Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits.
In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics………………
CIS 558 Week 10 Section 1, Internal IT Audit Policy
Write a three to four (3-4) page paper in which you:
1. Develop an Internal IT Audit Policy, which includes at a minimum:
c. Goals and objectives
d. Compliance with applicable laws and regulations
e. Management oversight and responsibility
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
CIS 558 Week 10 Section 2, Management Plan
Write a four to six (4-6) page paper in which you:
2. Explain the management plan for conducting IT audits, including:
a. Risk management
b. System Software and Applications
c. Wireless Networking
d. Cloud Computing
f. Cybersecurity and Privacy
g. BCP and DRP
h. Network Security
i. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
CIS 558 Week 10 Section 3, Project Plan
Use Microsoft Project or an Open Source alternative, such as Open Project to:
3. Develop a project plan which includes the applicable tasks for each of the major areas listed below for each element of the IT audit mentioned above; plan for the audit to be a two (2) week audit.
a. Risk management
b. System software and applications
c. Wireless networking
d. Cloud computing
f. Cybersecurity and privacy
g. Network security
Section 4: Disaster Recovery Plan
Write a five to seven (5-7) page paper in which you:
4. Develop a disaster recovery plan (DRP) for recovering from a major incident or disaster affecting the organization.
a. The organization must have no data loss.
b. The organization must have immediate access to organizational data in the event of a disaster.
c. The organization must have critical systems operational within 48 hours.
d. Include within the DRP the audit activities needed to ensure that the organization has an effective DRP and will be able to meet the requirements stated above.
e. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.