1)DISCUSSION BOARD (200 WORDS) IN TEXT CITATION PLEASE THANKS A LOTAs you continue your analysis, you see that the Information Technology (IT) department has developed several guidelines and...

1 answer below »



1)DISCUSSION BOARD (200 WORDS) IN TEXT CITATION PLEASE THANKS A LOT




As you continue your analysis, you see that the Information Technology (IT) department has developed several guidelines and procedures about how various systems should be considered and set up, but this is internal only to the IT department. Every time a new machine is set up and deployed, within a month, the configuration is changed.







  • Explain why you think the use of these guidelines and procedures is not sufficient and may not solve the problem. Consider how a company-wide policy programcould help the situation.



  • As you begin to prepare your game plan to conduct an Information Security Audit, talk about why you think this current situation makes it difficult to identify the controls that need to be examined.



  • If you were performing this security audit, with which regulations would youwant to ensure that PVSS complies? Why?









2) INDIVIDUAL PROJECT (800 WORDS) IN-TEXT CITATION PLEASE THANKS A LOT







In a 4 page TECH MEMO [


format included here in the School of Information Technology LibGuide


] addressed to your project lead, complete the following:











  • Explain what steps you will need to develop and establish to facilitate a successful audit.








  • List and describe the steps and tasks required to implement anaudit program.








  • In addition, describe the audit class(es) that would be applicable to your contracted audit.








  • Describe which information systems would be considered part of the scope for the audit.





Answered 1 days AfterFeb 20, 2023

Answer To: 1)DISCUSSION BOARD (200 WORDS) IN TEXT CITATION PLEASE THANKS A LOTAs you continue your analysis,...

Shubham answered on Feb 21 2023
37 Votes
1. Discussion Board
The use of guidelines and procedures developed by the IT department may not be sufficient to solve the problem of frequent configuration changes. This is because the guidelines and procedures are internal only to the IT department. A company-wide policy program would help to address the issue of frequent configuration changes (Yazdani et al. 2019). Such a program would establish guidelines and procedures that are communicated and enforced throughout the company.
The current situation, where the IT department guidelines and procedures are internal only to the department and frequently disregarded, makes it difficult to identify the controls that need to be examined during an information security audit. There may be a lack of standardization and consistency in how various systems are configured, making it challenging to identify the controls that need to be audited.
General Data Protection Regulation mandates that companies protect the personal data of EU citizens and implement appropriate technical and organizational measures to ensure data security. Compliance with GDPR is important to prevent data breaches, which could result in significant fines and reputational damage (Taherdoost & Brard, 2019). The regulation aims to give individuals control over their personal data and to simplify the regulatory environment for businesses operating in the EU.
2. Individual Project
Question 1
The successful audit includes steps that are required for establishment and development are:
· Develop a clear and comprehensive audit plan that outlines the objectives, scope, and methodology of the audit.
· Identify and assess the risks associated with the information systems being audited. This will help in determining the areas that require more attention during the audit.
· Develop a set of audit procedures that align with the audit objectives and scope. The procedures should be designed to test the effectiveness of the controls in place and to identify any weaknesses (Al-Karaki, Gawanmeh & El-Yassami, 2022).
· Select the appropriate audit tools and techniques, such as data analytics, sampling, and documentation review, to aid in the execution of the audit.
· Establish effective communication channels with the auditee, stakeholders, and other relevant parties to ensure that the audit is conducted smoothly and with minimal disruptions.
· Conduct a thorough audit testing...
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?