issc 471discussion reply
Respond to at least two student post of at least 150 words.
Discussion Points:
1. What is IT Security Auditing? What does it involve?
2. Why are Governance and Compliance Important?
3. Explain in details the roles and responsibilities in an organization associated with the following:
Risk Manager
Auditor
Executive Manager
4. Define the Certification and Accreditation (C&A) Process and briefly discuss the phases of C&A.
Student 1:
What is IT Security Auditing? What does it involve?
The text explains that “an IT security audit is an independent assessment of an organization’s internal policies, controls, and activities. You use an audit to assess the presence and effectiveness of IT controls and to ensure that those controls are compliant with stated policies.†Another way to think about the security audit is that an internal or external IT security auditor interviews employees, reviews access controls, analyzes physical access to hardware, and performs vulnerability scans. These reviews should occur, at a minimum, annually.
Why are Governance and Compliance Important?
A strong governance and compliance program can help to minimize threats and risks that companies are exposed to on a daily basis. Additionally, the program outlines how these same threats and risks are planned and designed for and assigns accountability across the organization.
Explain in details the roles and responsibilities in an organization associated with the following:
Risk Manager – the role of the risk manager is to identify and evaluate different types of risks that might affect an organization. The risk manager then takes the items identified and evaluate the impact on the business. Their job is to minimize, eliminate, or transfer the risk for each item.
Auditor – the role of the auditor, at least in an IT capacity, is to assess the internal controls and risks within a company’s technology network. They report problems, analyze data and increase internal controls.
Executive Manager – the role of the executive manager could be one of many in an organization. This is a general term used to describe a top-level manager in an organization who might be authorized to act on behalf of the company, hire and terminate personnel, among many other things.
Define the Certification and Accreditation (C&A) Process and briefly discuss the phases of C&A.
As the book notes, the Certification and Accreditation process is simply the auditing of a federal system before placing that system into a production environment. The C&A process ensures that efforts are made to mitigate risks. Security controls on information systems must be properly implemented and maintained. There are six steps to the C&A Process, which ultimately utilizes the Risk Management Framework (RMF). Those steps are: Categorizing the information system, giving consideration to the related data and the impact as a result of an incident; Selecting a baseline set of controls based on the previous categorization and supplementing the baseline as appropriate; Implementing and documenting the security controls; Assessing the security controls to ensure they are producing the desired results; Authorizing the operation of the information system based on an acceptable level of risk; and Monitoring the security controls continuously.
Resources
Martin, Weiss,, Solomon, G.. Auditing IT Infrastructures for Compliance, 2nd Edition. Jones & Bartlett Learning, 07/2015. VitalBook file.
-Michele
Student 2:
Hello Everyone,
For this week’s forum post we are to discuss and answer four different questions given to us by our teacher. 1. What is IT Security Auditing? “Security auditing is an independent assessment of an organization†(Weiss, 2011). Some agencies use internal auditors or hire a third party to conduct an audit. What does it involve? An audit test your IT teams effectiveness on security valuable data within the organization. They can also see if other aspects of the company are in order by conducting a financial audit
2. Why are Governance and Compliance Important? “Governance seeks to better run an organization using complete and accurate information and management processes or controls.†(Weiss, 2011). A good security policy that is being followed by the employees, ensures that everything is running well. Compliance is more of an outside influence, for example following OSHA, or other mandated state or federal laws.
3. Explain in detail the roles and responsibilities in an organization associated with the following:
Risk Manager: they ensure that the process set in place are followed to mitigate any damages.
Auditor: auditors check if processes are being followed. Auditors are can be both internal and external
Executive Manager: is the manager that oversee all these processes.
4. Define the Certification and Accreditation (C&A) Process and briefly discuss the phases of C&A.
Certification and Accreditation is being accredited and being an expert DoD Information Assurance Certification and Accreditation Process (DIACAP), National Information Assurance Certification and Accreditation Process (NIACAP), NIST Guide for the Security Certification and Accreditation of Federal Information Systems. The four stages include initiation where the everyone is on board with the testing of receiving the accreditation and the game plan on how to achieve that goal, security certification this is assessing the controls on the information systems, to make sure they are working properly, (Weiss, 2011). With the security certification working in order, this may result in obtaining the accreditation. Lastly continuous monitoring which ensures standards are being kept so that the accreditation is not lost.
Weiss, Martin, Solomon, G., M. Auditing IT Infrastructures for Compliance. [VitalSource].
-Carlos
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!
NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.
