Risk Assessment of Auditing Tools: Singapore and softScheck
VerifiedAdded on 2020/04/21
|9
|1545
|48
Report
AI Summary
This report presents a comprehensive risk assessment of auditing tools, focusing on the Singapore-based company softScheck, a specialist in risk assessment and security auditing. The report delves into the implementation and demonstration of the softScheck auditing tool, which is primar...
Read More
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: RISK ASSESSMENT OF AUDITING TOOLS
Risk assessment of auditing tools
Name of the student
Name of the University
Author note
Risk assessment of auditing tools
Name of the student
Name of the University
Author note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1RISK ASSESSMENT OF AUDITING TOOLS
Executive summary
This report discusses about the auditing tool and its implementation. The chosen country is
Singapore and the chosen company is softScheck. The company specializes in risks assessment
and security auditing. This report also discusses about the ISO 27005 standard for risk
management. The framework for audit process is also discussed in this report.
Executive summary
This report discusses about the auditing tool and its implementation. The chosen country is
Singapore and the chosen company is softScheck. The company specializes in risks assessment
and security auditing. This report also discusses about the ISO 27005 standard for risk
management. The framework for audit process is also discussed in this report.
2RISK ASSESSMENT OF AUDITING TOOLS
Table of Contents
Introduction......................................................................................................................................3
Discussion........................................................................................................................................3
1. Implementation and demonstration of the audit tool...............................................................3
2. Risk assessment by ISO 27005 standard.................................................................................3
3. Analysis and reflection on the audit process...........................................................................5
Conclusion.......................................................................................................................................6
References........................................................................................................................................7
Table of Contents
Introduction......................................................................................................................................3
Discussion........................................................................................................................................3
1. Implementation and demonstration of the audit tool...............................................................3
2. Risk assessment by ISO 27005 standard.................................................................................3
3. Analysis and reflection on the audit process...........................................................................5
Conclusion.......................................................................................................................................6
References........................................................................................................................................7
3RISK ASSESSMENT OF AUDITING TOOLS
Introduction
Various organizations and companies undertake auditing processes for various reasons.
The main involvement of audit process is to help in ensuring the effective processing of business
applications by meeting the necessary administrative and legal frameworks. It can also help in
confirming that businesses can help in meeting the challenges faced in an organization or
company involved. This report includes a critical assessment of a security auditing tool. In
addition, this report also includes a risk management framework which will help in the audit
process. The chosen audit tool is the softScheck tool used for auditing process involving network
security
Discussion
1. Implementation and demonstration of the audit tool
The auditing tool of the company, known as softScheck, is basically involved with risk
assessment and network security testing. They started their business operations from the year
2001. The main auditing services include network penetration testing, wireless penetration
testing, remote access penetration testing and host hardening review(softScheck, 2018). These
security audit processes falls under the infrastructure security assessment. The next auditing
process involves application security assessment which is mainly involved in penetrating
networks audit processes. There services can be scaled for meeting both short-termed and long-
term needs.
Introduction
Various organizations and companies undertake auditing processes for various reasons.
The main involvement of audit process is to help in ensuring the effective processing of business
applications by meeting the necessary administrative and legal frameworks. It can also help in
confirming that businesses can help in meeting the challenges faced in an organization or
company involved. This report includes a critical assessment of a security auditing tool. In
addition, this report also includes a risk management framework which will help in the audit
process. The chosen audit tool is the softScheck tool used for auditing process involving network
security
Discussion
1. Implementation and demonstration of the audit tool
The auditing tool of the company, known as softScheck, is basically involved with risk
assessment and network security testing. They started their business operations from the year
2001. The main auditing services include network penetration testing, wireless penetration
testing, remote access penetration testing and host hardening review(softScheck, 2018). These
security audit processes falls under the infrastructure security assessment. The next auditing
process involves application security assessment which is mainly involved in penetrating
networks audit processes. There services can be scaled for meeting both short-termed and long-
term needs.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4RISK ASSESSMENT OF AUDITING TOOLS
2. Risk assessment by ISO 27005 standard
The main purpose of this standard is to facilitate in utilizing guidelines for information
risk management in security aspects. It emphasizes the general ideas determined in the ISO
27001 standard and is intended to help the usage of data related security in account of a risk
administration approach.It do not indicate, suggest or even name a particular risk evaluation
strategy, in spite of the fact that it specifies an organized, efficient and thorough process from
breaking down threats to making the threats mitigation plans (Joukov, Shorokhov and Tantsuyev
2014). It is termed to be a standard for including the code of training for data security
administration implementing an arrangement of data security control. The ISO 27005 is deemed
to be applicable to all types of companies or organizations, agencies whose sole intent lies in
managing the risks involved in the system.
1. Risk analysis: This section of the audit process is involved in making an analysis of the
system of softScheck. This is done for measuring the level of effectiveness of the tool involved.
a) Risk identification- In this case, the risks associated to the system are to be identified.
This includes the possible sources for the company to determine loss in terms of assets, threats or
controls. This will also be able to effectively improve the business conditions of the audit tools
involved.
b) Risk estimation- the data that is collected for making an evaluation will be used to
make a quantitative as well as qualitative analysis of the system concerned. This step is involved
in assessing the consequence of impact. For example, the network infrastructure based auditing
is adopted for improving the network security aspects. This step is followed by assessing the
likelihood of the threats which are then used for assessing risks.
2. Risk assessment by ISO 27005 standard
The main purpose of this standard is to facilitate in utilizing guidelines for information
risk management in security aspects. It emphasizes the general ideas determined in the ISO
27001 standard and is intended to help the usage of data related security in account of a risk
administration approach.It do not indicate, suggest or even name a particular risk evaluation
strategy, in spite of the fact that it specifies an organized, efficient and thorough process from
breaking down threats to making the threats mitigation plans (Joukov, Shorokhov and Tantsuyev
2014). It is termed to be a standard for including the code of training for data security
administration implementing an arrangement of data security control. The ISO 27005 is deemed
to be applicable to all types of companies or organizations, agencies whose sole intent lies in
managing the risks involved in the system.
1. Risk analysis: This section of the audit process is involved in making an analysis of the
system of softScheck. This is done for measuring the level of effectiveness of the tool involved.
a) Risk identification- In this case, the risks associated to the system are to be identified.
This includes the possible sources for the company to determine loss in terms of assets, threats or
controls. This will also be able to effectively improve the business conditions of the audit tools
involved.
b) Risk estimation- the data that is collected for making an evaluation will be used to
make a quantitative as well as qualitative analysis of the system concerned. This step is involved
in assessing the consequence of impact. For example, the network infrastructure based auditing
is adopted for improving the network security aspects. This step is followed by assessing the
likelihood of the threats which are then used for assessing risks.
5RISK ASSESSMENT OF AUDITING TOOLS
2. Risk evaluation: The risks involved from the system are then used to carry out an
evaluation by comparing it with the risks that can be made. This process is the most effective
process as it is responsible for making the evaluation of the risks associated.
3. Risk mitigation: This step in the framework is aimed towards the mitigation of the
associated risks. The associated risks are analyzed and evaluated. Based on the evaluation made,
a mitigation strategy is made which is to be addressed in the processing of the business. This in
turn is used to produce a risk treatment plan.
3. Analysis and reflection on the audit process
An audit process is involved with the identification of various controls of the system
which in turn is used for making a successful evaluation of the system involved. This involves
gathering evidence, evaluation of strengths and weaknesses and making an analysis of the
controls by utilizing the report obtained from this (Ma et al. 2015). This report includes the
various recommendations that can be applied in the normal processing of the business operations
for making it more effective and efficient.
According to me, there are three basic processes involved in auditing which have been
followed in the risk assessment framework. The first process was the planning process. In this
process, the first step that I considered is the determination of audit subject which was utilized
for the audit processes. The next step involved is defining the objectives of the audit process
which included assigning objectives (Chaulk et al. 2018). The third step that I involved is the
setting up the scope of the audit which will be met at the outcome phase. The fourth step is the
pre-audit planning which involves planning and the fifth step is procedure following for the audit
process.
2. Risk evaluation: The risks involved from the system are then used to carry out an
evaluation by comparing it with the risks that can be made. This process is the most effective
process as it is responsible for making the evaluation of the risks associated.
3. Risk mitigation: This step in the framework is aimed towards the mitigation of the
associated risks. The associated risks are analyzed and evaluated. Based on the evaluation made,
a mitigation strategy is made which is to be addressed in the processing of the business. This in
turn is used to produce a risk treatment plan.
3. Analysis and reflection on the audit process
An audit process is involved with the identification of various controls of the system
which in turn is used for making a successful evaluation of the system involved. This involves
gathering evidence, evaluation of strengths and weaknesses and making an analysis of the
controls by utilizing the report obtained from this (Ma et al. 2015). This report includes the
various recommendations that can be applied in the normal processing of the business operations
for making it more effective and efficient.
According to me, there are three basic processes involved in auditing which have been
followed in the risk assessment framework. The first process was the planning process. In this
process, the first step that I considered is the determination of audit subject which was utilized
for the audit processes. The next step involved is defining the objectives of the audit process
which included assigning objectives (Chaulk et al. 2018). The third step that I involved is the
setting up the scope of the audit which will be met at the outcome phase. The fourth step is the
pre-audit planning which involves planning and the fifth step is procedure following for the audit
process.
6RISK ASSESSMENT OF AUDITING TOOLS
The second process is the documentation process. There are four steps involved in this
process. The first step was the acquisition of data. The next step was testing controls which test
the usability. The third step was validation and discovery which involved validating the system.
The last step was documenting the results of this process.
The auditing included the reporting phase which was the last phase. It consisted of four
steps. The first step involved gathering of report related requirements (O'Kelley et al. 2015). The
second step involved drafting the report. The third step involved issuing the report and the fourth
was follow-up processes.
Conclusion
Thus, it can be concluded from the analysis made on this report that the utilization of a
risk management framework can be effectively useful in an audit process. The utilization of the
audit process will then be adopted in the normal business aspects of the companies, organizations
or government agencies. This report has thus successfully discussed about a security audit
process of a business tool. This tool is the audit based tool of the softscheck which provides
security services. This report has also critically evaluated the ISO 27005 framework for risk
assessment.
The second process is the documentation process. There are four steps involved in this
process. The first step was the acquisition of data. The next step was testing controls which test
the usability. The third step was validation and discovery which involved validating the system.
The last step was documenting the results of this process.
The auditing included the reporting phase which was the last phase. It consisted of four
steps. The first step involved gathering of report related requirements (O'Kelley et al. 2015). The
second step involved drafting the report. The third step involved issuing the report and the fourth
was follow-up processes.
Conclusion
Thus, it can be concluded from the analysis made on this report that the utilization of a
risk management framework can be effectively useful in an audit process. The utilization of the
audit process will then be adopted in the normal business aspects of the companies, organizations
or government agencies. This report has thus successfully discussed about a security audit
process of a business tool. This tool is the audit based tool of the softscheck which provides
security services. This report has also critically evaluated the ISO 27005 framework for risk
assessment.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7RISK ASSESSMENT OF AUDITING TOOLS
References
Barenghi, A., Mainardi, N. and Pelosi, G., 2017, June. A Security Audit of the OpenPGP Format.
In Pervasive Systems, Algorithms and Networks & 2017 11th International Conference on
Frontier of Computer Science and Technology & 2017 Third International Symposium of
Creative Computing (ISPAN-FCST-ISCC), 2017 14th International Symposium on(pp. 336-343).
IEEE.
Chaulk, C.A., Jan, A.R., Rathinagiri, P., Sood, N. and Chauhan, S.S., EMC Corp, 2018. Method
and apparatus for message based security audit logging. U.S. Patent 9,904,724.
Ismail, U.M., Islam, S. and Mouratidis, H., 2015, September. A framework for cloud security
audit. In International Conference on Global Security, Safety, and Sustainability (pp. 296-309).
Springer, Cham.
Joukov, N., Shorokhov, V. and Tantsuyev, D., 2014, December. Security audit of data flows
across enterprise systems and networks. In Internet Technology and Secured Transactions
(ICITST), 2014 9th International Conference for(pp. 240-247). IEEE.
Ma, S., Lee, K.H., Kim, C.H., Rhee, J., Zhang, X. and Xu, D., 2015, December. Accurate, low
cost and instrumentation-free security audit logging for windows. In Proceedings of the 31st
Annual Computer Security Applications Conference (pp. 401-410). ACM.
O'Kelley, D., Ye, R.L., Jones, C.G. and Miller, D.W., 2015. EFFECTIVE NETWORK
SECURITY AUDIT TRAIL MANAGEMENT PRACTICES: AN EXPLORATORY
STUDY. Issues in Information Systems, 16(3).
References
Barenghi, A., Mainardi, N. and Pelosi, G., 2017, June. A Security Audit of the OpenPGP Format.
In Pervasive Systems, Algorithms and Networks & 2017 11th International Conference on
Frontier of Computer Science and Technology & 2017 Third International Symposium of
Creative Computing (ISPAN-FCST-ISCC), 2017 14th International Symposium on(pp. 336-343).
IEEE.
Chaulk, C.A., Jan, A.R., Rathinagiri, P., Sood, N. and Chauhan, S.S., EMC Corp, 2018. Method
and apparatus for message based security audit logging. U.S. Patent 9,904,724.
Ismail, U.M., Islam, S. and Mouratidis, H., 2015, September. A framework for cloud security
audit. In International Conference on Global Security, Safety, and Sustainability (pp. 296-309).
Springer, Cham.
Joukov, N., Shorokhov, V. and Tantsuyev, D., 2014, December. Security audit of data flows
across enterprise systems and networks. In Internet Technology and Secured Transactions
(ICITST), 2014 9th International Conference for(pp. 240-247). IEEE.
Ma, S., Lee, K.H., Kim, C.H., Rhee, J., Zhang, X. and Xu, D., 2015, December. Accurate, low
cost and instrumentation-free security audit logging for windows. In Proceedings of the 31st
Annual Computer Security Applications Conference (pp. 401-410). ACM.
O'Kelley, D., Ye, R.L., Jones, C.G. and Miller, D.W., 2015. EFFECTIVE NETWORK
SECURITY AUDIT TRAIL MANAGEMENT PRACTICES: AN EXPLORATORY
STUDY. Issues in Information Systems, 16(3).
8RISK ASSESSMENT OF AUDITING TOOLS
softScheck. (2018). softScheck. [online] Available at: https://www.softscheck.sg/
softScheck. (2018). softScheck. [online] Available at: https://www.softscheck.sg/
1 out of 9
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.