Answered You can buy a ready-made answer or pick a professional tutor to order an original one.
Term Paper: Planning an IT Infrastructure Audit for ComplianceDue Week 10 and worth 200 pointsNote: Chapter 5 of the required textbook may be helpful in the completion of the assignment.The audit plan
Term Paper: Planning an IT Infrastructure Audit for Compliance
Due Week 10 and worth 200 points
Note: Chapter 5 of the required textbook may be helpful in the completion of the assignment.
The audit planning process directly affects the quality of the outcome. A proper plan ensures that resources are focused on the right areas and that potential problems are identified early. A successful audit first outlines the objectives of the audit, the procedures that will be followed, and the required resources.
Choose an organization you are familiar with and develop an eight to ten page IT infrastructure audit for compliance in which you:
- Define the following items for an organization you are familiar with:
- Scope
- Goals and objectives
- Frequency of the audit
- Duration of the audit
- Identify the critical requirements of the audit for your chosen organization and explain why you consider them to be critical requirements.
- Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization.
- Develop a plan for assessing IT security for your chosen organization by conducting the following:
- Risk management
- Threat analysis
- Vulnerability analysis
- Risk assessment analysis
- Explain how to obtain information, documentation, and resources for the audit.
- Analyze how each of the seven (7) domains aligns within your chosen organization.
- Align the appropriate goals and objectives from the audit plan to each domain and provide a rationale for your alignment.
- Develop a plan that:
- Examines the existence of relevant and appropriate security policies and procedures.
- Verifies the existence of controls supporting the policies.
- Verifies the effective implementation and ongoing monitoring of the controls.
- Identify the critical security control points that must be verified throughout the IT infrastructure, and develop a plan that includes adequate controls to meet high-level defined control objectives within this organization.
- Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
- Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
- Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
- Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance.
- Describe the components and basic requirements for creating an audit plan to support business and system considerations
- Develop IT compliance audit plans
- Use technology and information resources to research issues in security strategy and policy formation.
- Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.
- @
- 165 orders completed
- ANSWER
-
Tutor has posted answer for $50.00. See answer's preview
* **** ****** ******** AN ** ************** AUDIT *** COMPLIANCEStudent ************* NameCourse *************** ************* ** 2016A **** ************* AN ** ************** ***** FOR COMPLIANCEOVERVIEW ** AN ** AUDITWe should ***** *** task ** ********** **** an ** review/audit ** An IT ***** ** ************ a center and required ****** **** ******** ** ************* information development ********* ************ operations *** all ***** ******* ******* ** is ***** *** and ***** ******** ** ** outcome of * **** related ordinariness ************ ***** *** ** ***** ********** of an ** survey ****** ********* the steadfastness ** data **** ** ******* ***** ********* *** ********* verbalizations of *** affiliations· Deciding the ***** ** consistence **** *** pertinent **** ************* *** standards in *********** **** IT· ******** if *********** ***** *** ****** ** ****** extravagance ***** ************ ************* ** ***** ** the usage and ************ ** ** ****************** ***************** BACKGROUNDBuilt ** **** **** ** ***** **** ** *** ** helper of **** *********** **** USA has *********** **** * widened budgetary *********** **** *** ******* ** **** ****** ******* asset ************ *** ******** ********** facility and money related admonitory ************* ** clients *** ****** ** *** ********* land *** ****** ****** ****** ***** ** ******** ** ******* purpose ** ********* their new ********** and ** ******** **** are **** **** ******* ***** ** ****** ***** *** survey program **** ******* organization ********** ** indicated ** ********* standards **** ** ***** ********* association ******** ** Tokyo ********** *** ************** ** ******* ***** ** ORIX ********* **** *********** ** ** **** the *********** ***** ***** ** ********* *********** upon the **** management *** ********** ********* **** **** threat ********** ********** is *** better than **** ******** on every ****** **** ** **** there are *********** ***** of IT *************** that have **** ****** *** **** **** ** ************** **** ***** ** establishment ****** for *********** ******* *************** are **** ****** ******** ** ** ********** *** ******** organization and *********** *********** *** **** *** not the **** is ******** ****** where ***** ******* ******** *** the ****** ******* ***** ********* ******* *** the ******** ** office is ***** ***** ****** ***** **** **** will ** ******** and **** won't ** ********* Besides ** ******** if the expansion is not unmistakably described ***** ***** ******* ****** **** *** ******** *** IT office's ******** ** working stress ** **** Corporation(ORIX USA ******** *** ************ *************** ********** ***** *** ***** are ********* ** ********** of *** **** ** ****** ********** *********** ** **** **** **** *** ****** *** ******************* ****** ************ *********** **** *** *** ****** ** be ********* *** ****** ****** ******** *** objectives ** *** audit *** ** the ******** *********** ** **** *** organization ** ** *** ***** Organization ******* ************ ***** ************ **** a ****** ** ****** of targets ***** objectives *** ****** ** *** ******* *** relationship ** **** ***** *** ****** ** action *** *** standard which ***** *** ******** to ******* *** targets This ******* ** ** security approaches *** additionally ** ************* transversely over ********* *** nd)ORIX ***** these specific three *** chief goals *** relatingeffective IT security audit ******* ********** ******* a ************** *** ** impartial review ** * *********************** ******* controls and ********** ************************ **** appropriate *** ****** IT ******** *** ******* ** ************ Offer ***** recommendations *** **** corrective actions and ******** ** ****** controlsExamples ** ******** ** ***** ******************** on ***** ********** *** ** displays:· **** managementpledge **** ***** controls *** *********** *** ********** Are ********** ******* integrityconfidentiality ** ******** ** ************* ****** ******** *********** for data ********* *** IT ************** ** ********** back ** ********** ************* ** IT ************************ ** ********* *** ******* before *********** *** ******* ** ** ********************* ** *** ******* **** ****** *********** ** frequency) ** ******* ** audits *** ******* ******* ********* **** *** ****** Fundamental structures ******** **** **** checked more consistently **** *********** controls Besides in **** *********** circumstances ********** ** ******** ****** ***** **** **** ********** **** ** * ******* **** take ***** *** ********** to ****** ****** *** ****** ****** ********* **** *** ********** ********* *** *** ***** ****** ** ***** *** ****** on * yearly ******* ** **** * ****** of years(ORIX *** *** *** ***** ******** ** * ******** peril ********** ******* *** ****** ***** ******* in development *** ********** *** instance ****** ** ************* fortification and failure recovery(Solomon ***** ***** ************* OF THE ********** ****** *** ********** ** ** ****** includes ******* time ****** ** **** ** office ***** *** ************* ******** *********** *** **** ****** *********** ************* **** as ************** **** employeesbesidesaccount ************ *** *********** REQUIREMENTS ** THE AUDIT *** **** ***** ******* ************ ** ** IT ****** assessment hone ********** ********** ****** the *********** necessities ** ** ***** at **** Structure ************ ** ORIX ******* the *********** *********** ** *** audit ** two ******** ******* *** *********** ******** These controls ***** ************ ** *** ****** parts ************ **** **** Application ******** ** ******** **** execute ** ********* ********** *********** ******* *** instance General ****** *** *** ***** ************ modules and **** ** *** control **** *********** ***** ******** *** ******** *********** ******** and ***** ******** *** ******* inspectors ** **** take ***** ******* ** *********** or protection ******** ***** ***** **** *********** ************ *** ******** particular ************* these ***** ** ********* need ** ** ***** ** ORIX pivots ****** ***** ***** fundamental security ***** ******** ************ ******** ordinarily spoke ** ** organization ** a ********** **** of *** ******* ******** ******* ***** fuse ******** game plan ******** ******* ************ **** ************ ******** and masterminding ** *** ** ******** **** ***** and ************* ** PC **** range *** ** ******** ************ ********* ********* ******** **** are ******** by ****** ****** by systems ******** ***************** *** **** user ****** incident ******** and response ******** and *********** planning ********* ******** ********* ******** ******* ************* *** ******** ******** **** system ***************** ******** are those guidelines that *** ********** ** systems ******** ******* Identification *** ************* ******* ****** control Audit Trails ** **** ** ************ ******* *** *** ******* **** and ********** ******* ** al ******** 1 ******** ******** (RE-CLAIMED **** *********** ** INFRASTRUCTURE FOR ************* ******* * *** ****** *********** ******** & ***** ********* ** ******** ** *********** *** Infrastructure audit assessmentrequirement ** further ********* ******** ** ********* ************* ********** ** ************* **** ******** ********* ******** ***** * ******** risk in *** situation A ************* ****** ******* differentiates **** * hazard ** ********** ************* ******** *** ******* ******* *** ****** before ** ******** An **** or ************ ******* *** ****** *** ******* ** * ************ ********** LAWS *** ORIX ITISACA ********* privacy assurance *** ********** ****** the association ** *********** ** ** ******* ** "adherence ** trust and **** in *********** **** any information ******** ** a ********* or ************ ********** ***** subject) ************ ** ***** and true ** agree to ********* ********* ** *** ******** procedure ** pertinent ******** ******** and laws" (Data ******* ******* **** **** *** **** **** "Generally ******** Privacy ********** ** (GAPP)" ** ********** **** data ******** ****** ********** corporate **** *** ************** **** ******** *** corporate ********** Also *** ******** ********** *** laws *** *********** taken after ** ORIX ** ***** ** *** *** **** ***** ********** division *** ******* the ****** over ********** ****** ***** ********* *** ********* shippers *** ***** *********** ******** ******* ******* ** *********** *** ********* and ********** ****** *** *********** *** ********** ** **** **** on *** ****** **** ***** is no **** is made *** ***** ******* Officer ****** ***** ***************** **** PLAN FOR ASSESSING IT ******** *** **** ***** ********** **** *** ********* IT ******** by associatedsucceeding:a ************* ********* THREAT ANALYSISc **** ********** ********* RISK *************** ******* *************************** into ***** ****** 1) ******************* 2) ********* ** ******** ** 3) ********* ********************* ***** ******** *** the **** ********* ** conservativelinked to ************ ***************** ***** scope ********** ******** *** regions *** as of now ************* *** ************ *** ****** ***** **** be ********* ******* *** ***** ******* ******* System *************** or ****** ******** **** ** *********** contradiction of ***** **** ***** responsibilityundertaking grid *** control ************** ******** *** instance ******** *** ** *** system ** *** **************** **** ** ********** ******* **** ******** *** ***** ***************** CONTROL **** ****** CONTROL ****** *** PROCEDURES (AC-1): **** *********** ******** ** **** ** reviews/updates:A A ********** *** formal access ******* **** **** ********* ***** purpose **************** ***** coordination ********** ************** organizational objects ******* complianceB Documented andformal ****** ******* ****** ** ****** *** execution ** ****** control procedure *** ************ ****** *************** ********** ******* ORIX accomplishes information ****** *************** *********** Recognizing account ********** *** ***** ********** *********** ****** guest/unidentified *** provisional);B ************ ********** *** ********** membership;C *********** sanctionedoperators ** *** **** ****** *** *********** ****** ******** ********* ******** ********* *** ************ ** ****** ********** ********** establishing ********* modifying and *********** account(Smith *************** ********** ******* *** ************ ********* a ***************** ******** *** rub ** * constantobservingpackage **** ********** ************* ***************** *** *** *********** ****** *** its basic *********** A ******* ** *** ******** ********* of ********** ** *** information ********* *** setting ** ******** ********** ******** ******* ********** ** ********* with *** administrative continuous ********* strategyD ************ the safety state of *** **** ****** to ********************** ******************** ******** **** *********** PLAN (CP-1): The ************* ****** up ** ********* ****** ** action *** *** **** ********* ****** Recognizes ***** missions *** ******** ***** *** ******* *********** *************** Gives recuperation destinations ********** ***** *** *************** Addresses *********** parts *********** and allotted ****** **** contact ****** ********* keeping ** fundamental ******** *** business ********** ********** ** * **** ********* disturbance bargain or *************** ********* consequent **** **** ********* rebuilding without ********* ** *** ******* ** establish ****** ********* ******** and actualizedvi Is examined and ********* ** ******** establishmentsprivileged *** ************ Circulates ********** ** *** emergency ****** ** ****** ** *************************** ******* ** *** *********** **** ***** *********** ** **** *** ** ***** *** authoritative ********** ********* *********** ********* ********* **** ********** ********** *********** ******* *** ********* strategy *** *** data outlineE ********** *** emergency policy ** ****** changes ** *** outside **** **** ********* ** environment ** ********* *** issues ************* **** ******************* ***** or ******* *** ********** Imparts ********* strategyvariations ********** ******** ********** ************** ***** ** ***** management ********** for ******** ********* **** incorporates recognition *** *********** readiness ********** ************ *** ************** *********** event handling of ********* **** *********** arranging practices· Incorporates ******* ****** **** ********** episode ****** **** of ********* **** occurrence reaction ******* preparing *** ****************** *** ********** *** ********** changes in **** ************** ***** ***** **************** **** ********** *********** (MA-1):The *************** ***** ******* ******** *** overviews ******* of ****** *** ******* on *********** ****** ***** ********* to ******** ** ****** ************** *** legitimate ************** ******** all ******* ***** out ******* performed ******** ** ******** *** ******* the rigging is ********* close-by ** removed to another ******* ******** **** ** ******** power unequivocally ********** the ******** ** *** information ****************** *********** ************* AND *********** the ***** ** *** arranging **** ** the survey or ****** ***** ** ********* for *** *********** * will **** *** ******* ******* ** ********* ***** ****** ******* *** augmentation *** ******* ** *** ********** **** their organization aggregate information ** key ******* evaluate existing ******** *** **** *** rest ** *** review stages ** the ***** ** this ******* *** ******* depicts ** is ****** **** data ***** *** ******** ** system ** ** **** ** *** ** available ********* and other *********** *********** In *** ******** **** required I **** **** **** ***** ****** ******** particularly *********** for the ******** ***** ****** and *** ***** people * **** to **** **** ****** ** ****** ******** Conference or Entrance Interview" ** next ***** stage * **** ******* ***** *********** ***** *** ********* ** ***** ** obtain * ******* audit ** operations * **** ***** with *** ***** *** ******* ******* ******** and distinctive *********** ** information **** ***** **** ** through ********* ******* *** **** stage for ********* ************* **** *** ****** ** ******* ****** control evaluation from any ******** review **** ** their Central ***** ******** ** *** **** in *** past led *** ******* ****** usageANALYSIS OF *** ***** (7) DOMAINS ********* ****** THE ************** should ********* initiallyidentify what the apiece of *** ***** ** ********* ******* ** *********** ************** ** addition to *** **** *** *** ** ********************** **** ********** **** *** ** ******* method and ********** in *** particular ****** area Case ** point ********** *** ********* manages *** ************ ******** ** *** *** ****** ****** coherent ****** ************ arrangement ********* **** ****** ******** *** ****** ** the predefined ********** ******** *** ******** *********** arrangement ****** *** directions ** substance ********** and *** surfing ****** ***** ********* *** ******** ************** **** *** ********* world2) *********** ********* the front-end ************** ********* ****** ******* ******** ******** ******** contraptions ******** and *** to ***** *** ******** ** ********* ******** ********* and ******** ******** approach These ******** are executed **** gear ********** ******* ********** *** ********* devices as an ******* of *** *********** ******** ********* *** ********* framework ******* ****** security methodology ** moreover ******** *** ******** game **** ** ***** **** *** reliable *********** ** ** interface **** **** ****** timeout *** ******** ********** ****************** or *** attacks *********** ** ************* ****** concentrates/extemporaneous ********* any ********* ****** information parcel getting The ******** security *** assurance is ********** the ******** on *** ****** *** and ********** marked ******* The ****** diagram *** reinforcement ******** the **** ***** **** *** ***** *** *********** ************* **** ************* reclamation *********** *** ************* ***** taking **** ** at ORIX ************* LAN-TO-WAN DOMAINThe ***** ********* *********** ******** ******** ******** safekeeping *************** ******** *********** is *** ********** ** **************** ****** range at **** Company A *** *** ************** ****** ** ******* ** also premeditated ** **** information Center ** **** *** *************** ***** are **************** ** companywide LAN ************* Network Security **** ** ****************** to the ********* domain5) WAN ********** executed MPLS ********* *** their ************ ****** ******* ** is ****** adaptable *** a ********* ****** *** the ********* level **** ************* ** **** application ************ ********* ***** * **** *** Layer * VPNs IPV6 *** ******* *********** GMPLS ******* *** ****** ** ********** ********* ********* *** ************ ****** corporate ******* **** ** ******** ***** **** an ******** or option *********** ************ ******* *********** ** outside ** ********* ***** ****** year6) ****** ACCESS ********** **** the ********** CISCO VPN design for *** detached or ****** ****** ****** ******* or inaccessible workers practice **** *********** ** grow ** the ************ *** recognition and ************* is **** ******* windows ******* record *** *** correspondence ** ***** **** *** assistance ** * VPN ************* SYSTEM/APPLICATION DOMAINThe ****** ******** methodology *** SDLC *********** ** ******* structure and *********** ***** *** ********* *********** ****** ** ******** framework ********** *** ***** ** these ******* *** ****** ************ system ** *** ** ** **** ** ******* *** ********* in ********* and ******* *********** ********** *** ********** **** ********* FOR EACH **************************************** AVAILABILITYNetwork Outagesin ******** to Surviving PowerTHE ******* ******* ******* ***** ******* CAN ** ******* BY ********** ******** ********** ** ANENCRUSTED ******** *** ******* ************ ** UPS ** ***** THE CALCULATING DEVICES **** OFF *** LINKS **** DISSIMILAR DATA CARRIER ************ *** ****** ******** CABLING *** *** ******** THIS ** ********** ******* ** LAN-TO-WAN *** AND *** ************ Recoveryin addition ** ************** ****** ****** OF USER **** ****** DATA AND **** *** *** ******************* *** ******** ******** ******** *********** REPLICATION AND ******* AT ********* MEDIA ** ALTERNATIVE ASPECT ** ******* THE ****** ** ******** ** ******** VALID ** ****** EXACTLYAPPROPRIATE ** **** ******** UNIT AND ******* DOMAINSMAXIMIZING *************** *********** ******** *********** ********* ******** connectedINSTALLATION *** ********** *** SAFEKEEPING ** ********* TO ***** *** *** *********** ******* **************** ** ********* ******* ********* *** *********** IS ***** *** *** *********** OF SYSTEMS BESIDES DATA Validation Checksalong **** ************ *********** AUTHORIZATIONS ** *** ****** DATA *** ************** ******** ** APPLICATIONS/ERP ** ********** *** *** ********* ***************** *************** ********** *** ********* TRANSFORMATION IMPLEMENTATION ** *** ****** IS * ************** ** THE ******** *********** *************** ************** ** ********* ******* FIRMWARE ******* ON ****** ******* ARE IMPORTANT *********** ******* *** ******** ** INTEGRITYMAXIMIZING ********************* ManagementACCESS ************** ***** ** ******* ** **** ** ************ ***** ******* ********** AND **** *********** *** *************** ** ****** THE ******** *************** ******************** **************** IT INCOMPREHENSIBLE ** ******** ******** ** *** DECRYPTION *** *** *** ****** ALL *** ******** *********** AND ONLY ***** *** DECRYPTION *** TO *** ******** *********** *** EXAMINE *** ****** *** EXISTENCE OF ******** ******** ******** AND ********** revision *** ********* of appropriate ******** ********* as **** ** ******** ** **** ********** *** ********* plan ************ the ******** as ****** ** the ******* ************************** POLICYCONTROLS ********** IN **************** ********* *** EVIDENCESACCESS MANAGEMENTLOGICAL ****** ************** ************* ********** ********** ** dutiesin ******** ******* ************ administration ******** Logical **** ** access ************** **** ** ******** *** ********** ********* ********************** through *** **** dated User ******* ** privileges ********** tickets *** ****** authorization eventsCONFIGURATION MANAGEMENTChange ********** PolicyBaseline Configuration; ************* ****** controlRequest *** ******************** the age Change ************** ******* FlowCONTINGENCY **************** Response ************ ****** and *********** ****************** ******* ***** ******** ********* *********** ******** *** ******** ********** ********** ***** ***** DR manual Incident ********* results and *********** addition ** Responsibility *********** *********** ************** ** ******** to mediaAccess as well ** StorageAccess ** ********************** backup ************* *** ENVIRONMENTAL ******************** Policy Physical Policy Network ****************** ********** ******** ******* as **** CCTV ******** *** *********** controls ************************** SYSTEM PROTECTIONSDLC ****** *************** System Procurement in totaling ** Network ****** ********** protectionBoundary ********** Spam protectionBase **** ********** ***** ******************* Checking in ******** toObserving of Network *********************************** ******** SECURITY CONTROLS ********** THE ** INFRASTRUCTURE· Inventory ************** ** unauthorized *** ******************* ********* **************** ********** ****************** ********* ************* for software ** **** ** ******** on ********* ************ in addition ** ******* (Hester ***** Harrison 1998)· Secure *** ****************** for ******* ********** **** thefirewalls routersand ********** **************** ********** ************ and ************* ** ****** ** ******** audit ****** ************* **** asorganization software ******************** ********** *** of ****************** ********* access ***** ** ************ to ****** ********** ************* valuationalong **** ************* Account ********* *** control· ******* ********** Control ** **** ** ********** ** network ***** protocols *** services· ******** ***************** ********* Data ************************* ********* WITH ******** ******** ** MEET ********** DEFINED ******** OBJECTIVESAn ***** ******** ** anobligatory **** ******** ** attending *** trustworthy ********* *** auditresults The audit *********** **** ********** ******** to accomplishhigh-level ******** controls ************* ** ORIX **** ** **** the ********** ******** *** ******** ****************** ******** ***************************************************** ********** ******** Training; ** well ** ******** *************** ControlAccount *********** ********** ** ******* ***** PrivilegeAuthorizationand ******** Assessment Plan of Action and *********** ******** **************************************** ** ****** Maintenance ********* Events;(Johnson **************** Planning Contingency ********* ******* Storage ******************** ****************** *************************** Change *************** ****************** ********* ******** *********** Incident ReportingAuthentication *** IdentificationIdentifier *********** ************* ****** ******************** ***************** ******** ***** ******* ***** Marking;MaintenanceControlled Maintenance;Maintenance Tools;PlanningSecurity Plan;Privacy Impact Assessment ******************** and ******** ****************** ****** ********* ******* ******** **** ************** ****************** *************** ************* Scanning;Personal ***************** ********** ********* ********************************************* ** Resources; ******** *********** ***************** *** ************************* of ******* *********** ******** Protection;Program ******************** ************* Risk Management ******************* System *** *********** IntegrityMalicious **** *********** **** *********** ***** *************** ******** & ***** ******************************** * Amado * ******* C Druker * *** ******** & *** * ****** IT ******** ********** ********** ****** ***** **** *** ****** ******** *********** *** ***** Manager *** RedbooksTiller * & ******** * ****** Information ******** ********** ******** ***** Edition ****** * *** *************** * * ****** ******* ********* A ********* ******** ******** Pressharvard **** ************ Retrieved **** ******** cyberlawharvardedu/ecommerce/privacyaudithtmlHester * * ***** ******** R ****** **** ********** and **** Management Royal Society ** ************** **** *********** Audit ********* ********* **** ****** wwwisacaorg/planning//DRP%20toolkit_Contingency%20audit%20questionnairJackson C ****** ******* ******** Auditing ***** ************ M ****** ******* *********** **** *** **** ** **** for It Operations ********** ****** *** *********** *** **** ORIX USA ********* from ***** **************************** * * ****** ******* Auditing: A Control ********** ******** ************ M ***** ***** * (2010) Auditing ** Infrastructures *** ********** ***** ***** ******** **********