StudentShare solutions
Triangle menu

Security Audit - Essay Example

Nobody downloaded yet

Extract of sample
Security Audit

Also, some team members violated integrity and confidentiality assertions by disclosing information to external parties. This paper entails the details and implications of security audit procedures carried out and observations noted. Conducting audit Lafleur has a complicated network of information systems in place, with various remote offices and centralized IT function. Therefore, to evaluate this complex system, detailed audit procedures were planned including manual as well as automated assessments. Manual assessments mainly comprised interviewing procedures, performing physical checks and security scans and reviewing effectiveness of application and logical controls at different levels of organization. We prepared system notes after developing comprehensive understanding of company’s business activities. Thereafter, we conducted meetings with IT personnel to identify weaker areas requiring more attention and discuss IT policies and procedures. An exhaustive review of organogram was conducted to ensure proper segregation of duties were in place between employees holding influential or connected positions such as COO and CIO or programmer and end-user. Automated assessments were computer-aided techniques whereby software was used to assess reporting and change management capabilities of system. All operating systems, physical equipment and applications were appraised for their technical specifications and development capabilities. Contingency and disaster recovery planning for each office was reviewed for effectiveness, physically inspecting for any alternate site and analyzing backup procedures for critical data. Physical security controls, including key cards and biometric devices to different offices were checked for any loopholes allowing unauthorized access. Moreover, environmental controls were also verified to be in place, regulating appropriate temperature and providing adequate fire-fighting equipment and uninterrupted power supply. Additional physical security checks were checked and recommendations were made accordingly, such as bodyguards, locks, single entry points and surveillance systems. Due to remote offices and presence of wireless networking, interception during transmission of data was a crucial issue and was tested through procedures. It was ensured that networks are accessible and available at all times to all offices since there is a centralized IT function. ( Recommendations Based on findings and observations noted during fieldwork, we made some voluntary and mandatory recommendations to improve information system controls. We recommended that encryption be adopted to avoid intrusion of sensitive data during transmission on wireless networks. Often malwares limit the passage of traffic allowed on network. To combat this, we recommended that firewalls, intrusion detection systems, and antivirus applications must be installed promptly. We highlighted more focus on protecting information flowing on enterprise systems, mail servers, intranet networks and host applications that are accessed by customers. Since this company relies heavily on wireless networks, we suggested that dual-control access keys must be designed, maintaining them on system that is exclusively accessible to authorized personnel only (Saint-Germain, 2005). We laid great emphasis on monitoring closely all activities being carried out on the network, ...Show more


Security Audit: Lafleur Trading Company Introduction Lafleur Trading Company is a multinational concern based in Canada, dealing in wholesale of food items. As part of overall task, a security audit was conducted in respect of information systems incorporated at this organization…
Author : jaymebayer
Security Audit essay example
Read Text Preview
Save Your Time for More Important Things
Let us write or edit the essay on your topic
"Security Audit"
with a personal 20% discount.
Grab the best paper

Check these samples - they also fit your topic

Network security
However, there are many challenges that organizations have to overcome for securing the information on the network as well as in the servers. Certified skilled professionals, certified vulnerability assessment tools, incident response management teams and other relevant staff plays a significant role for protecting and detecting potential threats and vulnerabilities that may or have compromise the network to gain access to business critical information of the organization.
8 pages (2000 words) Essay
Information Security Audit And Assurance
The collection, input, storage, processing and the dissemination of data and information in the organizations database. Increase in the use of information technology in the organization has made the operations and activities in the organization more effective.
13 pages (3250 words) Essay
Security Risk Assessment and Audit into the connection of the internal network with the Internet
In order to prevent the above from occurring, confidentiality, integrity, and availability of information has to be controlled through a careful process. Information confidentiality is maintained by preventing unauthorized persons from accessing vital system information.
18 pages (4500 words) Essay
How Should Organizational Information Systems Be Audited for Security
In addition, the extensive scope of work comprises the evaluation of wide-ranging processes and application controls. Additionally, the present condition of technology necessitates audit steps that share to testing methods of access paths appearing due to the connectivity of LAN or local-area networks, WAN or wide-area networks, Internet, intranet etc., in the information technology environment (U.
4 pages (1000 words) Essay
IT Audit & Security controls at ABC Company
They can remain connected to their corporate networks to access any information required to perform their assignments. This anytime and anywhere performance of workforce leads to increased productivity for businesses and organizations. According to IDC report published in 2006, by the end of 2006 roughly two-thirds (66.0%) of U.S.
25 pages (6250 words) Essay
Non-financial audit
In this regard, a report is issued by the basis of results that comes out from the auditing process of a company by them. The validity and
9 pages (2250 words) Essay
Security Audits
A security audit is the a final steps towards implementing an organization’s security protocols. In order to determine and mitigate risks, it is essential to run a risk analysis to understand what will be at risk.
2 pages (500 words) Essay
Chapter 3, Security Surveys and the Audit, in the Fennelly textbook
is the recent Detroit failed plane terrorist takeover case, where the security instruments failed to detect the guns carried by the terrorists as they boarded the plane. Other incidences where conventional policing has failed include the increasing shootings in academic
2 pages (500 words) Essay
Acceptable Use Policy & Security Audit
People using the various networks and computer systems should not intimidate, insult, deform and threaten other users is not permitted. This might lead to disciplinary action through legal suits. Users have
2 pages (500 words) Essay
Acceptable Use Policy & Security Audit
AUP are supposed to be clear and cover so many points in regard to users, what and not they are allowed to do in regard to the IT systems. In case it is not detailed, it should always refer to a comprehensive policy. By the use of the
2 pages (500 words) Essay
Hire a pro to write
a paper under your requirements!
Win a special DISCOUNT!
Put in your e-mail and click the button with your lucky finger
Your email
Comments (0)
Click to create a comment
Contact Us