Discussion: Security Assessment and Testing

profileKWabena89

 

Your task: Develop an "intake" briefing for middle  managers who will be assisting in the planning and execution of an  internal audit of employee use of company owned laptops as part of the  company's "Work From Home" arrangements. The purpose of an "intake"  briefing is to get everyone "on the same page" with respect to what will  be done, who will do it, and what the roles & responsibilities of  the managers will be during the audit (e.g. assist with employee  contacts and "smooth ruffled feathers" amongst their workers).

Background: The purpose of the audit is to determine  how the laptops are being used by the employees working from home (what  corporate and non corporate systems, services, networks, and websites  are being accessed) and to uncover, if possible, any misuse (e.g. usage  that is outside of the company's acceptable use policy). The audit  should also look for evidence of laptops that are improperly configured  or have vulnerable software installed.

Background: The company will follow the Information  System Security Audit Process as defined by Harris & Maymi in the  CISSP All-in-One Exam Guide, 8th edition. The steps are:

  1. Determine Goals
  2. Involve the right business unit leaders
  3. Determine the scope
  4. Choose the audit team
  5. Plan the audit
  6. Conduct the audit
  7. Document the results
  8. Communicate the results

Format: this week, your deliverable should be  formatted as briefing paper (you will have a combination of paragraphs  and bullet points). You should have an introduction, "analysis" section  (explaining the ground rules and processes for how the audit will be  conducted), and an appropriate summary section (including an appeal for  cooperation and assistance). Include citations (in the text) and  references (at the end) to support your work and allow your readers to  fact check your analysis and conclusions.

    • 3 years ago
    • 10
    Answer(1)

    Purchase the answer to view it

    blurred-text
    • attachment
      SecurityAssessmentandTesting.docx