Information Security Audit And Assurance Essay Example | Topics and Well Written Essays - 3250 words

Information Security Audit And Assurance - Essay ExampleData is stored in a database that makes access, recuperation and manipulation easy and more secure (Chrisopher, 2012). The Department of information technology in the governance oversees the protective cover of the information system and hardware that is used in running all the activities in the organization. Computer and information surety entails the safeguarding of computer resources, limiting access to authorized users, ensuring data integrity, maintaining data confidentiality and enhancing accountability in the organization (Chrisopher, 2012). The effective tribute will therefore involve taking security measures to determine hardware and media are not stolen or damaged. Developing back up strategies to minimize loss of data and information, encryption of sensitive data files and appropriate user identification (Ruskwig, 2012). Audit checklist INFORMATION SECURITY SYSTEM AUDIT AND ASSUARANCE CHECKLIST military unit/ H uman resources Check item Answer Responsibility Who has the responsibility for ensuring system security? employee Do employees and other users of the system have the knowledge and training on how to handle security threats? Training Do the personnel and staff member with any responsibility of system security have adequate training and do they receive training to support their roles? Computer security policy Is there a documented security policy that is fully supported by the old management , with associated operating systems Non disclosure Agreements Is there confidentiality agreements to sensitive employee data and information and its disclosure to third parties Process Audit Are the installed systems in the company including security systems and firewalls installed in the company audited on a regular basis? Software patches Do mechanisms exist that are used to deploy software patches at the security systems in the company in a timely and audited manner? Data protection Are emplo yee and company data well secured in the database? And comply with the legislative frameworks such as data privacy Act. Authentication Are there reliable and effective authentication mechanisms in the organization? Technology External interlocking security Are there security measures such as intrusion detectors, firewalls that are used to protect against external computer access such as profits. Are these safety measures authorized by the senior management. Content monitoring Is there proper monitoring of the content of emails, and internet to prevent virus infection, internet fraud, SPAM and also litigation from the improper use and improper content. Anti virus Is there an installed antivirus and is it up to date, are all users trained and educated on how to identify and avoid suspected files to avoid virus and malware infection. Physical security Are critical IT systems, equipment and servers, stored in a secure and protected area throw in from unauthorized access? Security pol icy. Policy statement The department of information technology in the organization is vested with the responsibility to provide the substantial data security and confidentiality of all the resources, data and information that are held in the organization which include local storage media, or remotely placed in order to ensure the continuous availability resources and data to the authorized users in the organization and also to provide integrity of these data and configuration controls (Ruskwig, 2012). Security policies a) The data