02 Jun DESCRIBE THE PARAMETERS REQUIRED TO CONDUCT AND REPORT ON IT INFRASTRUCTURE AUDIT FOR ORGANIZATIONAL COMPLIANCE.
Describe the components and basic requirements for creating an audit plan to support business and system considerations.
• Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance.
Auditing in IT is the monitoring and validation of safeguards that are put in place to protect information. These safeguards are categorized as controls. Controls are sets or groups of safeguards that relate to different areas within IT systems such as the implementation of security features in hardware and software, administrative processes such as written administrative polices and user agreements.
Controls are categorized into families which define the type of control to be complied to and classes. Classes include management, operational and technical.
ASSESSMENTS WITHIN THE SYSTEM DEVELOPMENT LIFE CYCLE
Security assessments can be effectively carried out at various stages in the system development life cycle to increase the grounds for confidence that the security controls employed within or inherited by an information system are effective in their application. Assessment activities in the initial system development life cycle phases include, for example, design and code reviews, application scanning, and regression testing. Security weaknesses and deficiencies identified early in the system development life cycle can be resolved more quickly and in a much more cost-effective manner before proceeding to subsequent phases in the life cycle. The objective is to identify the information security architecture and security controls up front and to ensure that the system design and testing validate the implementation of these controls. The assessment procedures described in Appendix F of the NIST SP 800-53A can support these types of technical assessments carried out during the initial stages of the system development life cycle. Security assessments are also routinely conducted by information system owners, common control providers, information system security officers, independent assessors, auditors, and Inspectors General during the operations and maintenance phase of the life cycle to ensure that security controls are effective and continue to be effective in the operational environment where the system is deployed. For example, organizations assess all security controls employed within and inherited by the information system during the initial security authorization. Subsequent to the initial authorization, the organization assesses the security controls (including management, operational, and technical controls) on an ongoing basis. The frequency of such monitoring is based on the continuous monitoring strategy developed by the information system owner or common control provider and approved by the authorizing official.
As previously stated, organizations develop controls based on laws, regulations, best practices and industry standards. These controls are audited periodically to validate that processes are in place and working. This responsibility is that of the Auditor also referred to as the Security Control Assessor, who will independently validate these controls to ensure compliance and report the findings to higher authority.
The National Institute of Standards and Technology (NIST) has developed a series of specialized publications that layout the framework for the implementation, operation and management of information Technology. Controls can be found within the NIST Special Publication 800-53A which you can find in the Student Center under Additional Resources.
Refer to the Assessment Procedures in NIST Special Publication 800-53A and complete the following;
1. Complete the table below by determining the 18 Families and their corresp
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Writedemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.