Objective:For this assignment, you will create an Audit Charter and an Audit Program for a cybersecurity audit of a company of choice. The company i chose is Vena SolutionsAudit CharterYour Audit...

1 answer below »



Objective:




For this assignment, you will create an Audit Charter and an Audit Program for a cybersecurity audit of a company of choice. The company i chose is Vena Solutions







Audit Charter




Your Audit Charter must be written as a formal Memorandum of Record, or letter. Include:




Mission: Why is the audit conducted.




Scope and Responsibilities - Make sure to limit the scope of your

audit. A complete cybersecurity audit is overly aggressive. What you

must do is choose a limited scope for your audit. That scope must

include at least two critical systems/areas of the company's

infrastructure. One of the critical systems must be an industry

specific system (policy management system for insurance, loan processing

system for banks, manufacturing management system, or like). As you

may or may not be able to determine the actual system(s) that the

company you have chosen uses, you may investigate and select an

appropriate system that such a company could use. Note: you should

find a system which has some public information available. The second

system or area could be a commonly used system, such as an HRIS, an

accounting system, etc., or it may be an area such as a network, WiFi,

physical security, or other infrastructure area. The second area must

not be trivial.




Authority: Under what authority would your audit be conducted.




Accountability: Where does your audit team report.




Standards: Research and determine the standards that apply to your

company including those which are appropriate to the industry to

determine the standards against which the audit will be conducted. Also

include general standards which are required. Identify those sections

of the standards which are appropriate to the selected scope.









Audit Program:




After you complete your Audit Charter, conduct such preliminary and

field studies as are necessary to thoroughly understand the systems and

areas you are going to audit in relation to the standards against which

you will perform the audit.




Having conducted those preliminary and field studies, complete a

detailed and comprehensive Audit Program. Be sure to include the

specifics about what evidence will be gathered, how it will be gathered,

tasks to be performed, and expected positive results (used to measure

deviations), as needed. Also include any check lists or other artifacts

needed to conduct the audit. The Audit Program should cover the entire

scope as detailed in the charter, and should include sufficient detail

for someone who has not prepared the Audit Program to conduct a thorough

and sufficient audit.





Submission




Your submission should include in a single Word document your

Introduction, Audit Charter, and Audit Program. Standardized checklists

and other items used as appendices to the Program may be included

separately, but need to be loaded after the main submission.


Answered 3 days AfterNov 10, 2022

Answer To: Objective:For this assignment, you will create an Audit Charter and an Audit Program for a...

Shubham answered on Nov 14 2022
40 Votes
CYBERSECURITY AUDIT
CYBERSECURITY AUDIT
Table of Contents
Introduction    2
Audit Charter    2
Audit Program    4
Standardized Checklists    5
References    7
Introduction
Cybersecurity audit includes the comprehensive analysis and review of the IT infrastructure of the business. The process includes identification of threats and vulnerabilities, showing weaker link and high-risk practices. It is the method for examining the compliance and it is designed for evaluating the IT system. The study describes about implementation of cyber security in Vena Solutions for identifying threats.
Audit Charter
Mission
The benefit of cybersecurity audit in Vena Solutions is to assess compliances and it can help in identifying vulnerabilities across the digital infrastructure of the company. The audit will help in ensuring and helping the organization in staying ahead of cyber criminals. In Vena Solutions, the audit will be done by an auditor for checking the system configuration and run tests for analyzing the network and includes identification of gaps. The mission of cybersecurity audit is to provide in-depth analysis of current IT practices and provide a detailed report of external and internal security systems (Islam, Nusrat Farah, and Thomas F. Stafford, 2018). It is required for identifying threats that are commonly found during the auditing process like insider threats, phishing attacks and DDoS breaches. The audit can help the company in understanding the use of tools that are required for meeting compliance standards with detailed notes regarding the effectiveness and safety of the current IT tools. After completing the audit, the auditor can address the concern and determine changes that are needed for meeting compliance regulation.
Scope and Responsibilities
The scope of cybersecurity audit can help in ensuring in-depth audit of Vena Solutions for the security postures. It can help in detecting risks, threats and vulnerabilities that the organization is facing and influence of identified risks across areas. The critical system of the company includes a network security audit for the financial management that is required for reviewing the security and network controls, security monitoring capabilities and anti-virus configuration. The second system includes an accounting system that also covers cybersecurity risk management, technical security controls, cyber risk governance and third-party management. It is performed by the cybersecurity services for providing the adequate understanding of all the security protocol that provides a well-trained way for detecting flaws in the cybersecurity risk management.
The role of Information security auditor is to conduct the audits that are conducted for finding flaws and vulnerabilities in the internal system of the Vena Solutions. The findings from audits are vital for resolving issues and it can help in discovering the potential security implication (Slapničar et al. 2022). This includes identification of security breaches like unauthorized access to company resources, data theft and malware infection that have the potential for understanding the ability of the business to operate. It includes finding potential security flaws and determining the overall integrity and health of the corporate network....
SOLUTION.PDF
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here
Have files?