You are part of a team has been selected by the Chief Information Officer (CIO) to perform an audit of the HR Department.
Create a 10- to 12-slide presentation (not including the title and reference slides) that examines the specific audit steps that should be performed to evaluate the following areas:
- Handling of ethical issues, including security-related legal/regulatory compliance (non-privacy related), intellectual property and licensing
- Compliance with privacy related laws and regulations
- Adequacy of security policies and security awareness training
- Identification of security related risks/threats
- Area: From the list above
- Example: Security related risks/threats
- Potential Risk to be Reviewed: Describe the risk
- Example: Viruses and malware can negatively impact the confidentiality, integrity, and availability of organizational data
- Evaluation of Tools and Methods: Describe the control objective and the specific controls you will evaluate to determine potential risk is mitigated. Please note that typically, there will be more than one control that should be reviewed for a potential risk.
- Example: Determine whether anti-virus software is in use
- Example: Determine whether virus signatures are periodically updated
- Example: Determine whether periodic virus scans are performed
- Criteria/Measures to be Used: Describe the criteria/measures that you will use to evaluate the adequacy of each area/review step that you review (i.e., what criteria will you use to perform your evaluation/how will you determine that the risk has been mitigated to an acceptable level).
- Example: 100% of servers and PCs have virus software installed
- Example: 100% of the virus software installed is set to automatically update, including virus signatures.
- Example: 100% of the virus software installed is set to automatically perform a scan at least weekly
- The identification of potential ethical, legal/regulatory, privacy, and security related issues (20%)
- The evaluation of the tools and methods used to mitigate any ethical, legal/regulatory, and privacy related issues identified, as well as the tools and methods used to perform the review steps (20%)
- The evaluation of the tools and methods used to mitigate any security-related issues identified, as well as the tools and methods used to perform the review steps (25%)
- Criteria/measures that you will use to evaluate the adequacy of each area/review step that you review (i.e., how will you determine that the risk has been mitigated to an acceptable level) (20%)
- Quality of written communication
Include a minimum of two audit steps for each of the areas listed above. The audit steps should follow the following format:
Your grade on the assignment will be based on how well you address:
Include a 1/2- to 1-page executive summary and support your presentation with appropriate references.