Abstract image of a woman sitting on books and studying on a laptop

Note Chapter 5 of the required textbook may be helpful in the com.docx

Download as DOCX, PDF
I
IlonaThornburg83

The document outlines an assignment to develop an IT infrastructure audit for an organization, emphasizing the planning process as essential for quality outcomes. Key components include defining audit scope, goals, and critical requirements, as well as assessing IT security through various analyses and ensuring compliance with applicable privacy laws. The assignment also specifies formatting and resource requirements, along with grading criteria based on clarity, organization, and adherence to guidelines.

Education
1 of 10
Download to read offline
1
2
3
4
5
6
7
8
9
10
Note: Chapter 5 of the required textbook may be helpful in the completion of the assignment. The audit planning process directly affects the quality of the outcome. A proper plan ensures that resources are focused on the right areas and that potential problems are identified early. A successful audit first outlines the objectives of the audit, the procedures that will be followed, and the required resources. Choose an organization you are familiar with and develop an eight to ten (8-10) page IT infrastructure audit for compliance in which you: Define the following items for an organization you are familiar with: Scope Goals and objectives Frequency of the audit Duration of the audit Identify the critical requirements of the audit for your chosen organization and explain why you consider them to be critical requirements. Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization. Develop a plan for assessing IT security for your chosen organization by conducting the following: Risk management Threat analysis Vulnerability analysis Risk assessment analysis Explain how to obtain information, documentation, and resources for the audit. Analyze how each of the seven (7) domains aligns within your chosen organization. Align the appropriate goals and objectives from the audit plan to each domain and provide a rationale for your alignment. Develop a plan that:
Examines the existence of relevant and appropriate security policies and procedures. Verifies the existence of controls supporting the policies. Verifies the effective implementation and ongoing monitoring of the controls. Identify the critical security control points that must be verified throughout the IT infrastructure, and develop a plan that includes adequate controls to meet high-level defined control objectives within this organization. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are: Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance. Describe the components and basic requirements for creating an audit plan to support business and system considerations Develop IT compliance audit plans Use technology and information resources to research issues in security strategy and policy formation. Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions. Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing
skills, using the following rubric. Points: 200 Term Paper: Planning an IT Infrastructure Audit for Compliance Criteria Unacceptable Below 60% F Meets Minimum Expectations 60-69% D Fair 70-79% C Proficient 80-89% B Exemplary 90-100% A 1. Define the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit. Weight: 5% Did not submit or incompletely defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit. Insufficiently defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit. Partially defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit. Satisfactorily defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c)
Frequency of the audit; d) Duration of the audit. Thoroughly defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit. 2. Identify the critical requirements of the audit for your chosen organization and explain why you consider them to be critical requirements. Weight: 10% Did not submit or incompletely identified the critical requirements of the audit for your chosen organization and did not submit or incompletely explained why you consider them to be critical requirements. Insufficiently identified the critical requirements of the audit for your chosen organization and insufficiently explained why you consider them to be critical requirements. Partially identified the critical requirements of the audit for your chosen organization and partially explained why you consider them to be critical requirements. Satisfactorily identified the critical requirements of the audit for your chosen organization and satisfactorily explained why you consider them to be critical requirements. Thoroughly identified the critical requirements of the audit for your chosen organization and thoroughly explained why you consider them to be critical requirements. 3. Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization. Weight: 5% Did not submit or incompletely chose privacy laws that apply to the organization, and did not submit or incompletely suggested who is responsible for privacy within the organization.
Insufficiently chose privacy laws that apply to the organization, and insufficiently suggested who is responsible for privacy within the organization. Partially chose privacy laws that apply to the organization, and partially suggested who is responsible for privacy within the organization. Satisfactorily chose privacy laws that apply to the organization, and satisfactorily suggested who is responsible for privacy within the organization. Thoroughly chose privacy laws that apply to the organization, and thoroughly suggested who is responsible for privacy within the organization. 4. Develop a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis. Weight: 20% Did not submit or incompletely developed a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis. Insufficiently developed a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis. Partially developed a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis. Satisfactorily developed a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management;
b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis. Thoroughly developed a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis. 5. Explain how to obtain information, documentation, and resources for the audit. Weight: 5% Did not submit or incompletely explained how to obtain information, documentation, and resources for the audit. Insufficiently explained how to obtain information, documentation, and resources for the audit. Partially explained how to obtain information, documentation, and resources for the audit. Satisfactorily explained how to obtain information, documentation, and resources for the audit. Thoroughly explained how to obtain information, documentation, and resources for the audit. 6. Analyze how each of the seven (7) domains aligns within your chosen organization. Weight: 5% Did not submit or incompletely analyzed how each of the seven (7) domains aligns within your chosen organization. Insufficiently analyzed how each of the seven (7) domains aligns within your chosen organization. Partially analyzed how each of the seven (7) domains aligns within your chosen organization. Satisfactorily analyzed how each of the seven (7) domains aligns within your chosen organization. Thoroughly
analyzed how each of the seven (7) domains aligns within your chosen organization. 7. Align the appropriate goals and objectives from the audit plan to each domain and provide a rationale for your alignment. Weight: 5% Did not submit or incompletely aligned the appropriate goals and objectives from the audit plan to each domain and did not submit or incompletely provided a rationale for your alignment. Insufficiently aligned the appropriate goals and objectives from the audit plan to each domain and insufficiently provided a rationale for your alignment. Partially aligned the appropriate goals and objectives from the audit plan to each domain and partially provided a rationale for your alignment. Satisfactorily aligned the appropriate goals and objectives from the audit plan to each domain and satisfactorily provided a rationale for your alignment. Thoroughly aligned the appropriate goals and objectives from the audit plan to each domain and thoroughly provided a rationale for your alignment. 8. Develop a plan that: a) Examines the existence of relevant and appropriate security policies and procedures; b) Verifies the existence of controls supporting the policies; c) Verifies the effective implementation and ongoing monitoring of the controls. Weight: 20% Did not submit or incompletely developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls.
Insufficiently developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls. Partially developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls. Satisfactorily developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls. Thoroughly developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls. 9. Identify the critical security control points that must be verified throughout the IT infrastructure, and develop a plan that includes adequate controls to meet high-level defined control objectives within this organization. Weight: 15% Did not submit or incompletely identified the critical security control points that must be verified throughout the IT infrastructure, and did not submit or incompletely developed a plan that includes adequate controls to meet high-level defined control objectives within this organization. Insufficiently identified the critical security control points that must be verified throughout the IT infrastructure, and insufficiently developed a plan that includes adequate controls to meet high-level defined control objectives within this organization. Partially identified the critical security control points that must
be verified throughout the IT infrastructure, and partially developed a plan that includes adequate controls to meet high- level defined control objectives within this organization. Satisfactorily identified the critical security control points that must be verified throughout the IT infrastructure, and satisfactorily developed a plan that includes adequate controls to meet high-level defined control objectives within this organization. Thoroughly identified the critical security control points that must be verified throughout the IT infrastructure, and thoroughly developed a plan that includes adequate controls to meet high-level defined control objectives within this organization. 10. 3 references Weight: 5% No references provided Does not meet the required number of references; all references poor quality choices. Does not meet the required number of references; some references poor quality choices. Meets number of required references; all references high quality choices. Exceeds number of required references; all references high quality choices. 11. Clarity, writing mechanics, and formatting requirements Weight: 5% More than 8 errors present 7-8 errors present 5-6 errors present 3-4 errors present 0-2 errors present
Note Chapter 5 of the required textbook may be helpful in the com.docx

More Related Content

DOCX
Term Paper Planning an IT Infrastructure Audit for Compliance  Due .docx
felicitytaft14745
 
DOCX
Planning an IT Infrastructure Audit for ComplianceThe audit planni.docx
rosacrosdale
 
DOCX
Text book title and AuthorMoeller, Robert R. IT audit, cont.docx
mehek4
 
DOC
Strayer cis 349 week 10 term paper planning an it infrastructure audit for co...
shyaminfo30
 
DOC
Uop cis 349 week 10 term paper planning an it infrastructure audit for compli...
uopassignment
 
DOC
Uop cis 349 week 10 term paper planning an it infrastructure audit for compli...
eyavagal
 
DOC
Uop cis 349 week 10 term paper planning an it infrastructure audit for compli...
uopassignment
 
DOC
Uop cis 349 week 10 term paper planning an it infrastructure audit for compli...
chanduruc123
 
Term Paper Planning an IT Infrastructure Audit for Compliance  Due .docx
felicitytaft14745
 
Planning an IT Infrastructure Audit for ComplianceThe audit planni.docx
rosacrosdale
 
Text book title and AuthorMoeller, Robert R. IT audit, cont.docx
mehek4
 
Strayer cis 349 week 10 term paper planning an it infrastructure audit for co...
shyaminfo30
 
Uop cis 349 week 10 term paper planning an it infrastructure audit for compli...
uopassignment
 
Uop cis 349 week 10 term paper planning an it infrastructure audit for compli...
eyavagal
 
Uop cis 349 week 10 term paper planning an it infrastructure audit for compli...
uopassignment
 
Uop cis 349 week 10 term paper planning an it infrastructure audit for compli...
chanduruc123
 

Similar to Note Chapter 5 of the required textbook may be helpful in the com.docx (20)

DOC
Uop cis 349 week 10 term paper planning an it infrastructure audit for compli...
matthewtaylorliam12
 
DOC
Cis 349 week 10 term paper planning an it infrastructure audit for compliance
shyaminfo4
 
DOCX
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
manningchassidy
 
DOCX
erm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
eleanorabarrington
 
DOCX
Points 200 Term Paper The Rookie Chief Information Security .docx
LeilaniPoolsy
 
PPT
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
DOCX
Term Paper The Rookie Chief Information Security Officer.docx
manningchassidy
 
DOCX
The Rookie Chief Information Security OfficerThis assignment consi.docx
Komlin1
 
DOCX
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
aryan532920
 
DOCX
The Rookie Chief Information Security OfficerWorth 200 poi
jacvzpline
 
DOCX
Term Paper Security Regulation ComplianceDue Week 10 and worth 10.docx
johniemcm5zt
 
PPTX
Cyber Security Audit and Information Security.pptx
alamba570
 
DOCX
Assignment 1 Developing the Corporate Strategy for Information Secu.docx
murgatroydcrista
 
DOCX
Term Paper The Rookie Chief Information Security OfficerD
alehosickg3
 
DOCX
IT 549 Final Project Guidelines and Rubric Overview .docx
christiandean12115
 
DOCX
The Rookie Chief Information Security OfficerDue Week 10 and w.docx
teresehearn
 
DOCX
Assignment ContentYou are part of a team selected by the C.docx
lesleyryder69361
 
DOCX
Assignment ContentYou are part of a team selected by the Chi.docx
lesleyryder69361
 
DOCX
This assignment consists of five (5) parts     Part 1 Organi.docx
gasciognecaren
 
DOC
Strayer cis 558 week 10 term paper managing an it infrastructure audit
ElijahEthaan
 
Uop cis 349 week 10 term paper planning an it infrastructure audit for compli...
matthewtaylorliam12
 
Cis 349 week 10 term paper planning an it infrastructure audit for compliance
shyaminfo4
 
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docx
manningchassidy
 
erm Paper Managing an IT Infrastructure AuditDue Week 10 and wo
eleanorabarrington
 
Points 200 Term Paper The Rookie Chief Information Security .docx
LeilaniPoolsy
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
Term Paper The Rookie Chief Information Security Officer.docx
manningchassidy
 
The Rookie Chief Information Security OfficerThis assignment consi.docx
Komlin1
 
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
aryan532920
 
The Rookie Chief Information Security OfficerWorth 200 poi
jacvzpline
 
Term Paper Security Regulation ComplianceDue Week 10 and worth 10.docx
johniemcm5zt
 
Cyber Security Audit and Information Security.pptx
alamba570
 
Assignment 1 Developing the Corporate Strategy for Information Secu.docx
murgatroydcrista
 
Term Paper The Rookie Chief Information Security OfficerD
alehosickg3
 
IT 549 Final Project Guidelines and Rubric Overview .docx
christiandean12115
 
The Rookie Chief Information Security OfficerDue Week 10 and w.docx
teresehearn
 
Assignment ContentYou are part of a team selected by the C.docx
lesleyryder69361
 
Assignment ContentYou are part of a team selected by the Chi.docx
lesleyryder69361
 
This assignment consists of five (5) parts     Part 1 Organi.docx
gasciognecaren
 
Strayer cis 558 week 10 term paper managing an it infrastructure audit
ElijahEthaan
 

More from IlonaThornburg83 (20)

DOCX
One aspect of epidemiology is the study of the epidemic, endemic, an.docx
IlonaThornburg83
 
DOCX
Once you click the Assignment icon above, you will find links to Qui.docx
IlonaThornburg83
 
DOCX
one day when you woke up you saw doreman in you room .he has a tim.docx
IlonaThornburg83
 
DOCX
One afternoon at work, Natalie received a phone call from her daught.docx
IlonaThornburg83
 
DOCX
Once the United States got involved in World War I, what role did it.docx
IlonaThornburg83
 
DOCX
Once a Delinquent, Always a Delinquent  Please respond to the foll.docx
IlonaThornburg83
 
DOCX
On page 118 of your textbook is a picture of the sculpture Pietà by .docx
IlonaThornburg83
 
DOCX
Once a disease is thought to be caused by an infectious agent, a r.docx
IlonaThornburg83
 
DOCX
Once you have identified two questions that interest you, conduct an.docx
IlonaThornburg83
 
DOCX
On December 31, 2015, Ms. Levine CPA, your manager and the treasurer.docx
IlonaThornburg83
 
DOCX
On Dumpster Diving” by Lars Eighner (50 Essays, p. 139-15.docx
IlonaThornburg83
 
DOCX
Ok so I have done all the calculations, graphs and interpritations m.docx
IlonaThornburg83
 
DOCX
Ok so I know this is extreme short notice but I have a final 6 page .docx
IlonaThornburg83
 
DOCX
Offenses and Punishment. Please respond to the following Explai.docx
IlonaThornburg83
 
DOCX
Omit all general journal entry explanations.Be sure to include c.docx
IlonaThornburg83
 
DOCX
Offer an alternative explanation for how these patterns of criminal .docx
IlonaThornburg83
 
DOCX
Often, as a business operates, the partners bring some of their pers.docx
IlonaThornburg83
 
DOCX
Of all the GNR technologies (genetic engineering, nanotechnology and.docx
IlonaThornburg83
 
DOCX
Of the five management functions, which do you expect will experienc.docx
IlonaThornburg83
 
DOCX
Of the numerous forms of communication technologies presented in thi.docx
IlonaThornburg83
 
One aspect of epidemiology is the study of the epidemic, endemic, an.docx
IlonaThornburg83
 
Once you click the Assignment icon above, you will find links to Qui.docx
IlonaThornburg83
 
one day when you woke up you saw doreman in you room .he has a tim.docx
IlonaThornburg83
 
One afternoon at work, Natalie received a phone call from her daught.docx
IlonaThornburg83
 
Once the United States got involved in World War I, what role did it.docx
IlonaThornburg83
 
Once a Delinquent, Always a Delinquent  Please respond to the foll.docx
IlonaThornburg83
 
On page 118 of your textbook is a picture of the sculpture Pietà by .docx
IlonaThornburg83
 
Once a disease is thought to be caused by an infectious agent, a r.docx
IlonaThornburg83
 
Once you have identified two questions that interest you, conduct an.docx
IlonaThornburg83
 
On December 31, 2015, Ms. Levine CPA, your manager and the treasurer.docx
IlonaThornburg83
 
On Dumpster Diving” by Lars Eighner (50 Essays, p. 139-15.docx
IlonaThornburg83
 
Ok so I have done all the calculations, graphs and interpritations m.docx
IlonaThornburg83
 
Ok so I know this is extreme short notice but I have a final 6 page .docx
IlonaThornburg83
 
Offenses and Punishment. Please respond to the following Explai.docx
IlonaThornburg83
 
Omit all general journal entry explanations.Be sure to include c.docx
IlonaThornburg83
 
Offer an alternative explanation for how these patterns of criminal .docx
IlonaThornburg83
 
Often, as a business operates, the partners bring some of their pers.docx
IlonaThornburg83
 
Of all the GNR technologies (genetic engineering, nanotechnology and.docx
IlonaThornburg83
 
Of the five management functions, which do you expect will experienc.docx
IlonaThornburg83
 
Of the numerous forms of communication technologies presented in thi.docx
IlonaThornburg83
 

Recently uploaded (20)

PPTX
pharmaceutics-1unit-1-221214121936-550b56aa.pptx
zonuntluangimph
 
PDF
Skin Care and Cosmetic Ingredients Dictionary ( PDFDrive ).pdf
SahianAlondraPichard
 
PPTX
Reproductive system-Human anatomy and physiology
ZenyTilwani1
 
PPTX
Diploma pharmaceutics notes..helps diploma students
zonuntluangimph
 
PPTX
4. Diagnosis and treatment planning in RPD.pptx
rakshasb
 
PDF
PUBH1000 - Module 6: Global Health Tute Slides
Jonathan Hallett
 
PDF
African Communication Research: A review
AgathaMashindano1
 
PDF
anganwadi services for the b.sc nursing and GNM
shaila55
 
PDF
fundamentals-of-heat-and-mass-transfer-6th-edition_incropera.pdf
gloryjsingh
 
PDF
Horaris_Grups_25-26_Definitiu_15_07_25.pdf
rpujol11
 
PPTX
2025 High Blood Pressure Guideline Slide Set.pptx
Ramesh Kumar
 
PDF
Journal of Dental Science - UDMY (2020).pdf
Nay Aung
 
PPTX
principlesofmanagementsem1slides-131211060335-phpapp01 (1).ppt
Jeyasunitha
 
PDF
faiz-khans about Radiotherapy Physics-02.pdf
FrancisKazoba
 
PPTX
Integrated Management of Neonatal and Childhood Illnesses (IMNCI) – Unit IV |...
RAKESH SAJJAN
 
PDF
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
PDF
Laparoscopic Colorectal Surgery at WLH Hospital
mohitsuren827
 
PDF
Physical education and sports and CWSN notes
0rajeev14
 
PDF
Journal of Dental Science - UDMY (2022).pdf
Nay Aung
 
PPTX
Case Study on mbsa education to learn ok
shashankkribsindia
 
pharmaceutics-1unit-1-221214121936-550b56aa.pptx
zonuntluangimph
 
Skin Care and Cosmetic Ingredients Dictionary ( PDFDrive ).pdf
SahianAlondraPichard
 
Reproductive system-Human anatomy and physiology
ZenyTilwani1
 
Diploma pharmaceutics notes..helps diploma students
zonuntluangimph
 
4. Diagnosis and treatment planning in RPD.pptx
rakshasb
 
PUBH1000 - Module 6: Global Health Tute Slides
Jonathan Hallett
 
African Communication Research: A review
AgathaMashindano1
 
anganwadi services for the b.sc nursing and GNM
shaila55
 
fundamentals-of-heat-and-mass-transfer-6th-edition_incropera.pdf
gloryjsingh
 
Horaris_Grups_25-26_Definitiu_15_07_25.pdf
rpujol11
 
2025 High Blood Pressure Guideline Slide Set.pptx
Ramesh Kumar
 
Journal of Dental Science - UDMY (2020).pdf
Nay Aung
 
principlesofmanagementsem1slides-131211060335-phpapp01 (1).ppt
Jeyasunitha
 
faiz-khans about Radiotherapy Physics-02.pdf
FrancisKazoba
 
Integrated Management of Neonatal and Childhood Illnesses (IMNCI) – Unit IV |...
RAKESH SAJJAN
 
0520_Scheme_of_Work_(for_examination_from_2021).pdf
SankariNandakumar
 
Laparoscopic Colorectal Surgery at WLH Hospital
mohitsuren827
 
Physical education and sports and CWSN notes
0rajeev14
 
Journal of Dental Science - UDMY (2022).pdf
Nay Aung
 
Case Study on mbsa education to learn ok
shashankkribsindia
 

Note Chapter 5 of the required textbook may be helpful in the com.docx

  • 1. Note: Chapter 5 of the required textbook may be helpful in the completion of the assignment. The audit planning process directly affects the quality of the outcome. A proper plan ensures that resources are focused on the right areas and that potential problems are identified early. A successful audit first outlines the objectives of the audit, the procedures that will be followed, and the required resources. Choose an organization you are familiar with and develop an eight to ten (8-10) page IT infrastructure audit for compliance in which you: Define the following items for an organization you are familiar with: Scope Goals and objectives Frequency of the audit Duration of the audit Identify the critical requirements of the audit for your chosen organization and explain why you consider them to be critical requirements. Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization. Develop a plan for assessing IT security for your chosen organization by conducting the following: Risk management Threat analysis Vulnerability analysis Risk assessment analysis Explain how to obtain information, documentation, and resources for the audit. Analyze how each of the seven (7) domains aligns within your chosen organization. Align the appropriate goals and objectives from the audit plan to each domain and provide a rationale for your alignment. Develop a plan that:
  • 2. Examines the existence of relevant and appropriate security policies and procedures. Verifies the existence of controls supporting the policies. Verifies the effective implementation and ongoing monitoring of the controls. Identify the critical security control points that must be verified throughout the IT infrastructure, and develop a plan that includes adequate controls to meet high-level defined control objectives within this organization. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are: Describe the parameters required to conduct and report on IT infrastructure audit for organizational compliance. Describe the components and basic requirements for creating an audit plan to support business and system considerations Develop IT compliance audit plans Use technology and information resources to research issues in security strategy and policy formation. Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions. Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing
  • 3. skills, using the following rubric. Points: 200 Term Paper: Planning an IT Infrastructure Audit for Compliance Criteria Unacceptable Below 60% F Meets Minimum Expectations 60-69% D Fair 70-79% C Proficient 80-89% B Exemplary 90-100% A 1. Define the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit. Weight: 5% Did not submit or incompletely defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit. Insufficiently defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit. Partially defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit. Satisfactorily defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c)
  • 4. Frequency of the audit; d) Duration of the audit. Thoroughly defined the following items for an organization you are familiar with: a) Scope; b) Goals and objectives; c) Frequency of the audit; d) Duration of the audit. 2. Identify the critical requirements of the audit for your chosen organization and explain why you consider them to be critical requirements. Weight: 10% Did not submit or incompletely identified the critical requirements of the audit for your chosen organization and did not submit or incompletely explained why you consider them to be critical requirements. Insufficiently identified the critical requirements of the audit for your chosen organization and insufficiently explained why you consider them to be critical requirements. Partially identified the critical requirements of the audit for your chosen organization and partially explained why you consider them to be critical requirements. Satisfactorily identified the critical requirements of the audit for your chosen organization and satisfactorily explained why you consider them to be critical requirements. Thoroughly identified the critical requirements of the audit for your chosen organization and thoroughly explained why you consider them to be critical requirements. 3. Choose privacy laws that apply to the organization, and suggest who is responsible for privacy within the organization. Weight: 5% Did not submit or incompletely chose privacy laws that apply to the organization, and did not submit or incompletely suggested who is responsible for privacy within the organization.
  • 5. Insufficiently chose privacy laws that apply to the organization, and insufficiently suggested who is responsible for privacy within the organization. Partially chose privacy laws that apply to the organization, and partially suggested who is responsible for privacy within the organization. Satisfactorily chose privacy laws that apply to the organization, and satisfactorily suggested who is responsible for privacy within the organization. Thoroughly chose privacy laws that apply to the organization, and thoroughly suggested who is responsible for privacy within the organization. 4. Develop a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis. Weight: 20% Did not submit or incompletely developed a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis. Insufficiently developed a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis. Partially developed a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis. Satisfactorily developed a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management;
  • 6. b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis. Thoroughly developed a plan for assessing IT security for your chosen organization by conducting the following: a) Risk management; b) Threat analysis; c) Vulnerability analysis; d) Risk assessment analysis. 5. Explain how to obtain information, documentation, and resources for the audit. Weight: 5% Did not submit or incompletely explained how to obtain information, documentation, and resources for the audit. Insufficiently explained how to obtain information, documentation, and resources for the audit. Partially explained how to obtain information, documentation, and resources for the audit. Satisfactorily explained how to obtain information, documentation, and resources for the audit. Thoroughly explained how to obtain information, documentation, and resources for the audit. 6. Analyze how each of the seven (7) domains aligns within your chosen organization. Weight: 5% Did not submit or incompletely analyzed how each of the seven (7) domains aligns within your chosen organization. Insufficiently analyzed how each of the seven (7) domains aligns within your chosen organization. Partially analyzed how each of the seven (7) domains aligns within your chosen organization. Satisfactorily analyzed how each of the seven (7) domains aligns within your chosen organization. Thoroughly
  • 7. analyzed how each of the seven (7) domains aligns within your chosen organization. 7. Align the appropriate goals and objectives from the audit plan to each domain and provide a rationale for your alignment. Weight: 5% Did not submit or incompletely aligned the appropriate goals and objectives from the audit plan to each domain and did not submit or incompletely provided a rationale for your alignment. Insufficiently aligned the appropriate goals and objectives from the audit plan to each domain and insufficiently provided a rationale for your alignment. Partially aligned the appropriate goals and objectives from the audit plan to each domain and partially provided a rationale for your alignment. Satisfactorily aligned the appropriate goals and objectives from the audit plan to each domain and satisfactorily provided a rationale for your alignment. Thoroughly aligned the appropriate goals and objectives from the audit plan to each domain and thoroughly provided a rationale for your alignment. 8. Develop a plan that: a) Examines the existence of relevant and appropriate security policies and procedures; b) Verifies the existence of controls supporting the policies; c) Verifies the effective implementation and ongoing monitoring of the controls. Weight: 20% Did not submit or incompletely developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls.
  • 8. Insufficiently developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls. Partially developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls. Satisfactorily developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls. Thoroughly developed a plan that: a) Examined the existence of relevant and appropriate security policies and procedures; b) Verified the existence of controls supporting the policies; c) Verified the effective implementation and ongoing monitoring of the controls. 9. Identify the critical security control points that must be verified throughout the IT infrastructure, and develop a plan that includes adequate controls to meet high-level defined control objectives within this organization. Weight: 15% Did not submit or incompletely identified the critical security control points that must be verified throughout the IT infrastructure, and did not submit or incompletely developed a plan that includes adequate controls to meet high-level defined control objectives within this organization. Insufficiently identified the critical security control points that must be verified throughout the IT infrastructure, and insufficiently developed a plan that includes adequate controls to meet high-level defined control objectives within this organization. Partially identified the critical security control points that must
  • 9. be verified throughout the IT infrastructure, and partially developed a plan that includes adequate controls to meet high- level defined control objectives within this organization. Satisfactorily identified the critical security control points that must be verified throughout the IT infrastructure, and satisfactorily developed a plan that includes adequate controls to meet high-level defined control objectives within this organization. Thoroughly identified the critical security control points that must be verified throughout the IT infrastructure, and thoroughly developed a plan that includes adequate controls to meet high-level defined control objectives within this organization. 10. 3 references Weight: 5% No references provided Does not meet the required number of references; all references poor quality choices. Does not meet the required number of references; some references poor quality choices. Meets number of required references; all references high quality choices. Exceeds number of required references; all references high quality choices. 11. Clarity, writing mechanics, and formatting requirements Weight: 5% More than 8 errors present 7-8 errors present 5-6 errors present 3-4 errors present 0-2 errors present