Security Audit Paper

Security Audit Paper

Information systems auditing has evolved into both a profession and an organizational function. The effectiveness of information systems controls is evaluated through a process known as auditing. The security of information systems is maintained by measures taken to prevent threats to these systems or to detect and correct any damage. Security measures limit access to information to authorized personnel. Information systems have to be auditable by design in that every transaction can be traced. In other words, the audit trail must exist, making it possible to establish where each transaction originated and how it was processed. Information system security is the integrity and safety of its resources and actions.

Riordan Manufacturing implement a multi-layered approach to securing infrastructure systems with a primary focus on the Open Systems Interconnection (OSI) model. This approach addresses system vulnerabilities at each layer of the OSI model and deals with the specific vulnerabilities which occur at each layer. Riordan implements a Least-Privilege User Account Approach to limit user’s ability to access information and in the event of account compromise. The LUA approach limits user privilege based on task or job specific requirements limiting potential surface-area vulnerabilities. Riordan Manufacturing implements Microsoft System Center Configuration Manager 2012 which provides capabilities for uniform software and update deployment and configuration as well as asset intelligence, endpoint protection, and network access protection. Ensuring workstations meet required security standards and monitoring configuration change significantly reduces potential cyber security risk. The final aspect of the Cyber Security approach taken by Riordan Manufacturing is that of user education. End users are the front-lines for cyber security attack and providing current, accurate education to help users understand safe computing practices and how to recognize potential threats can reduce the potential posed by cyber-attack.

Pre-Audit

A pre-audit of Riordan Manufacturing organization is a means to understand what will be audited. The security audit team will assess whether the information systems safeguard the organization’s assets, if they maintain data integrity, and if they perform in an effective and efficient manner. The first item for the security audit team, will be to review previous audits that were conducted. This will give the audit team inside information on what parts of the company need more attention. The site survey is a technical depiction of the systems and as Hayes (2003) reports, “It also includes management and use demographics” (para. 11). The security audit team will review previous security incidents, if any, to determine if the issue has been resolved in a satisfactory way. The security audit

...