Security Audit Program
ISO 27001 - ISO 27002 - Sarbanes-Oxley - HIPAA - PCI
Compliant

 

This Security Audit program contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to the ISO 27000 Series (ISO27001 and ISO27002), Sarbanes-Oxley, HIPAA, and PCI-DSS.

The 11 areas of audit focus objectives are:

• Corporate Security Management

• Systems Development and Maintenance

• Information Access Control Management

• Compliance Management

• Human Resource Security Management

• Information Security Incident Management

• Communications and Operations Management

• Organizational Asset Management

• Physical and Environmental Security Management

• Security Policy Management

• Disaster Recovery Plan and Business Continuity

IT Toolkits update service is available for the Security Audit program.  The update service is for 24 months from the date of its purchase.  This subscription also provides you with membership in our ELITE SUBSCRIBER SERVICE which provides you with copies of Janco's and IT-Toolkits' White Papers, Surveys, and selected new products before they are released to the general public.

Included with this program are Microsoft (2003 and 2007 format) Excel workbooks and an indexed PDF document that contain the following:

• Read me - General instructions on the use of the Excel worksheets

• Audit Program Summary - Lists the 11 areas of audit focus and the 38 task groupings that are included within the audit.  The point summary on this work sheet is calculated automatically by Excel.

• Audit Program Detail - Lists over 400 detail tasks the need to be completed in the audit and the relative point value of each task.  The only thing that the user needs to do is check the yes or no on each item and re-assign a relative point value for each task.

• Audit Program Graphic - Lists the 11 areas of audit focus and a bar graph which shows the weights that are assigned to each area.  The point summary on this work sheet is calculated automatically by Excel and the graph is automatically updated.

• Sample Audit Program - This is copy of the Audit Program Detail with data entered into the individual tasks.

• Sample Audit Program Summary - This is a copy of the Audit Program Summary with the links changed to point to the Sample Audit Program.

• Sample Audit Program Graphic - This is a copy of the Audit Program Graphic with links changed to point to the Sample Audit Program plus a chart has been added to show the positive and negative points of the audit. (see chart below)

 

    The Security Management Template PREMIUM Edition
    includes 15 full job descriptions in WORD and PDF formats.
    They are:

     1. Chief Security Officer (CSO)
     2. VP Strategy and Architecture
     3. Director e-Commerce
     4. Database Administrator
     5. Data Security Administrator
     6. Manager Data Security
     7. Manager Facilities and Equipment
     8. Manager Network and Computing Services
     9. Manager Network Services
    10. Manager Training and Documentation
    11. Manager Voice and Data Communication
    12. Manager Wireless Systems
    13. Network Security Analyst
    14. System Administrator - Unix
    15. System Administrator - Windows

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Latest Security Audit News

SF Gov't InAction: 2400 Square Feet in SF Renting for only $200. WHAT? - According to the contract now on the table: “Juma’s North Light Court program will train approximately 6 – 8 youth per quarter in food service and small business management through a combination of on the job training and the National ... -  more info

KnowledgeLeader Updates for May 12, 2008 - Work Program Computer Operations Audit Work Program This work program focuses on auditing computer operations. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the ... -  more info

Nsauditor Network Security Auditor - It can also audit password and security policies as well as make a variety of network attack probes, such as stealth port scans, HTTP / CGI server auditing, registry auditing. The program can sniff and use brute-force and dictionary ... -  more info

Effective Privacy Documentation to Empower your Organization - The prevention plan may include a security audit or employee training. Employee Procedures for Safeguarding Personal Information: Implementing a formal procedure for safeguarding personal information internally guides your employees and ... -  more info

Corporate Auditor / McIntyre Youngblood Recruiting, LLC / Houston, TX - Responsible for the completion of all auditing procedures contained within the audit program received from Houston. Audits would be expected to last from several days to four weeks. Produce written reports to the Director of Audit ... -  more info

Online security biographies primers - Spyware scan. Depending on the shopkeep or service provider level, i program combines external security quicktime vr with an online questionnaire or an on-site security audit. SAP Security Online - R/3 Security- Audit Check. ... -  more info

Hundreds of Laptops Missing at State Department, Audit Finds - As many as 400 of the unaccounted for laptops belong to the department’s Anti-Terrorism Assistance Program, according to officials familiar with the findings. More... -  more info

Cloned Vehicles - A security audit of these procedures must be done frequently. Not only does this audit serve to assure management that their security plans are being followed, but it is a tool used to look for potential improvements in those procedures ... -  more info

KnowledgeLeader Updates for May 05, 2008 - Work Program Program Development Audit Work Program This work program focuses on auditing the program development process. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; ... -  more info

NJ flunks Medicaid data security audit - A new audit has concluded that New Jersey has not put adequate security measures in place to protect sensitive Medicaid program data. The review, conducted by the New Jersey Office of the State Read more... -  more info

ALSO NOTED: NJ flunks Medicaid security audit; Study says infants ... - New Jersey's Medicaid program has flunked a state security audit, which found that the program isn't doing enough to monitor who looks at sensitive data. Read more... -  more info

Security Controls - Barry Lewis is president of an information security consulting firm and an internationally known leader of security seminars. Peter Davis is founder of a firm specializing in the security, audit, and control of information Parental ... -  more info

Pentagon IG: Report on Joint Strike Fighter Classified Info ... - DSS was unable to verify whether BAE Systems submitted the required security audit reports for 2001 through 2003. BAE Systems stated that all information contained in the internal audits was privileged and not available to the ... -  more info

Security of F-35 jet Secrets Questioned - ... which is supposed to help oversee the program, didn't monitor BAE or evaluate its security systems, according to the report. The DSS also couldn't verify whether BAE had submitted required security audit reports for 2001 to 2003, ... -  more info

Pentagon IG Finds Lack of Oversight and Security for Classified Into. - DSS did not properly monitor BAE Systems’ submission of its security reports and appropriately evaluate BAE Systems security. DSS was unable to verify whether BAE Systems submitted the required security audit reports for 2001 through ... -  more info

Security of F-35 Jet Secrets Questioned - ... verify whether BAE had submitted required security audit reports for 2001 to 2003, the report said. As a result, the Defense Department’s “advanced aviation and weapons technology in the [Joint Strike Fighter] program may have been ... -  more info

Stealth Fighter Security 'May Have Been Compromised' (Updated) - In particular, the audit found problems with how the Defense Department oversaw BAE Systems, the London-based arms-maker. Defense Security Service officials conducted security reviews at BAE Systems facilities. But the didn't bother to ... -  more info

Is the Fox Auditing the Hen House? - Too many financial institutions are very present on a daily basis - they hire the same company that has placed its security systems in place to make a security audit much about these systems. How many fence-builders are going to find ... -  more info

Why Linux will never be as secure as OpenBSD - There simply are not enough competent Linux programmers to do a security audit on this code, let alone every vendor hiring enough people to fix their own versions/etc. Even when vendors do do code audits they typically face a problem, ... -  more info

ENABLING THE ORACLE APPLICATIONS AUDIT FUNCTION - a. Select the “Security Audit” group and set the group state to “Enable” 5. Run the “Audit Trail Update Tables” Report PURGING The audit trail information should be purged on a periodic basis. There is no standard purge program and the ... -  more info

S. Korean Leader, Bush Talk N. Korean Nuke Program - These are the Self Assessment Questionnaire, the standard requirements, and the security audit procedure. When it comes to credit card data security and the documentation that goes along with it, the old saying holds true: “It’s better ... -  more info

UNIX in Relation to Internet Security - Security audit tools tend to be programs that automatically detect holes within systems. These typically check for known vulnerabilities and common misconfigurations that can lead to security breaches. Such tools are designed for ... -  more info

VMware Fixes Security Bugs - An internal security audit determined that a malicious Windows user could attain and exploit LocalSystem privileges by causing the authd process to connect to a named pipe that is opened and controlled by the malicious user. ... -  more info

OUR VILLAGE "SECURITY " (3/09/08) - Have A Security Audit. The local police or independent security agencies will often conduct a security audit of the premises, pointing out potential areas of weakness. The association facility that has such an audit performed and then ... -  more info

Will your network pass a security audit? - An alarming fact is that many companies do not prioritize information security because it does not generate revenue for the company. However, as we have seen in the headlines and trade journals, the lack of a proper security program can ... -  more info