Nowadays, when information is considered to be one of the most valuable assets an organisation has, information security is a key issue for many businesses and organisations including universities. Information security is understood as managing the risks posed to organisations…
So, today every organisation needs to protect its information of any forms (Honan, 2009). Guttman and Roback (1995) assert that executives should view information security as an important management issue and seek to protect their information resources as they would any other valuable assets.
The ISO 27001 information security standard offers companies a risk-based approach to securing their information assets. ISO 27001 defines an ISMS, or Information Security Management System, that is “a part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security” (Calder, 2009, p.4). In this system the development and implementation of the audit processes in order to assess the security level of the organisational information system is a very significant aspect. The main objective of any audit is to establish difference between the standard specifications and the reality from the organisations. Also as Honan points out, an audit “provides a means of being alerted to critical events as they happen, …[as well as] provides a historical view of what happened so that incidents can be investigated” (2009, p.253).
The security audit of computing resources used by students in the computing laboratories on the first floor of the King William Building was conducted by the auditor of the AuditSec Company in response to the request of the School of Computing & Mathematics Sciences (CMS) in the University of Greenwich.
My overall audit objective was to test the effectiveness of selected information security politics in the CMS and to ensure that employees and students of the CMS operate in accordance with the specified procedures and requirements in meeting the organisation’s goals in relation to information security.
As was specified in the audit request, the current audit did not have to cover all ...
Cite this document
(“Course:Audit & Security Essay Example | Topics and Well Written Essays - 4000 words”, n.d.)
Retrieved from https://studentshare.net/miscellaneous/393806-courseaudit-security
(Course:Audit & Security Essay Example | Topics and Well Written Essays - 4000 Words)
“Course:Audit & Security Essay Example | Topics and Well Written Essays - 4000 Words”, n.d. https://studentshare.net/miscellaneous/393806-courseaudit-security.
However, there are many challenges that organizations have to overcome for securing the information on the network as well as in the servers. Certified skilled professionals, certified vulnerability assessment tools, incident response management teams and other relevant staff plays a significant role for protecting and detecting potential threats and vulnerabilities that may or have compromise the network to gain access to business critical information of the organization.
In this scenario, the technical potentials of the web based technology such as internet offer the facility for the information to be collected, shared, and dispersed, with relative easiness. In spite of the management lapse, customers are generally worried about the security of private information utilized by companies.
There is a greater need to realize a stronger user security and device identification and limit much of the insecurity. The paper identifies some of the common security threats that face people online. However, it is realized that while people are reactive about aspects of online security, they only invest slightly to reduce this risk.
Security audit refers to assessment of effectiveness of information systems and internal controls implemented by the company’s management. Several ethical issues are also faced during security audits such as role ambiguity existed between our team members during audit work causing conflicts and violation of hierarchy lines at times.
For the security breaches within data transfer, different encryption techniques are employed for the safe data travel but the data connecting to database servers must be subjected to policies and mechanisms to protect it from vulnerabilities. A broad spectrum of information security controls is employed on the database servers to protect it from vulnerabilities to its confidentiality, reliability and integrity.
The protection program can be executed against intrusion, trespass, acts of violence, theft, or fire.
The principal purpose of the security management is the development and implementation of procedures, policies, standards, training, and methods for identifying and protecting information, personnel, facilities, property, operations, or material from unauthorized misuse, disclosure, assault, theft, espionage, vandalism, sabotage, or loss.
A security audit is the a final steps towards implementing an organization’s security protocols. In order to determine and mitigate risks, it is essential to run a risk analysis to understand what will be at risk.
It is therefore significant that security is assessed in different contexts.
In their examination of the origins and development of security in medieval England Fischer et al (2008) indicate that throughout history the concept of security can be traced to