them to be critical requirements.
Partiallyidentified the critical requirements of the audit for your chosen organization and partiallyexplained why you consider them to be critical requirements.
Satisfactorilyidentified the critical requirements of the audit for your chosen organization and satisfactorilyexplained why you consider them to be critical requirements.
Thoroughlyidentified the critical requirements of the audit for your chosen organization and thoroughly explained why you consider them to be critical requirements.
3. Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization.
Weight: 5%
Did not submit or incompletelychose privacy laws that apply to the organization, and did not submit or incompletelysuggested who is responsible for privacy within the organization.
Insufficiently chose privacy laws that apply to the organization, and insufficiently suggested who is responsible for privacy within the organization.
Partially chose privacy laws that apply to the organization, and partially suggested who is responsible for privacy within the organization.
Satisfactorily chose privacy laws that apply to the organization, and satisfactorily suggested who is responsible for privacy within the organization.
Thoroughly chose privacy laws that apply to the organization, and thoroughly suggested who is responsible for privacy within the organization.
4. Develop a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis.
Weight: 20%
Did not submit or incompletelydeveloped a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis.
Insufficientlydeveloped a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis.
Partiallydeveloped a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis.
Satisfactorilydeveloped a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis.
Thoroughlydeveloped a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis.
5. Explain how to obtain information, documentation, and resources for the audit.
Weight: 5%
Did not submit or incompletely explained how to obtain information, documentation, and resources for the audit.
Insufficiently explained how to obtain information, documentation, and resources for the audit.
Partially explained how to obtain information, documentation, and resources for the audit.
Satisfactorily explained how to obtain information, documentation, and resources for the audit.
Thoroughly explained how to obtain information, documentation, and resources for the audit.
6. Analyze how each of the seven (7) domains aligns within your chosen organization.
Weight: 5%
Did not submit or incompletelyanalyzed how each of the seven (7) domains aligns within your chosen organization.
Insufficientlyanalyzed how each of the seven (7) domains aligns within your chosen organization.
Partiallyanalyzed how each of the seven (7) domains aligns within your chosen organization.
Satisfactorilyanalyzed how each of the seven (7) domains aligns within your chosen organization.
Thoroughlyanalyzed how each of the seven (7) domains aligns within your chosen organization.
7. Align the appropriate goals and objectives from the audit plan to each domain and provide a rationale for your alignment.
Weight: 5%
Did not submit or incompletelyaligned the appropriate goals and objectives from the audit plan to each domain and did not submit or incompletelyprovided a rationale for your alignment.
Insufficiently aligned the appropriate goals and objectives from the audit plan to each domain and insufficiently provided a rationale for your alignment.
Partially aligned the appropriate goals and objectives from the audit plan to each domain and partially provided a rationale for your alignment.
Satisfactorily aligned the appropriate goals and objectives from the audit plan to each domain and satisfactorily provided a rationale for your alignment.
Thoroughly aligned the appropriate goals and objectives from the audit plan to each domain and thoroughly provided a rationale for your alignment.
8. Develop a plan that: a) Examines the existence of relevant and appropriate security policies and procedures; b) Verifies the existence of controls supporting the policies; c) Verifies the effective implementation and ongoing monitoring of the controls.
Weight: 20%
Did not submit or incompletelydeveloped a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls.
Insufficiently developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls.
Partially developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls.
Satisfactorily developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls.
Thoroughly developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls.
9. Identify the critical security control points that must be verified throughout the IT infrastructure, and develop a plan that includes adequate controls to meet high-level defined control objectives within this organization.
Weight: 15%
Did not submit or incompletely identified the critical security control points that must be verified throughout the IT infrastructure, and did not submit or incompletely developed a plan that includes adequate controls to meet high-level defined control objectives within this organization.
Insufficiently identified the critical security control points that must be verified throughout the IT infrastructure, and insufficiently developed a plan that includes adequate controls to meet high-level defined control objectives within this organization.
Partially identified the critical security control points that must be verified throughout the IT infrastructure, and partially developed a plan that includes adequate controls to meet high-level defined control objectives within this organization.
Satisfactorily identified the critical security control points that must be verified throughout the IT infrastructure, and satisfactorily developed a plan that includes adequate controls to meet high-level defined control objectives within this organization.
Thoroughly identified the critical security control points that must be verified throughout the IT infrastructure, and thoroughly developed a plan that includes adequate controls to meet high-level defined control objectives within this organization.
10. 3 references
Weight: 5%
No references provided
Does not meet the required number of references; all references poor quality choices.
Does not meet the required number of references; some references poor quality choices.
Meets number of required references; all references high quality choices.
Exceeds number of required references; all references high quality choices.
11. Clarity, writing mechanics, and formatting requirements
Weight: 5%
More than 8 errors present
7-8 errors present
5-6 errors present
3-4 errors present

                                                                                                                                                               Order Now