✍️ Get Writing Help
WhatsApp
Our customer support team is here to answer your questions. Ask us anything!
Agent
👋 How can we help with you?
💬 Hi, how can I help?

IT Audit Policy & Plans

/ Uncategorized / By

Project 3: IT Audit Policy & Plans Outline

Executive Summary for the Policy Briefing Package

The Executive Summary provided an excellent summary of the policy package’s purpose and contents. Information about the case study company was well integrated into the summary. Each policy was individually introduced and clearly explained. The material was well organized and easy to read.

The executive summary should be 1 to 1 ½ pages in length and have an introduction, a description of each policy or audit plan to include why the organization needs the policy and/or audit plan and a summary.

Policy for IT Security Policy Compliance Audits

Policy Introduction

The policy contained an excellent introduction which addressed five or more specific characteristics of the company’s business, legal & regulatory, and/or enterprise IT environments and addressed the reasons why employees must comply with this policy. Compliance requirements are addressed and  contact information is provided for questions about the policy.

Specially state the compliance reasons that this policy is necessary (GDRP, PCI, HIPAA, SOX, etc.)

Policy Content

The issue specific policy provided excellent (clear and concise) coverage of the following:

  • policy issue (do required policies exist and have they been properly vetted & approved)
  • policy solution (auditing all IT security policies to determine compliance with security controls)
  • applicability (to what and to whom the policy applies)
  • compliance requirements (remember to include HR)
  • point of contact (for more information) or questions

The policy was easy to understand and thoroughly covered the required content.

Audit Plans

Security Awareness Audit Plan: Audit Background

The Security Awareness audit plan contained an excellent background section which identified and discussed 5 or more risks which drive the requirements and objectives for this audit. IT security controls for security awareness (AT family of controls from NIST SP 800-53) and related compliance requirements were identified and discussed. Contact information was provided for the audit manager. Information from the case study was well integrated into the background material.

Security Awareness Audit Plan: Audit Objectives

A clear and concise set of audit objectives were presented. These objectives addressed (and named) each security control in the Awareness & Training (AT) family (as listed in NIST SP 800-53).

Security Awareness Audit Plan: Audit Approach

The Audit Approach clearly and concisely identified and described the major elements in the data collection strategy (what data will be collected, how it will be collected, what will be measured). The data collection strategy was supported by a checklist (for a document review) or list of questions (for a survey). The relationship between the audit approach and the measurement of the effectiveness of the security controls implementation was explained.

IT Security Policies Audit Plan: Audit Background

The IT Security Policies audit plan contained an excellent background section which identified and discussed 5 or more risks which drive the requirements and objectives for this audit.

The 18 IT security policies & procedures security controls (e.g. AC-1, AT-1, etc. in NIST SP 800-53) were identified and discussed. Five or more additional controls from the PM & PL families were also addressed. Contact information was provided for the audit manager. Information from the case study was well integrated into the background material.

IT Security Policies Audit Plan: Audit Objectives

A clear and concise set of audit objectives were presented. These objectives addressed (and named) all 18 policy & procedures security controls (e.g. AC-1, AT-1 as listed in NIST SP 800-53).

IT Security Policies Audit Plan: Audit Approach

The Audit Approach clearly and concisely identified and described the major elements in the data collection strategy (what data will be collected, how it will be collected, what will be measured). The data collection strategy was supported by a checklist (for a document review) or list of questions (for a survey). The relationship between the audit approach and the measurement of the effectiveness of the security controls implementation was explained.

For faster services, inquiry about  new assignments submission or  follow ups on your assignments please text us/call us on +1 (251) 265-5102