Problem: You are a network administrator at XYZ, a large, publicly traded health care organization. XYZ has 25 sites across the region, 2,000 staff members, and thousands of patients. XYZ must meet its internal security policy and comply with the Health Insurance Portability and Accountability Act (HIPAA), among others.
You have been asked to meet with the Chief Information Security Officer (CISO) and the IT department manager to help them identify one or more frameworks for developing a set of formal control objectives for XYZ. The framework and control objectives will help the organization meet compliance audits and will become part of the long-term security strategy for the organization. For this assignment:
1. Research Committee of Sponsoring Organizations (COSO), Control Objectives for Information and Related Technology (COBIT), and Service Organization Control (SOC).
2. Identify the best framework(s) that fits the organizational scenario.
3. Analyze the scenario based on the identified framework(s).
4. Develop a high-level plan to audit the identified framework(s) for compliance.
5. Draft a report that summarizes your findings and recommendations