Homework: Managing an IT Infrastructure Audit
Overview
This homework consists of four distinct elements: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan. You must submit all four sections as separate files. Name each file as indicated in the instructions below. Make any assumptions needed for the completion of this homework, and base your work on the following scenario:
You are an information security manager for a large national retailer and are directly responsible for the planning and oversight of IT audits. At the request of the board of directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit and, consequently the overall success of the systems implemented in the organization.
You must develop a policy for conducting IT audits and develop a project plan for conducting two-week IT audits. In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics:
1. They have a main office and 268 stores in the United States.
2. They use a cloud computing environment for storage and applications.
3. Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012.
4. They have over 1,000 desktops and approximately 500 organization-owned laptops at the main headquarters.
5. They allow employees to bring their own devices into the organization; however, they are subject to search upon entry and exit from the building.
6. They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners.
7. They enable wireless access at the main office and the stores.
8. They process an average of 67.2 credit card transactions per hour, every day, at each location, and via their corporate website.
Task
Section I: Internal IT Audit Policy.
Write 3 to 4 pages paper in which you:
A. Develop an internal IT audit policy, which includes at a minimum:
• Overview.
• Scope.
• Goals and objectives.
• Compliance with applicable laws and regulations.
• Management oversight and responsibility.
• Areas covered in the IT audits.
• Frequency of the audits.
B. Use at least two quality resources. Note: Wikipedia and similar websites do not qualify as quality resources.
Section II: Management Plan.
Write 4 to 6 pages paper in which you:
A. Explain the management plan for conducting IT audits, including:
• Risk management.
• System software and applications.
• Wireless networking.
• Cloud computing.
• Virtualization.
• Cybersecurity and privacy.
• BCP and DRP.
• Network security.
B. Use at least three quality resources. Note: Wikipedia and similar websites do not qualify as quality resources.
Section III: Project Plan.
Use Microsoft Project or an open source alternative such as Open Project to:
A. Develop a project plan that includes the applicable tasks for each of the major areas listed below for each element of the IT audit mentioned above; plan for a two-week audit.
• Risk management.
• System software and applications.
• Wireless networking.
• Cloud computing.
• Virtualization.
• Cybersecurity and privacy.
• Network security.
Section IV: Disaster Recovery Plan.
Write 5 to 7 pages paper in which you:
A. Develop a disaster recovery plan (DRP) for recovering from a major incident or disaster affecting the organization.
• The organization must have no data loss.
• The organization must have immediate access to organizational data in the event of a disaster.
• The organization must have critical systems operational within 48 hours.
B. Include within the DRP the audit activities needed to ensure that the organization has an effective DRP and will be able to meet the requirements stated above.
Format your homework according to the give formatting requirements:
• The answer must be using Times New Roman font (size 12), double spaced, typed, with one-inch margins on all sides.
• The response also includes a cover page containing the student's name, the title of the homework, the course title, and the date. The cover page is not included in the required page length.
• Also include a reference page. The references and Citations should follow APA format. The reference page is not included in the required page length.
The specific course learning outcome associated with this homework is:
• Develop an internal IT audit policy, a management and project plan for conducting IT audits, and a disaster recovery plan (DRP).