Information Technology Audit and Control

Please complete the attached word document on the following:Worksheet 3: Information Technology Audit and ControlFor this assignment, complete the following tasks within this worksheet. Refer to the scenario above and NIST 800-53 and 53A for reference when completing the spreadsheet contained in this worksheet. Ensure that you answer based on the information provided to you based on the Assessment Objective listed in the control and the data provided to you in the scenario. For example;
cis349_worksheet_3.docx

Unformatted Attachment Preview

Don't use plagiarized sources. Get Your Custom Essay on
Information Technology Audit and Control
Just from $13/Page
Order Essay

Week 5
Worksheet 3: Information Technology Audit and Control
Course Learning Outcome(s)
•
Explain the use of standards and frameworks in a compliance audit of an IT infrastructure.
You have been hired as an auditor for a local university. The university is preparing to undergo an
accreditation inspection to validate security controls are in place and adhered to and that data is
protected from unauthorized access from both people internal and external to the organization.
As the auditor, you play a key role in ensuring regulations and compliances are met. As the organization
prepares for its three-year accreditation, you are tasked with gathering the artifacts that will be used to
build the accreditation package.
Your university has an IT staff consisting of the following personnel:
CIO – Overall in charge of network operations and cyber security.
Information Security Officer – Implements and manages cyber security policies.
System Analysts – Tasked with monitoring security features implemented on hosts (laptops, desktops)
and server side security (NIPS, NIDS).
Auditors – Tasked with validating baseline compliance of systems in accordance with Security Technical
Information Guide (STIG), NIST, and Federal, state and local policies, regulations and laws.
System Administrators – tasked with managing data and applications on servers.
Network Administrators – tasked with managing all switches, routers, firewalls, and sensors.
Desktop Administrators – Tasked with administering hardware and software to users and managing the
day to day trouble calls for users.
Help Desk – Acts as the liaison between the customer and administrators through the use of a Ticket
Management System (TMS).
To ensure separation of duties, all employees are designated in writing the roles and responsibilities for
which they are responsible. Terminated employees are debriefed and physical and logical access
controls are removed to prevent further access.
Users are defined as those individuals that don’t have any elevated privileges that can affect the
configuration of a computer or networked device. All users, prior to gaining access to the network, must
read and sign a user agreement outlining the rules and terms of use. These forms are reviewed annually
by the ISO and stored digitally on the network for three years from the date of termination. The
organization defines a time period for each type of account after which the information system terminates
temporary and emergency accounts (14 days) and all inactive accounts (accounts that have not been
accessed for 45 days) are suspended and after 90 days, removed from Active Directory.
Advanced users are those users who possess the rights and credentials to physically make a
configuration change to a networked device or direct a configuration change through positional authority.
All advanced users complete the same initial user agreement as standard users as well as a NonDisclosure Agreement (NDA). There is no required training needed for standard and advanced users.
For automated account management, the university uses Active Directory (AD). When a user arrives, they
submit a request to have an account created to the Help Desk. The Help Desk creates a ticket that
includes the signed User Agreement and assigns the ticket to the System Administrators (SA’s). The SA’s
create the account and assign the user access based on their role. Users are assigned Least Privilege
when an account is created. Discretionary Access Control is created for departments within the university
to allow users within the department to share information amongst defined users. These processes aren’t
audited and Active Directory has become a massive database containing users that are no longer
employed within the organization as well as files that were created by them. No negative impact has been
observed by this. System Admins track when users login and log out so that security and software
patches can be pushed to the users machine. This tracking mechanism also contributes to nonrepudiation in the event of a cyber security incident. Additionally, if there is no activity on the user’s
computer for two minutes, the machine is configured to log the user out. Failure to login correctly three
times will result in the account being locked out and will require the user to visit the Help Desk in person
to validate their credentials prior to the account being unlocked.
As the organization prepares for its three-year accreditation, you are tasked with gathering the artifacts
and complete an assessment which will be used to build the accreditation package. The accreditation
package that will be submitted is will be under the Risk Management Framework (RMF) and will be
utilizing the controls found in NIST Publications 800-53 and 800-53A. The controls that are to be audited
have been provided to you. We will start with addressing the Access Control Policy and Procedure (AC1).
For this assignment, complete the following tasks within this worksheet.
1. Refer to the scenario above and NIST 800-53 and 53A for reference when completing the
spreadsheet contained in this worksheet. Ensure that you answer based on the information
provided to you based on the Assessment Objective listed in the control and the data provided to
you in the scenario. For example;
Control
Assessment
Objective
Examine
Test / Interview
Compliant /
Non-Compliant
AC-1.1
The organization
develops and formally
documents access
control policy; the
organization access
control policy addresses:
purpose; scope; roles and
responsibilities;
management
commitment; coordination
among organizational
entities; and compliance;
the organization
disseminates formal
documented access
control policy to elements
within the organization
having associated access
control roles and
responsibilities; the
organization develops
and formally documents
access control
procedures the
organization access
control procedures
facilitate implementation
Access
control policy
and
procedures;
other relevant
documents or
records.
Organizational personnel
with access control
responsibilities.
Compliant –
organization
documents access
control policy and
is implemented
based on user role
and organizational
policies.
of the access control
policy and associated
access controls; and the
organization
disseminates formal
documented access
control procedures to
elements within the
organization having
associated access control
roles and responsibilities.
Control
AC-1.2
AC-2.1
AC-2.(2).1
AC-2.(3).1
AC-2(5).1
AC-3.1
AC-3(2).1
AC-3(4).1
AC-5.1
AC-6.1
AC-7.1
Assessment
Objective
Examine
Test / Interview
Compliant / NonCompliant

Purchase answer to see full
attachment

GradeAcers
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

Order your essay today and save 15% with the discount code DISCOUNT15