Information Security Audit And Assurance Essay Example | Topics and Well Written Essays - 3250 words

Information Security Audit And Assurance - Essay Example Data is stored in a database that makes access, retrieval and manipulation easy and more secure (Chrisopher, 2012). The Department of information technology in the organization oversees the security of the information system and hardware that is used in running all the activities in the organization. Computer and information security entails the safeguarding of computer resources, limiting access to authorized users, ensuring data integrity, maintaining data confidentiality and enhancing accountability in the organization (Chrisopher, 2012). The effective security will therefore involve taking security measures to ensure hardware and media are not stolen or damaged. Developing back –up strategies to minimize loss of data and information, encryption of sensitive data files and appropriate user identification (Ruskwig, 2012). Audit checklist: INFORMATION SECURITY SYSTEM AUDIT AND ASSUARANCE CHECKLIST Personnel/ Human resources Check item Answer Responsibility Who has the respons ibility for ensuring system security? employee Do employees and other users of the system have the knowledge and training on how to handle security threats? Training Do the personnel and staff member with any responsibility of system security have adequate training and do they receive training to support their roles? Computer security policy Is there a documented security policy that is fully supported by the senior management , with associated operating systems Non – disclosure Agreements Is there confidentiality agreements to sensitive employee data and information and its disclosure to third parties Process Audit Are the installed systems in the company including security systems and firewalls installed in the company audited on a regular basis? Software patches Do mechanisms exist that are used to deploy software patches at the security systems in the company in a timely and audited manner? Data protection Are employee and company data well secured in the database? And co mply with the legislative frameworks such as data privacy Act. Authentication Are there reliable and effective authentication mechanisms in the organization? Technology External network security Are there security measures such as intrusion detectors, firewalls that are used to protect against external computer access such as internet. Are these safety measures authorized by the senior management. Content monitoring Is there proper monitoring of the content of emails, and internet to prevent virus infection, internet fraud, SPAM and also litigation from the improper use and improper content. Anti virus Is there an installed antivirus and is it up to date, are all users trained and educated on how to identify and avoid suspected files to avoid virus and malware infection. Physical security Are critical IT systems, equipment and servers, stored in a secure and protected area free from unauthorized access? Security policy. Policy statement: The department of information technology in t he organization is vested with the responsibility to provide the substantial data security and confidentiality of all the resources, data and information that are held in the organization which include local storage media, or remotely placed in order to ensure the continuous availability resources and data to the authorized users in the organization and also to provide integrity of these data and configuration controls (Ruskwig, 2012). Security policies: a) The data