Resource: Principles offered in Case 3B.
Security Audit – create a typical generic template that could be used by any HR Department
Your team has been selected by the Chief Information Officer (CIO) to perform an audit of the HR Department. In your audit you will create a typical generic template that could be used by any HR Department. You will outline the plan by creating a bulleted list of steps and of the process (prioritized by severity to the organization) that highlight areas such as, but not limited to, regulations, compliance, policies, risks, threats, opportunities for improvements, and other significant security issues that might be observed during the audit.
For the benefit of the Audit Team, define each issue listed thoroughly, highlighting their significance, their effect on the organization, any resources and tools used to evaluate, the process and methods, recommendations, possible security measures that can be taken, and, finally, recommend any security measures that can be taken in various circumstances.
Build an Audit Chart in Excel® in which your Audit Team can post their findings that contain the six areas (prioritized by you) of significant security issues (listed above) and four additional blank spaces that were observed during the audit, vertically. List up to 10 different areas of the Human Resources Department audited across the top, horizontally. Label these areas.
During the audit, the auditors can place comments in the cells. Add to this Audit Chart a section of 20 lines below the chart to compose a “Summary of Findings.” This chart and summary of findings will be downloaded to the team’s tablets and completed during the audit then submitted to the IT Audit Manager for analysis leading to his/her final Audit Report. Copy this chart into the assignment, either into the outline or as an additional slide.
The entire assignment will be a minimum of a 1-page outline or a 4-slide presentation. The more specific details listed the better.