JancoJanco Forum

News Feed

Feed
Description

Janco Mobile Pages

Join Now

Home
Search
Templates
Salary Survey
HandiGuides
Job Descriptions
Individual Policies
Compliance Tools
White Papers
Update Service
Bundles & Special Offers
Software
Promotions


Disaster Recovery Template Sarbanes Oxley

Security Template  Sarbanes Oxley

IT Infrastructure, Strategy, & Charter Template

Job Descriptions IT Salary Data

IT Salary Survey

IT Hiring IT Job Descriptions IT Salary Survey

Sarbanes Oxley Compliance Tool Kit

 Information Technology Service  Management ITSM - Change Control, Help Desk, and Service Request

CIO Productivity

Outsourcing Guidelines  Outsource procedures

Metrics Internet IT

 

Security Audit Program

Security Audit Program
ISO 27001 & ISO 27002 / HIPAA / SOX PCI-DSS Compliant

This Security Audit program contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to ISO 27000 Series (ISO 27001 & ISO 27002), Sarbanes-Oxley, HIPAA, and PCI-DSS.

The 11 areas of audit focus and objectives are:

  • Corporate Security Management

  • Systems Development and Maintenance

  • Information Access Control Management

  • Compliance Management

  • Human Resource Security Management

  • Information Security Incident Management

  • Communications and Operations Management

  • Organizational Asset Management

  • Physical and Environmental Security Management

  • Security Policy Management

  • Disaster Recovery Plan and Business Continuity

Included with this program are Microsoft (2003 and 2007 format) Excel workbooks and an indexed PDF document that contain the following:

  • Read me - General instructions on the use of the Excel worksheets

  • Audit Program Summary - Lists the 11 areas of audit focus and the 38 task groupings that are included within the audit.  The point summary on this work sheet is calculated automatically by Excel.

  • Audit Program Detail - Lists over 400 detail tasks the need to be completed in the audit and the relative point value of each task.  The only thing that the user needs to do is check the yes or no on each item and re-assign a relative point value for each task.

  • Audit Program Graphic - Lists the 11 areas of audit focus and a bar graph which shows the weights that are assigned to each area.  The point summary on this work sheet is calculated automatically by Excel and the graph is automatically updated.

  • Sample Audit Program - This is copy of the Audit Program Detail with data entered into the individual tasks.

  • Sample Audit Program Summary - This is a copy of the Audit Program Summary with the links changed to point to the Sample Audit Program.

  • Sample Audit Program Graphic - This is a copy of the Audit Program Graphic with links changed to point to the Sample Audit Program plus a chart has been added to show the positive and negative points of the audit. (see chart below)

This is a summary graphic that was produced from the Excel worksheet provided as the Audit Program.  In the sample above it is easy to see those areas where improvement is need.

 

 

 

 

Security Auditing News

05/08/2008 - Google Reader Share With Notes
Frequently, how questions are asked greatly affects the responses. Also consider the Stanley Milgram’s conformity experiment. Part of any good security program is social engineering. Learn from these experiments.” ...- more information

 

05/08/2008 - North Korea divulges nuke documents
They should reveal how much weapons-grade plutonium the North Koreans currently have, and enable the US to check the veracity of any long-overdue declaration Pyongyang makes on its nuclear program. The documents were reportedly handed ...- more information

 

05/08/2008 - Anton Security Tip of the Day #15: Fear and Loathing in Event 560 ...
We typically need to know the following when we audit file access in Windows (or any other OS for that matter) for security (monitoring and investigation) or compliance:. Time/date; Computer where it happened; User who touched the file ...- more information

 

05/08/2008 - Opening for Manager-Information Security - Bangalore - MNC Bank
DESIGNATION: Information Security Manager, SCOPE OF FUNCTION: The Information Security Manager is responsible for managing information security at AGS at the organization level. He/She has a key role to play in the security program and ...- more information

 

05/08/2008 - Online security biographies primers
Spyware scan. Depending on the shopkeep or service provider level, i program combines external security quicktime vr with an online questionnaire or an on-site security audit. SAP Security Online - R/3 Security- Audit Check. ...- more information

 

05/08/2008 - 8 Dirty Secrets of The Security Industry
Although we have made strides in defining more prescriptive compliance initiatives many organizations work to pass an audit as opposed to work to implement controls that actually benefit the organizations security program. ...- more information

 

05/07/2008 - Hundreds of Laptops Missing at State Department, Audit Finds
As many as 400 of the unaccounted for laptops belong to the department’s Anti-Terrorism Assistance Program, according to officials familiar with the findings. More...- more information

 

05/06/2008 - Speech Delivered By Hon Gloria Akuffo (Miss) Minister for Aviation
... Safety Oversight Audit Program (USOAP) in November 2006. GCAA ensured improved safety oversight and air navigation services. Intensified in-house and external training and general capacity building in safety and security oversight. ...- more information

 

05/05/2008 - Cloned Vehicles
A security audit of these procedures must be done frequently. Not only does this audit serve to assure management that their security plans are being followed, but it is a tool used to look for potential improvements in those procedures ...- more information

 

05/05/2008 - KnowledgeLeader Updates for May 05, 2008
Work Program Program Development Audit Work Program This work program focuses on auditing the program development process. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; ...- more information

 

05/05/2008 - NJ flunks Medicaid data security audit
A new audit has concluded that New Jersey has not put adequate security measures in place to protect sensitive Medicaid program data. The review, conducted by the New Jersey Office of the State Read more...- more information

 

05/05/2008 - ALSO NOTED: NJ flunks Medicaid security audit; Study says infants ...
New Jersey's Medicaid program has flunked a state security audit, which found that the program isn't doing enough to monitor who looks at sensitive data. Read more...- more information

 

05/04/2008 - Security Management And Risk Tracking 3.0.0 (Default branch)
Security Management and Risk Tracking (SMART) is a Web-based application to manage an information security program. This is a comprehensive solution that enables a corporation to manage an information security policy, ...- more information

 

05/04/2008 - KnowledgeLeader Updates for April 28, 2008, KnowledgeLeader ...
Work Program Program Changes Audit Work Program This work program focuses on auditing program change controls. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the ...- more information

 

05/02/2008 - Security of F-35 jet Secrets Questioned
... which is supposed to help oversee the program, didn't monitor BAE or evaluate its security systems, according to the report. The DSS also couldn't verify whether BAE had submitted required security audit reports for 2001 to 2003, ...- more information

 

05/02/2008 - Pentagon IG Finds Lack of Oversight and Security for Classified Into.
DSS did not properly monitor BAE Systems’ submission of its security reports and appropriately evaluate BAE Systems security. DSS was unable to verify whether BAE Systems submitted the required security audit reports for 2001 through ...- more information

 

05/02/2008 - Security of F-35 Jet Secrets Questioned
... verify whether BAE had submitted required security audit reports for 2001 to 2003, the report said. As a result, the Defense Department’s “advanced aviation and weapons technology in the [Joint Strike Fighter] program may have been ...- more information

 

05/01/2008 - Stealth Fighter Security 'May Have Been Compromised' (Updated)
In particular, the audit found problems with how the Defense Department oversaw BAE Systems, the London-based arms-maker. Defense Security Service officials conducted security reviews at BAE Systems facilities. But the didn't bother to ...- more information

 

05/01/2008 - Is the Fox Auditing the Hen House?
Too many financial institutions are very present on a daily basis - they hire the same company that has placed its security systems in place to make a security audit much about these systems. How many fence-builders are going to find ...- more information

 

04/28/2008 - Why Linux will never be as secure as OpenBSD
There simply are not enough competent Linux programmers to do a security audit on this code, let alone every vendor hiring enough people to fix their own versions/etc. Even when vendors do do code audits they typically face a problem, ...- more information

 

04/22/2008 - ENABLING THE ORACLE APPLICATIONS AUDIT FUNCTION
a. Select the “Security Audit” group and set the group state to “Enable” 5. Run the “Audit Trail Update Tables” Report PURGING The audit trail information should be purged on a periodic basis. There is no standard purge program and the ...- more information

 

03/20/2008 - UNIX in Relation to Internet Security
Security audit tools tend to be programs that automatically detect holes within systems. These typically check for known vulnerabilities and common misconfigurations that can lead to security breaches. Such tools are designed for ...- more information

 

03/18/2008 - VMware Fixes Security Bugs
An internal security audit determined that a malicious Windows user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user. ...- more information

 

03/09/2008 - OUR VILLAGE "SECURITY " (3/09/08)
Have A Security Audit. The local police or independent security agencies will often conduct a security audit of the premises, pointing out potential areas of weakness. The association facility that has such an audit performed and then ...- more information

 

02/21/2008 - Will your network pass a security audit?
An alarming fact is that many companies do not prioritize information security because it does not generate revenue for the company. However, as we have seen in the headlines and trade journals, the lack of a proper security program can ...- more information

 

 

News HTML
SAFE Shopping

2008 Janco Associates, Inc. - ALL RIGHTS RESERVED -- Revised: 05/02/08