Please complete the attached word document on the following:Worksheet 3: Information Technology Audit and ControlFor this assignment, complete the following tasks within this worksheet. Refer to the scenario above and NIST 800-53 and 53A for reference when completing the spreadsheet contained in this worksheet. Ensure that you answer based on the information provided to you based on the Assessment Objective listed in the control and the data provided to you in the scenario. For example;
Unformatted Attachment Preview
Worksheet 3: Information Technology Audit and Control
Course Learning Outcome(s)
Explain the use of standards and frameworks in a compliance audit of an IT infrastructure.
You have been hired as an auditor for a local university. The university is preparing to undergo an
accreditation inspection to validate security controls are in place and adhered to and that data is
protected from unauthorized access from both people internal and external to the organization.
As the auditor, you play a key role in ensuring regulations and compliances are met. As the organization
prepares for its three-year accreditation, you are tasked with gathering the artifacts that will be used to
build the accreditation package.
Your university has an IT staff consisting of the following personnel:
CIO Overall in charge of network operations and cyber security.
Information Security Officer Implements and manages cyber security policies.
System Analysts Tasked with monitoring security features implemented on hosts (laptops, desktops)
and server side security (NIPS, NIDS).
Auditors Tasked with validating baseline compliance of systems in accordance with Security Technical
Information Guide (STIG), NIST, and Federal, state and local policies, regulations and laws.
System Administrators tasked with managing data and applications on servers.
Network Administrators tasked with managing all switches, routers, firewalls, and sensors.
Desktop Administrators Tasked with administering hardware and software to users and managing the
day to day trouble calls for users.
Help Desk Acts as the liaison between the customer and administrators through the use of a Ticket
Management System (TMS).
To ensure separation of duties, all employees are designated in writing the roles and responsibilities for
which they are responsible. Terminated employees are debriefed and physical and logical access
controls are removed to prevent further access.
Users are defined as those individuals that dont have any elevated privileges that can affect the
configuration of a computer or networked device. All users, prior to gaining access to the network, must
by the ISO and stored digitally on the network for three years from the date of termination. The
organization defines a time period for each type of account after which the information system terminates
temporary and emergency accounts (14 days) and all inactive accounts (accounts that have not been
accessed for 45 days) are suspended and after 90 days, removed from Active Directory.
Advanced users are those users who possess the rights and credentials to physically make a
configuration change to a networked device or direct a configuration change through positional authority.
All advanced users complete the same initial user agreement as standard users as well as a NonDisclosure Agreement (NDA). There is no required training needed for standard and advanced users.
For automated account management, the university uses Active Directory (AD). When a user arrives, they
submit a request to have an account created to the Help Desk. The Help Desk creates a ticket that
includes the signed User Agreement and assigns the ticket to the System Administrators (SAs). The SAs
create the account and assign the user access based on their role. Users are assigned Least Privilege
when an account is created. Discretionary Access Control is created for departments within the university
to allow users within the department to share information amongst defined users. These processes arent
audited and Active Directory has become a massive database containing users that are no longer
employed within the organization as well as files that were created by them. No negative impact has been
observed by this. System Admins track when users login and log out so that security and software
patches can be pushed to the users machine. This tracking mechanism also contributes to nonrepudiation in the event of a cyber security incident. Additionally, if there is no activity on the users
computer for two minutes, the machine is configured to log the user out. Failure to login correctly three
times will result in the account being locked out and will require the user to visit the Help Desk in person
to validate their credentials prior to the account being unlocked.
As the organization prepares for its three-year accreditation, you are tasked with gathering the artifacts
and complete an assessment which will be used to build the accreditation package. The accreditation
package that will be submitted is will be under the Risk Management Framework (RMF) and will be
utilizing the controls found in NIST Publications 800-53 and 800-53A. The controls that are to be audited
have been provided to you. We will start with addressing the Access Control Policy and Procedure (AC1).
For this assignment, complete the following tasks within this worksheet.
1. Refer to the scenario above and NIST 800-53 and 53A for reference when completing the
spreadsheet contained in this worksheet. Ensure that you answer based on the information
provided to you based on the Assessment Objective listed in the control and the data provided to
you in the scenario. For example;
Test / Interview
develops and formally
control policy; the
control policy addresses:
purpose; scope; roles and
entities; and compliance;
control policy to elements
within the organization
having associated access
control roles and
and formally documents
with access control
control policy and
based on user role
of the access control
policy and associated
access controls; and the
control procedures to
elements within the
associated access control
roles and responsibilities.
Test / Interview
Compliant / NonCompliant
Purchase answer to see full
Why Work with Us
Top Quality and Well-Researched Papers
We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.
Professional and Experienced Academic Writers
We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.
Free Unlimited Revisions
If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.
Prompt Delivery and 100% Money-Back-Guarantee
All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.
Original & Confidential
We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.
24/7 Customer Support
Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your order
Fill in the order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits you most.
Receive the final file
Once your paper is ready, we will email it to you.
No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.
No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.
Admission Essays & Business Writing Help
An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.
Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.
If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.