IT Audit Final

An IT audit project detailing the steps involved in an audit proposal detailing all the steps and 1 of 7 domains.

See attached pdf.

Project for ITS 430:

You have been asked to provide a detailed statement of work to provide an audit on a company of your choosing. You will need to provide a professional statement of work addressing the following:
1. The name of the company
2. A brief explanation of the company
3. An explanation of why it is important for them to perform an audit/assessment (you should address how this will help them with disaster recovery and business continuity)
4. Your statement of work should contain the following sections.
a. Which law(s) discussed in chapter 2 impact your company
b. Develop a scope
i. What will you audit within the IT infrastructure (hint limit to one of the 7 domains)
c. Explain compliance
i. Why is it important to be compliant
ii. What does the company need to do to be compliant (hint inside that domain and laws indicated above)
iii. Why is it important to maintain compliance
iv. What does the company need to do to maintain compliance
d. Discuss standards and framework
i. Why is it important to establish and use standards and framework (hint define first)
ii. What standards or framework would you recommend and why
iii. What doe standards and framework provide a company
e. Detail planning
i. What objectives/goals will be
ii. How often should the company perform the audit (how long will your report be accurate)
iii. What are the critical requirements
iv. How will you assess their IT security
v. How/What information, documentation, and resources will you need
vi. How will you map the security policy framework definition to the domain you chose
vii. How will you identify critical security control points that must be verified
viii. How would you build a project plan
f. Chose a domain
i. Identify compliance law requirements and business drivers in this domain that impact your company
ii. Compare how items found in the XXXXX domain contribute to compliance
iii. Describer methods of ensuring compliance in the XXXX Domain
iv. Summarize the best practices for the XXXX domain compliance
5. You should provide an executive summary explaining the entire statement of work