The Chief Information Officer (CIO) to perform an audit of the HR Department
You are part of a team has been selected by the Chief Information Officer (CIO) to perform an audit of the HR Department.
Create a 10- to 12-slide presentation (not including the title and reference slides) that examines the specific audit steps that should be performed to evaluate the following areas:
Handling of ethical issues, including security-related legal/regulatory compliance (non-privacy related), intellectual property and licensing
Compliance with privacy related laws and regulations
Adequacy of security policies and security awareness training
Identification of security related risks/threats
Area: From the list above
Example: Security related risks/threats
Potential Risk to be Reviewed: Describe the risk
Example: Viruses and malware can negatively impact the confidentiality, integrity, and availability of organizational data
Evaluation of Tools and Methods: Describe the control objective and the specific controls you will evaluate to determine potential risk is mitigated. Please note that typically, there will be more than one control that should be reviewed for a potential risk.
Example: Determine whether anti-virus software is in use
Example: Determine whether virus signatures are periodically updated
Example: Determine whether periodic virus scans are performed
Criteria/Measures to be Used: Describe the criteria/measures that you will use to evaluate the adequacy of each area/review step that you review (i.e., what criteria will you use to perform your evaluation/how will you determine that the risk has been mitigated to an acceptable level).
Example: 100% of servers and PCs have virus software installed
Example: 100% of the virus software installed is set to automatically update, including virus signatures.
Example: 100% of the virus software installed is set to automatically perform a scan at least weekly
The identification of potential ethical, legal/regulatory, privacy, and security related issues (20%)
The evaluation of the tools and methods used to mitigate any ethical, legal/regulatory, and privacy related issues identified, as well as the tools and methods used to perform the review steps (20%)
The evaluation of the tools and methods used to mitigate any security-related issues identified, as well as the tools and methods used to perform the review steps (25%)
Criteria/measures that you will use to evaluate the adequacy of each area/review step that you review (i.e., how will you determine that the risk has been mitigated to an acceptable level) (20%)
Quality of written communication
Use of APA format/style
Include a minimum of two audit steps for each of the areas listed above. The audit steps should follow the following format:
Your grade on the assignment will be based on how well you address:
Include a 1/2- to 1-page executive summary and support your presentation with appropriate references.
Disclaimer: The reference papers or solutions provided by Calltutors.com serve as model papers or solutions for students or professionals and are not to be submitted as it is. These papers are intended to be used for research and reference purposes only.More Details