This Assignment Consists Of Four Sections. 344738
This Assignment Consists Of Four 4 Sections An Internal It Audit Po
This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan. You must submit all four (4) sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and/or assume all necessary assumptions needed for the completion of this assignment. Imagine you are an Information Security Manager for a large national retailer.
You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two-week IT audits. In addition to the typical networking and internetworking infrastructure of a medium-sized organization, the organization has the following characteristics: They have a main office and 268 stores in the U.S. They utilize a cloud computing environment for storage and applications. Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012. They have over 1000 desktops and approximately 500 organization-owned laptops in the main headquarters. They allow employees to bring their own devices into the organization; however, they are subject to being searched upon entry and exit from the building. They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners. They enable wireless access at the main office and the stores. They process an average of 67.2 credit card transactions per hour every day at each location and via their corporate website.
Section 1: Internal IT Audit Policy
Develop a four to five (4-5) page paper that creates an Internal IT Audit Policy, including:
- An overview of the policy
- The scope of the audits
- The goals and objectives
- Compliance with applicable laws and regulations
- Management oversight and responsibility
- The areas covered in the IT audits
- The frequency of the audits
Use at least two (2) credible resources to support your policy development. Ensure that your policy document explicitly addresses essential components that will guide the organization in conducting comprehensive and effective IT audits aligned with legal, regulatory, and organizational standards.
Section 2: Management Plan
Create a six to seven (6-7) page paper explaining the management plan for conducting IT audits, covering:
- Risk management strategies
- System software and applications management
- Wireless networking protocols and security
- Cloud computing architecture and oversight
- Virtualization technologies and control measures
- Cybersecurity policies and privacy protections
- Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP)
- Network security management
Include at least three (3) credible resources to substantiate your management plan. The plan should detail how each area will be monitored, evaluated, and improved during the audit process to ensure organizational resilience and compliance.
Section 3: Project Plan
Develop a detailed project plan using Microsoft Project or an open-source alternative like OpenProject. The plan should encompass tasks related to each of the major audit areas listed below, tailored for a two-week audit timeframe:
- Risk management
- System software and applications
- Wireless networking
- Cloud computing
- Virtualization
- Cybersecurity and privacy
- Network security
The project plan should specify task durations, dependencies, milestones, and resource allocation to ensure systematic coverage and timely completion within the two-week period. The plan will serve as a guide for auditors and project managers to execute the audit efficiently.
Section 4: Disaster Recovery Plan
Draft a six to seven (6-7) page Disaster Recovery Plan (DRP) that outlines procedures for recovering from a major incident or disaster affecting the organization. The plan must demonstrate that:
- The organization will experience no data loss.
- Immediate access to organizational data will be maintained in the event of a disaster.
- Critical systems will be operational within 48 hours of incident detection.
Include within your DRP the audit activities necessary to verify the effectiveness of the recovery procedures, ensuring the organization can meet the above requirements. The plan should incorporate incident response strategies, backup and restore procedures, communication protocols, and testing schedules, supported by at least three (3) credible resources.
Ensure each section begins with an introduction and concludes with a summary of key points. Your assignment must adhere to formatting standards: typed, double-spaced, Times New Roman font size 12, with one-inch margins. Include a cover page with the assignment title, your name, the professor’s name, the course title, and the date. Citations and references must follow APA format. The cover page and references are not included in the page count.