Documente Academic
Documente Profesional
Documente Cultură
AUDIT:
ACHIEVING SUCCESSFUL AUDIT OUTCOMES
Cara King
Senior IT Auditor, OIAC
Topic Introduction
OIAC will be working closely with the USO and the USG
CISO
Topic Objectives
Background Information
Board of Regents:
11.3 Information Security Policy
Background Information
Board of Regents:
11.3 Information Security Policy
Areas of Focus:
Areas of Focus:
Information Security
Management
1.
2.
Governance
Risk Assessment (Procedures Still Being
Developed)
3.
4.
Policies
IT Security Plan
1. Governance
1. Governance
1. Governance:
Example Artifacts:
meeting schedule
2. Risk Assessment
Example Artifacts:
3. Policies
3. Policies
3. Policies
Example Artifacts
4. IT Security Plan
Objective:
4. IT Security Plan:
4. IT Security Plan:
Example Artifact
Areas of Focus:
Information Security
Operations
1.
2.
3.
4.
4. SecurityAwareness,
Training, and Education
Objective:
4. SecurityAwareness,
Training, and Education
Role-based
There
Example Artifacts
SUMMARY EXAMPLE
ARTIFACTS, THUS FAR:
Security governance committee/security
steering committee charter
2. Charter membership list
3. Meeting schedule
4. Minutes of selected committee meetings
5. Verification of communication process
6. Recent risk assessment documents
7. Security policies documents
8. Proof of policy awareness/communications
9. Location/site of the readily available policies
10. A copy of the IT security plan including version
history
11. Copy of the Security Awareness, Training, and
Education program
12. Documented record of completed and needed
security training
1.
Points of Contact
Kenyatta Morrison
Director of Information Technology Audit
Office: 404-962-3028
kenyatta.morrison@usg.edu
Cara King
Senior IT Auditor
Office: 404-962-3024
cara.king@usg.edu
Thank
You