Security Audit Program
ISO 27001 - ISO 27002 - Sarbanes-Oxley - HIPAA - PCI
Compliant

 

This Security Audit program contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to the ISO 27000 Series (ISO27001 and ISO27002), Sarbanes-Oxley, HIPAA, and PCI-DSS.

The 11 areas of audit focus objectives are:

• Corporate Security Management

• Systems Development and Maintenance

• Information Access Control Management

• Compliance Management

• Human Resource Security Management

• Information Security Incident Management

• Communications and Operations Management

• Organizational Asset Management

• Physical and Environmental Security Management

• Security Policy Management

• Disaster Recovery Plan and Business Continuity

IT Toolkits update service is available for the Security Audit program.  The update service is for 24 months from the date of its purchase.  This subscription also provides you with membership in our ELITE SUBSCRIBER SERVICE which provides you with copies of Janco's and IT-Toolkits' White Papers, Surveys, and selected new products before they are released to the general public.

Included with this program are Microsoft (2003 and 2007 format) Excel workbooks and an indexed PDF document that contain the following:

• Read me - General instructions on the use of the Excel worksheets

• Audit Program Summary - Lists the 11 areas of audit focus and the 38 task groupings that are included within the audit.  The point summary on this work sheet is calculated automatically by Excel.

• Audit Program Detail - Lists over 400 detail tasks the need to be completed in the audit and the relative point value of each task.  The only thing that the user needs to do is check the yes or no on each item and re-assign a relative point value for each task.

• Audit Program Graphic - Lists the 11 areas of audit focus and a bar graph which shows the weights that are assigned to each area.  The point summary on this work sheet is calculated automatically by Excel and the graph is automatically updated.

• Sample Audit Program - This is copy of the Audit Program Detail with data entered into the individual tasks.

• Sample Audit Program Summary - This is a copy of the Audit Program Summary with the links changed to point to the Sample Audit Program.

• Sample Audit Program Graphic - This is a copy of the Audit Program Graphic with links changed to point to the Sample Audit Program plus a chart has been added to show the positive and negative points of the audit. (see chart below)

 

    The Security Management Template PREMIUM Edition
    includes 15 full job descriptions in WORD and PDF formats.
    They are:

     1. Chief Security Officer (CSO)
     2. VP Strategy and Architecture
     3. Director e-Commerce
     4. Database Administrator
     5. Data Security Administrator
     6. Manager Data Security
     7. Manager Facilities and Equipment
     8. Manager Network and Computing Services
     9. Manager Network Services
    10. Manager Training and Documentation
    11. Manager Voice and Data Communication
    12. Manager Wireless Systems
    13. Network Security Analyst
    14. System Administrator - Unix
    15. System Administrator - Windows

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Latest Security Audit News

Taking The Red Pill: Thoughts On A Week of Professional Hacking ... - I worry that the geek in me won’t get the same kind of “job-well-done” rush that I used to get when I’d finish a security assessment or an IT audit. A week ago, I thought we were really designing good full-body armor, but now it feels ... -  more info

OCC Compliance - You'll need a formal, written, Information Security Program, Business Impact Analysis, Risk Assessment, Business Continuity Plan covering IT resumption, off-site processing agreement or disaster site service agreement if your an ... -  more info

RHEL 4 64bit Workstation - Auditing - File Created in security relevant directories (/etc); although the user was refused it was not recorded in the Audits I’m using the GUI Red Hat built in audit program and it is somewhat limited. Is there some way in Red Hat to add ... -  more info

Licensed Optician / Asst. Store Manager Needed - Milledgeville, GA - SECURITY: Inspects the premises of assigned area stores to ensure that adequate security exists and that physical facilities comply with safety and environmental codes and ordinances. Reports security problems to DM, host Store Manager, ... -  more info

Top platform issues from the partner managed newsgroups - Security audit events for Microsoft Windows Server 2008 and Microsoft Windows Vista http://www.microsoft.com/downloads/details.aspx?FamilyID=82e6d48f-e843-40ed-8b10-b3b716f6b51b&DisplayLang=en Windows Server 2008 Multilingual User ... -  more info

It’s Official: SEC to Propose XBRL-Based Financial Reporting (TechWeb) - "Companies that build XBRL into the core of the reporting processes will be better accomplished to preserve the trust they have worked so hard to achieve very the last few years and be able to provide a complete audit trail over the ... -  more info

Reduce Network Security Threats with Password Security Audit Software - ElcomSoft, a global leader in password recovery solutions, has released Proactive Password Auditor(TM) 1.7, a password audit and security test tool that makes it easy for NT4/2000/XP/2003 systems administrators to identify and close ... -  more info

Retail Pro® 9 Coming Soon! - This provides a verifiable audit trail of changes to inventory price and cost, and helps you identity unusual changes (such as when a clerk mistakenly adds an extra zero to an item’s cost. h3. Employee Management * Assign security on a ... -  more info

Your Information Security Program: It’s All About The Bones - An Information Security Management System (ISMS); Management Responsibilities; An Internal Audit Process for ISMS; A Management Review Process for ISMS; Continual Improvement Processes to support ISMS. ISO/IEC 27002:2005 ... -  more info

[Dubai_Jobs] Re: Urgent Openings - Audits (Intenal & Statutory ... - Involved in various aspects of internal audit including developing the annual audit plan, Development of Audit programs, execution of the audit program, creating audit working papers and quality control. Coordinate and communicate with ... -  more info

KnowledgeLeader Updates for May 12, 2008 - Work Program Computer Operations Audit Work Program This work program focuses on auditing computer operations. It concentrates on the IT general controls to be tested; reviews the results of management’s testing; and documents the ... -  more info

Nsauditor Network Security Auditor - It can also audit password and security policies as well as make a variety of network attack probes, such as stealth port scans, HTTP / CGI server auditing, registry auditing. The program can sniff and use brute-force and dictionary ... -  more info

Online security biographies primers - Spyware scan. Depending on the shopkeep or service provider level, i program combines external security quicktime vr with an online questionnaire or an on-site security audit. SAP Security Online - R/3 Security- Audit Check. ... -  more info

NJ flunks Medicaid data security audit - A new audit has concluded that New Jersey has not put adequate security measures in place to protect sensitive Medicaid program data. The review, conducted by the New Jersey Office of the State Read more... -  more info

ALSO NOTED: NJ flunks Medicaid security audit; Study says infants ... - New Jersey's Medicaid program has flunked a state security audit, which found that the program isn't doing enough to monitor who looks at sensitive data. Read more... -  more info

Pentagon IG: Report on Joint Strike Fighter Classified Info ... - DSS was unable to verify whether BAE Systems submitted the required security audit reports for 2001 through 2003. BAE Systems stated that all information contained in the internal audits was privileged and not available to the ... -  more info

Security of F-35 jet Secrets Questioned - ... which is supposed to help oversee the program, didn't monitor BAE or evaluate its security systems, according to the report. The DSS also couldn't verify whether BAE had submitted required security audit reports for 2001 to 2003, ... -  more info

Pentagon IG Finds Lack of Oversight and Security for Classified Into. - DSS did not properly monitor BAE Systems’ submission of its security reports and appropriately evaluate BAE Systems security. DSS was unable to verify whether BAE Systems submitted the required security audit reports for 2001 through ... -  more info

Security of F-35 Jet Secrets Questioned - ... verify whether BAE had submitted required security audit reports for 2001 to 2003, the report said. As a result, the Defense Department’s “advanced aviation and weapons technology in the [Joint Strike Fighter] program may have been ... -  more info

Is the Fox Auditing the Hen House? - Too many financial institutions are very present on a daily basis - they hire the same company that has placed its security systems in place to make a security audit much about these systems. How many fence-builders are going to find ... -  more info

Why Linux will never be as secure as OpenBSD - There simply are not enough competent Linux programmers to do a security audit on this code, let alone every vendor hiring enough people to fix their own versions/etc. Even when vendors do do code audits they typically face a problem, ... -  more info

ENABLING THE ORACLE APPLICATIONS AUDIT FUNCTION - a. Select the “Security Audit” group and set the group state to “Enable” 5. Run the “Audit Trail Update Tables” Report PURGING The audit trail information should be purged on a periodic basis. There is no standard purge program and the ... -  more info

UNIX in Relation to Internet Security - Security audit tools tend to be programs that automatically detect holes within systems. These typically check for known vulnerabilities and common misconfigurations that can lead to security breaches. Such tools are designed for ... -  more info

OUR VILLAGE "SECURITY " (3/09/08) - Have A Security Audit. The local police or independent security agencies will often conduct a security audit of the premises, pointing out potential areas of weakness. The association facility that has such an audit performed and then ... -  more info

Will your network pass a security audit? - An alarming fact is that many companies do not prioritize information security because it does not generate revenue for the company. However, as we have seen in the headlines and trade journals, the lack of a proper security program can ... -  more info