Security Audit and Compliance: Evaluating Current Challenges
VerifiedAdded on  2023/06/16
|12
|3990
|495
Report
AI Summary
This report identifies and evaluates current challenges in identification, authentication, and access control within security audit and compliance. It covers contextual information, current issues with real-world examples from companies like Tesco and Unilever, and relevant frameworks and laws. The report also evaluates governance and compliance challenges, professional roles, and relationships with other information security processes. Key recommendations are provided to management, along with insights into the impact of likely developments in the coming years. This document, contributed by a student, is available on Desklib, a platform offering a range of study tools and solved assignments.
Security Audit and
Compliance
Compliance
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
INTRODUCTION...........................................................................................................................1
Report aim..............................................................................................................................1
Report scope...........................................................................................................................1
Report purpose........................................................................................................................1
Report context........................................................................................................................1
CONTEXTUAL INFORMATION..................................................................................................2
An overview of the area under discussion..............................................................................2
EXPLANATION OF CURRENT ISSUES.....................................................................................3
Relevant and current news stories examples related with the issue.......................................3
Identification and evaluation of relevant frameworks and laws.............................................4
EVALUATION OF IMPLICATIONS............................................................................................5
Identification and evaluation of any governance and compliance challenges raised.............5
Identification and evaluation of the professional roles involved............................................5
Identification and evaluation of the relationship with other information security processes.6
CONCLUSION................................................................................................................................7
Summary.................................................................................................................................7
Identification of key points and recommendations to management.......................................7
Impact of any likely developments in next few years............................................................8
References:.......................................................................................................................................9
INTRODUCTION...........................................................................................................................1
Report aim..............................................................................................................................1
Report scope...........................................................................................................................1
Report purpose........................................................................................................................1
Report context........................................................................................................................1
CONTEXTUAL INFORMATION..................................................................................................2
An overview of the area under discussion..............................................................................2
EXPLANATION OF CURRENT ISSUES.....................................................................................3
Relevant and current news stories examples related with the issue.......................................3
Identification and evaluation of relevant frameworks and laws.............................................4
EVALUATION OF IMPLICATIONS............................................................................................5
Identification and evaluation of any governance and compliance challenges raised.............5
Identification and evaluation of the professional roles involved............................................5
Identification and evaluation of the relationship with other information security processes.6
CONCLUSION................................................................................................................................7
Summary.................................................................................................................................7
Identification of key points and recommendations to management.......................................7
Impact of any likely developments in next few years............................................................8
References:.......................................................................................................................................9
INTRODUCTION
Report aim
To identify and evaluate the current challenges in identification, authentication and
access control in regards with security audit and compliance.
Report scope
The scope of the project is to gain the knowledge about the current challenges in terms of
identification, authentication and access control in the domain of security audit and compliance.
It is important to conduct research on this topic so that the most effective security measures in
computing systems can be identifies and implemented for better efficiency of the systems. This
investigation is essential as it also contains the real time issues and examples of security audit in
association with authentication and access control methods of cyber-security (Stafford, Deitz and
Li, 2018).
Report purpose
The following discussion has the purpose to cover the key areas related with the report
aim. Such as contextual information in terms of topic discussion and evaluation of the key terms
are covered. Current issues are giving the insight of current news stories examples related with
the issue and identification and evaluation of relevant frameworks and laws. Moreover,
discussion is based on the evaluation of implications which includes identification and evaluation
of any governance and compliance challenges raised, professional roles involved and the
relationship with other information security processes. It is has a fine ending with conclusion and
recommendations.
Report context
Topic of the current report is based on the security audit and compliance which
considered as the comprehensive examination and assessment of the firm's information security
systems. Identification, authentication and access control are the part of security measures
implement within organizations for better safety of the computing devices and networks. These
are the measures which are essential for the big data management and to avoid any losses within
the company for better productivity and improved functioning of the information systems
(Kahyaoglu and Caliyurt, 2018).
1
Report aim
To identify and evaluate the current challenges in identification, authentication and
access control in regards with security audit and compliance.
Report scope
The scope of the project is to gain the knowledge about the current challenges in terms of
identification, authentication and access control in the domain of security audit and compliance.
It is important to conduct research on this topic so that the most effective security measures in
computing systems can be identifies and implemented for better efficiency of the systems. This
investigation is essential as it also contains the real time issues and examples of security audit in
association with authentication and access control methods of cyber-security (Stafford, Deitz and
Li, 2018).
Report purpose
The following discussion has the purpose to cover the key areas related with the report
aim. Such as contextual information in terms of topic discussion and evaluation of the key terms
are covered. Current issues are giving the insight of current news stories examples related with
the issue and identification and evaluation of relevant frameworks and laws. Moreover,
discussion is based on the evaluation of implications which includes identification and evaluation
of any governance and compliance challenges raised, professional roles involved and the
relationship with other information security processes. It is has a fine ending with conclusion and
recommendations.
Report context
Topic of the current report is based on the security audit and compliance which
considered as the comprehensive examination and assessment of the firm's information security
systems. Identification, authentication and access control are the part of security measures
implement within organizations for better safety of the computing devices and networks. These
are the measures which are essential for the big data management and to avoid any losses within
the company for better productivity and improved functioning of the information systems
(Kahyaoglu and Caliyurt, 2018).
1
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
CONTEXTUAL INFORMATION
An overview of the area under discussion
Security audit and compliance is described as the detailed analysis and conducting proper
assessment of the company's technical resources majorly the computing systems and software. It
is basically done to maintain the updated and advanced security in order to safe the information
systems within the organization. Audits must be conducted on a regular basis so that
identification of the weak spots and vulnerabilities in the information technology infrastructure
can be performed by verifying the security controls and ensuring the regulatory compliance.
There are basically four types of security audits and compliance such as risk assessment and
vulnerability assessment along with the penetration test and compliance audit. There are several
benefits of conducting security auditing and compliance such as it supports in finding the gaps in
current security systems and practices so that it can be enhanced and improved by filling up the
gaps of security. Moreover, it helps in gaining the access to various tools and training in order to
aid in close discover gaps for better effectiveness and efficiency. It also creates an effective
retention and destruction schedule for all the important and private documents required in the
complete procedure and working of the organization (Lois, Drogalas, Karagiorgos and Vrontis,
2021).
Authentication and access controls are the measure of cyber-security and plays an
important role in security audits and compliance. Authentication is the process which determines
the user who is trying to accessing something important is valid or invalid. It its valid they they
are allowed to access and vice versa. It is used for the purpose of user identity which includes
personal credentials such as strong password which must match with the user ID. It is basically
the act of proving an assertion for example in the form of identity of the computer system user.
In other words, it is usually performed to confirm and verifying the user's identity. There are
various types of authentication used such as password based authentication and multi factor
authentication along with the certificate based authentication and biometric authentication which
is followed by the token based authentication. There are several issues in authentication such as
it is a typical process which creates difficulty in managing the digital workforce in terms of
educating them and setting the up the coordination among the team. It is problematic to balance
the ease to use and security issues which hinders in prioritizing the passwords and addressing
gaps in technology. Determining the cost of applications and services creates confusion which
2
An overview of the area under discussion
Security audit and compliance is described as the detailed analysis and conducting proper
assessment of the company's technical resources majorly the computing systems and software. It
is basically done to maintain the updated and advanced security in order to safe the information
systems within the organization. Audits must be conducted on a regular basis so that
identification of the weak spots and vulnerabilities in the information technology infrastructure
can be performed by verifying the security controls and ensuring the regulatory compliance.
There are basically four types of security audits and compliance such as risk assessment and
vulnerability assessment along with the penetration test and compliance audit. There are several
benefits of conducting security auditing and compliance such as it supports in finding the gaps in
current security systems and practices so that it can be enhanced and improved by filling up the
gaps of security. Moreover, it helps in gaining the access to various tools and training in order to
aid in close discover gaps for better effectiveness and efficiency. It also creates an effective
retention and destruction schedule for all the important and private documents required in the
complete procedure and working of the organization (Lois, Drogalas, Karagiorgos and Vrontis,
2021).
Authentication and access controls are the measure of cyber-security and plays an
important role in security audits and compliance. Authentication is the process which determines
the user who is trying to accessing something important is valid or invalid. It its valid they they
are allowed to access and vice versa. It is used for the purpose of user identity which includes
personal credentials such as strong password which must match with the user ID. It is basically
the act of proving an assertion for example in the form of identity of the computer system user.
In other words, it is usually performed to confirm and verifying the user's identity. There are
various types of authentication used such as password based authentication and multi factor
authentication along with the certificate based authentication and biometric authentication which
is followed by the token based authentication. There are several issues in authentication such as
it is a typical process which creates difficulty in managing the digital workforce in terms of
educating them and setting the up the coordination among the team. It is problematic to balance
the ease to use and security issues which hinders in prioritizing the passwords and addressing
gaps in technology. Determining the cost of applications and services creates confusion which
2
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
hampers the control of organization's security. Moreover, other issues related are the storing the
user credentials without hashing or encrypting them and poorly secured password change and
recovery features (Mohammad and Lakshmisri, 2018).
Access control is described as the selective restriction of access to the computing systems
within organizations. It is basically the act of accessing with permission to use the technical
resources in the company. It is the security measure and the fundamental component of security
of data which has the restrictions in using the company information. Access control has the
policies which makes sure that the user must have the appropriate access to company data and
resources before using it. It is of three major types such as discretionary access controls and role
based access control along with the mandatory access control. Physical access control limits the
access to the physical information technology assets and logical access control limits the access
to the computer networks, system files and data. There are several issues in access control such
as it is not secure enough in which the key cards lacks true authorization due to the improper set
up and lack in management as well (Stevens, Dykstra, Everette and Mazurek, 2020).
EXPLANATION OF CURRENT ISSUES
Relevant and current news stories examples related with the issue
There are various real time examples related with the issue of authentication and access
control within several organizations. Such as talking about Tesco, it is one of the international
leading supermarket retail company established in 1919 and headquartered in United Kingdom.
It deals with the products and services like groceries and electronic along with the home
appliances and financial services and many more. Recently, Tesco has faced the problem in
implementing its information systems in order to bring comfort in the management. But fails to
implement the security system on a strict basis. They have faced the problem of authentication
which was containing the loose security in password management. This is because password kept
were too easy to detect and hack the systems. Tesco came to know this issue when they observed
that operations are not only done by the employees but outsiders as well in the information
systems. So that quickly reported this issue and implemented the secure security systems in order
to protect its technical resources and customers trust for a long term. Tesco didn't faced any
major disaster because they came to know about the issue on time and not delayed (Hashmi,
Ranjan and Anand, 2018).
3
user credentials without hashing or encrypting them and poorly secured password change and
recovery features (Mohammad and Lakshmisri, 2018).
Access control is described as the selective restriction of access to the computing systems
within organizations. It is basically the act of accessing with permission to use the technical
resources in the company. It is the security measure and the fundamental component of security
of data which has the restrictions in using the company information. Access control has the
policies which makes sure that the user must have the appropriate access to company data and
resources before using it. It is of three major types such as discretionary access controls and role
based access control along with the mandatory access control. Physical access control limits the
access to the physical information technology assets and logical access control limits the access
to the computer networks, system files and data. There are several issues in access control such
as it is not secure enough in which the key cards lacks true authorization due to the improper set
up and lack in management as well (Stevens, Dykstra, Everette and Mazurek, 2020).
EXPLANATION OF CURRENT ISSUES
Relevant and current news stories examples related with the issue
There are various real time examples related with the issue of authentication and access
control within several organizations. Such as talking about Tesco, it is one of the international
leading supermarket retail company established in 1919 and headquartered in United Kingdom.
It deals with the products and services like groceries and electronic along with the home
appliances and financial services and many more. Recently, Tesco has faced the problem in
implementing its information systems in order to bring comfort in the management. But fails to
implement the security system on a strict basis. They have faced the problem of authentication
which was containing the loose security in password management. This is because password kept
were too easy to detect and hack the systems. Tesco came to know this issue when they observed
that operations are not only done by the employees but outsiders as well in the information
systems. So that quickly reported this issue and implemented the secure security systems in order
to protect its technical resources and customers trust for a long term. Tesco didn't faced any
major disaster because they came to know about the issue on time and not delayed (Hashmi,
Ranjan and Anand, 2018).
3
Talking about Unilever, it is also the one of the leading international consumer goods
company established in 1929 and headquarter in United Kingdom. It deals with the products and
services like food, condiments, ice creams, well being vitamins, minerals and supplements and
many more. Unilever has faced the problem in the implementation of access control security in
order to safeguard the big data in the database systems for decision making and future
considerations. Access control security was not that much effectively implemented in Unilever
and therefore, they have suffered in the major data losses of customers which were important.
But technical team has recovered the data any how with the help of servers which took a lot of
time. Since then, access control implementation were implemented in a good secured manner in
Unilever (Hale and Gamble, 2019).
Identification and evaluation of relevant frameworks and laws
Authentication has various frameworks and models used in order to protect the
information systems. It consist mainly three types of mechanisms such as the password entry and
smart card along with the biometric. Each of its mechanisms functions differently. Password
entry needs to enter some combination of alphabets or numbers or symbols in order to access the
information systems. Smart card entry can be used by simply swiping up the card for user's
identity. Biometric uses the human's finger or eye in order to provide the user of what they are
searching for. Moreover, it also contains the three entities such as the certificate authority and the
end entity along with the identity verifier. Hence, these are some of the frameworks which are
used while implementing the authentication security measures in the information systems so that
using of such measure can prove effective in nature (Stevens, Dykstra, Knox-Everette and
Mazurek, 2020).
Access control has also the several frameworks and models which is used to protect the
information systems and big data management. There are basically four types of access control
frameworks used by the organizations. Discretionary access control is one of the type where the
owner of the organization can decide that how many employees can access the private data and
how many do not have any accessibility. Mandatory access control is an another type where only
owners and related person have the right to access the systems and no one else can reach out the
systems. Role based access control is also one of the type where owners permits the access not
on the basis of person but on the basis of job profile or departments within organization. Rule
based access control is also an another type where it helps in changing the permissions regarding
4
company established in 1929 and headquarter in United Kingdom. It deals with the products and
services like food, condiments, ice creams, well being vitamins, minerals and supplements and
many more. Unilever has faced the problem in the implementation of access control security in
order to safeguard the big data in the database systems for decision making and future
considerations. Access control security was not that much effectively implemented in Unilever
and therefore, they have suffered in the major data losses of customers which were important.
But technical team has recovered the data any how with the help of servers which took a lot of
time. Since then, access control implementation were implemented in a good secured manner in
Unilever (Hale and Gamble, 2019).
Identification and evaluation of relevant frameworks and laws
Authentication has various frameworks and models used in order to protect the
information systems. It consist mainly three types of mechanisms such as the password entry and
smart card along with the biometric. Each of its mechanisms functions differently. Password
entry needs to enter some combination of alphabets or numbers or symbols in order to access the
information systems. Smart card entry can be used by simply swiping up the card for user's
identity. Biometric uses the human's finger or eye in order to provide the user of what they are
searching for. Moreover, it also contains the three entities such as the certificate authority and the
end entity along with the identity verifier. Hence, these are some of the frameworks which are
used while implementing the authentication security measures in the information systems so that
using of such measure can prove effective in nature (Stevens, Dykstra, Knox-Everette and
Mazurek, 2020).
Access control has also the several frameworks and models which is used to protect the
information systems and big data management. There are basically four types of access control
frameworks used by the organizations. Discretionary access control is one of the type where the
owner of the organization can decide that how many employees can access the private data and
how many do not have any accessibility. Mandatory access control is an another type where only
owners and related person have the right to access the systems and no one else can reach out the
systems. Role based access control is also one of the type where owners permits the access not
on the basis of person but on the basis of job profile or departments within organization. Rule
based access control is also an another type where it helps in changing the permissions regarding
4
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
the accessing. It is considered as an add on type of all the other types of access control (Pasquier,
Singh, Powles and Bacon, 2018).
EVALUATION OF IMPLICATIONS
Identification and evaluation of any governance and compliance challenges raised
Governance and compliance challenges which are related to the authentication and access
control are such that it has some characteristics. These characteristics are it is considered as the
institution wide issue where leaders are accountable to view the cost of business requirements. It
is a risk based in terms of roles and responsibilities along with the segregation of duties are
defined. Adequate resources are committed where staff are trained for the same. The entire
development life cycle is required which includes planning and management along with the
measurable reviewing and auditing. Information security governance is highly needed because it
helps in financial pay off due to the expensive and pervasive nature of information technology. It
helps in adopting the new technologies where IT governance is critical about the learning of IT
value (Tsohou, Magkos, Mouratidis and Crespo, 2020). There are several people who are
involved in managing such governance and breaches of some areas such as security standards,
privacy legislation, spam legislation, trade practices legislation, intellectual property rights,
including software licensing agreements, record keeping requirements, environmental legislation
and regulations, health and safety legislation, accessibility legislation and social responsibility
standards. There are various challenges and keys to success in regards with the compliance of
information security systems and auditing such as balancing extensive requirement originating
from multiple governing bodies, balancing legislation and agency specific policy, maintaining
currency and prioritizing available funding according to requirements. These are the challenges
which has now trying to get received so that the tight security of the information systems can be
done in order to avoid the data losses or breaches as it can result the damage in reputation of the
company as well as the poor brand image in the industry (Sharma and Warkentin, 2019).
Identification and evaluation of the professional roles involved
There are several professionals involved in the access control implementation specifically
in the authentication and authorization along with the auditing process. Professionals such as
technical manager, software specialist, hardware specialist, data analyst, leaders, owner of the
company and other stakeholders are having the roles involved in various activities of access
5
Singh, Powles and Bacon, 2018).
EVALUATION OF IMPLICATIONS
Identification and evaluation of any governance and compliance challenges raised
Governance and compliance challenges which are related to the authentication and access
control are such that it has some characteristics. These characteristics are it is considered as the
institution wide issue where leaders are accountable to view the cost of business requirements. It
is a risk based in terms of roles and responsibilities along with the segregation of duties are
defined. Adequate resources are committed where staff are trained for the same. The entire
development life cycle is required which includes planning and management along with the
measurable reviewing and auditing. Information security governance is highly needed because it
helps in financial pay off due to the expensive and pervasive nature of information technology. It
helps in adopting the new technologies where IT governance is critical about the learning of IT
value (Tsohou, Magkos, Mouratidis and Crespo, 2020). There are several people who are
involved in managing such governance and breaches of some areas such as security standards,
privacy legislation, spam legislation, trade practices legislation, intellectual property rights,
including software licensing agreements, record keeping requirements, environmental legislation
and regulations, health and safety legislation, accessibility legislation and social responsibility
standards. There are various challenges and keys to success in regards with the compliance of
information security systems and auditing such as balancing extensive requirement originating
from multiple governing bodies, balancing legislation and agency specific policy, maintaining
currency and prioritizing available funding according to requirements. These are the challenges
which has now trying to get received so that the tight security of the information systems can be
done in order to avoid the data losses or breaches as it can result the damage in reputation of the
company as well as the poor brand image in the industry (Sharma and Warkentin, 2019).
Identification and evaluation of the professional roles involved
There are several professionals involved in the access control implementation specifically
in the authentication and authorization along with the auditing process. Professionals such as
technical manager, software specialist, hardware specialist, data analyst, leaders, owner of the
company and other stakeholders are having the roles involved in various activities of access
5
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
control implementation. Such as implementing of a central repository with well-defined
whitelisting policies, solving self-generated scripts, withdrawing the departing employees’
digital rights, adapting the access control, creating consistent processes to whitelist new cloud
applications and preparing for a security audit (Huy and Hung, 2019). First step is very important
in access control implementation, it is the responsibility of the professionals. This steps is the
implementation of the personal identification verification cards which comply with FIPS 201.
this is the initial role of the professional so that they can easily initiate with the access control
security systems so that working can be comfortable without any complications and easy going
activities within the organization. This helps in creating the individual identity with personal
verification so that personal details in terms of private credentials can be recorded in the systems
for better security without any delays and also the cost efficient procedure s well. Planning of
executing such systems are done by the board of directors of the organizations along with the
entire technical team. Finance manager is also included because budgeting and costing of the
implementation will be analysed by them. Employees are the major concerns because they need
to get trained and developed in using such systems so therefore human resource manager is also
involved in the same role (Blagorazumov, Chernikov, Glukhov and Elisov, 2018).
Identification and evaluation of the relationship with other information security processes
There is a positive relationship between the information security processes. In the current
report, relationship between the access control and cloud security is analysed. Could security is
the wider set of policies and technologies along with the applications and controls in order to
protect the virtual data and services which are associated with the infrastructure of cloud
computing. It is basically the online based platform which provides services on the servers while
using the internet connections. It supports the organization in the efficient recovery of any lost
data with no material required. It is cost efficient in nature along with the good reliability and
security (Ghaffari and Arabsorkhi, 2018).
Access control in cloud security restricts users from accessing the corporate data from
any unknown or public or any unauthorised devices. This makes sure that no business data is
copied or transferred and even the virus infected from a personal or public device. Relationship
between the access control and cloud security is such that access control helps the cloud
computing in getting secure while storing the data of the businesses and even the an individual
data as well. Cloud security asks for the personal identification and authenticates via some
6
whitelisting policies, solving self-generated scripts, withdrawing the departing employees’
digital rights, adapting the access control, creating consistent processes to whitelist new cloud
applications and preparing for a security audit (Huy and Hung, 2019). First step is very important
in access control implementation, it is the responsibility of the professionals. This steps is the
implementation of the personal identification verification cards which comply with FIPS 201.
this is the initial role of the professional so that they can easily initiate with the access control
security systems so that working can be comfortable without any complications and easy going
activities within the organization. This helps in creating the individual identity with personal
verification so that personal details in terms of private credentials can be recorded in the systems
for better security without any delays and also the cost efficient procedure s well. Planning of
executing such systems are done by the board of directors of the organizations along with the
entire technical team. Finance manager is also included because budgeting and costing of the
implementation will be analysed by them. Employees are the major concerns because they need
to get trained and developed in using such systems so therefore human resource manager is also
involved in the same role (Blagorazumov, Chernikov, Glukhov and Elisov, 2018).
Identification and evaluation of the relationship with other information security processes
There is a positive relationship between the information security processes. In the current
report, relationship between the access control and cloud security is analysed. Could security is
the wider set of policies and technologies along with the applications and controls in order to
protect the virtual data and services which are associated with the infrastructure of cloud
computing. It is basically the online based platform which provides services on the servers while
using the internet connections. It supports the organization in the efficient recovery of any lost
data with no material required. It is cost efficient in nature along with the good reliability and
security (Ghaffari and Arabsorkhi, 2018).
Access control in cloud security restricts users from accessing the corporate data from
any unknown or public or any unauthorised devices. This makes sure that no business data is
copied or transferred and even the virus infected from a personal or public device. Relationship
between the access control and cloud security is such that access control helps the cloud
computing in getting secure while storing the data of the businesses and even the an individual
data as well. Cloud security asks for the personal identification and authenticates via some
6
catheterization given to the device previously and then permits to access the data. If security
system finds that the person does not match with the saved credentials then they keep asks
questions in order to get confirmation of the original user. This how the access control is related
with the cloud security (Nel and Drevin, 2019).
CONCLUSION
Summary
It is concluded that security audit and compliance is an important concept to learn and
study so that its applications can be applied in the real world organizations. This is because now
a days, it is impossible to survive for the companies without technology and hence security
systems implementation is mandatory for the safe functioning of the information systems in the
firm. Therefore, the above information is all about the challenges in identification, authentication
and access control which are the measures of cyber-security executed in the organizations in
order to safeguard and protect the systems from any cyber attack and harmful actions by the
hacker. Therefore, it is important to analyse the contextual information which includes an
overview of the area under discussion and evaluation of key terms with examples. It is necessary
to determine the explanation of current issues which includes the relevant and current news
stories examples related with the issue and identification and evaluation of relevant frameworks
and laws. It is essential to examine the evaluation of implications which includes the
identification and evaluation of any governance and compliance challenges raise, professional
roles involved, and the relationship with other information security processes. Hence, this report
covers all such areas in order to better understand the conception of security audit and
compliance.
Identification of key points and recommendations to management
It is recommended that there are some items which are necessary to review while
implementing the security audit and compliance. Such as the entire management efficiency and
effectiveness along with the review on employees in order to train them on phishing, handling
suspicious mails and social engineering hackers. Review on the business practices whoch
includes emergency and cybersecurity response plans. Review on the IT staff including system
hardening plans and physical security along with the active monitoring and testing. Moreover it
is also suggested that data security policy must be reviewed by centralizing the cybersecurity
7
system finds that the person does not match with the saved credentials then they keep asks
questions in order to get confirmation of the original user. This how the access control is related
with the cloud security (Nel and Drevin, 2019).
CONCLUSION
Summary
It is concluded that security audit and compliance is an important concept to learn and
study so that its applications can be applied in the real world organizations. This is because now
a days, it is impossible to survive for the companies without technology and hence security
systems implementation is mandatory for the safe functioning of the information systems in the
firm. Therefore, the above information is all about the challenges in identification, authentication
and access control which are the measures of cyber-security executed in the organizations in
order to safeguard and protect the systems from any cyber attack and harmful actions by the
hacker. Therefore, it is important to analyse the contextual information which includes an
overview of the area under discussion and evaluation of key terms with examples. It is necessary
to determine the explanation of current issues which includes the relevant and current news
stories examples related with the issue and identification and evaluation of relevant frameworks
and laws. It is essential to examine the evaluation of implications which includes the
identification and evaluation of any governance and compliance challenges raise, professional
roles involved, and the relationship with other information security processes. Hence, this report
covers all such areas in order to better understand the conception of security audit and
compliance.
Identification of key points and recommendations to management
It is recommended that there are some items which are necessary to review while
implementing the security audit and compliance. Such as the entire management efficiency and
effectiveness along with the review on employees in order to train them on phishing, handling
suspicious mails and social engineering hackers. Review on the business practices whoch
includes emergency and cybersecurity response plans. Review on the IT staff including system
hardening plans and physical security along with the active monitoring and testing. Moreover it
is also suggested that data security policy must be reviewed by centralizing the cybersecurity
7
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
policies. Detaining the network infrastructure and reviewing the relevant compliance standards
by creating the list of security personnel and their responsibilities. It is also advised that some of
the steps are essentially to follow for security auditing and compliance in terms of identification,
authentication and access control security measures. These steps are to first defining of the
objectives, second is to planning of the audit, third is to perform the auditing work, fourth is to
report the results and fifth is to taking of the necessary actions (Bicaku, Tauber and Delsing,
2020).
Impact of any likely developments in next few years
There are various developments in the next few years of security auditing and compliance
such as development of artificial intelligence applications, soft controls and company culture, a
holistic approach to third party risk management, diagnostic tools, bespoke analytics solutions,
general data protection regulation assurance and advice, cyber internal audit, automating
assurance, applying robotic process and cognitive intelligence and auditing the risks of disruptive
technologies. These are the developments of auditing in security which has the positive impact
on the cybersecurity systems and for the organizations as well. This is because it helps in
protecting the informations systems and mitigating the hazards at a good level of functioning.
8
by creating the list of security personnel and their responsibilities. It is also advised that some of
the steps are essentially to follow for security auditing and compliance in terms of identification,
authentication and access control security measures. These steps are to first defining of the
objectives, second is to planning of the audit, third is to perform the auditing work, fourth is to
report the results and fifth is to taking of the necessary actions (Bicaku, Tauber and Delsing,
2020).
Impact of any likely developments in next few years
There are various developments in the next few years of security auditing and compliance
such as development of artificial intelligence applications, soft controls and company culture, a
holistic approach to third party risk management, diagnostic tools, bespoke analytics solutions,
general data protection regulation assurance and advice, cyber internal audit, automating
assurance, applying robotic process and cognitive intelligence and auditing the risks of disruptive
technologies. These are the developments of auditing in security which has the positive impact
on the cybersecurity systems and for the organizations as well. This is because it helps in
protecting the informations systems and mitigating the hazards at a good level of functioning.
8
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
References:
Books and Journals
Bicaku, A., Tauber, M. and Delsing, J., 2020. Security standard compliance and continuous
verification for Industrial Internet of Things. International Journal of Distributed Sensor
Networks, 16(6), p.1550147720922731.
Blagorazumov, A., Chernikov, P., Glukhov, G. and Elisov, L., 2018. The background to the
development of the information system for aviation security oversight in
Russia. International Journal of Mechanical Engineering and Technology (IJMET), 9(11),
pp.341-350.
Ghaffari, F. and Arabsorkhi, A., 2018, December. A new adaptive cyber-security capability
maturity model. In 2018 9th International Symposium on Telecommunications (IST) (pp.
298-304). IEEE.
Hale, M.L. and Gamble, R.F., 2019. Semantic hierarchies for extracting, modeling, and
connecting compliance requirements in information security control
standards. Requirements Engineering, 24(3), pp.365-402.
Hashmi, A., Ranjan, A. and Anand, A., 2018. Security and compliance management in cloud
computing. International Journal of Advanced Studies in Computers, Science and
Engineering, 7(1), pp.47-54.
Huy, A.Q. and Hung, P.D., 2019, January. Security and Cost Optimization Auditing for Amazon
Web Services. In Proceedings of the 2nd International Conference on Software
Engineering and Information Management (pp. 44-48).
Kahyaoglu, S.B. and Caliyurt, K., 2018. Cyber security assurance process from the internal audit
perspective. Managerial Auditing Journal.
Lois, P., Drogalas, G., Karagiorgos, A. and Vrontis, D., 2021. Internal auditing and cyber
security: audit role and procedural contribution. International Journal of Managerial and
Financial Accounting, 13(1), pp.25-47.
Mohammad, S.M. and Lakshmisri, S., 2018. Security Automation in Information
Technology. INTERNATIONAL JOURNAL OF CREATIVE RESEARCH THOUGHTS
(IJCRT)–Volume, 6.
Nel, F. and Drevin, L., 2019. Key elements of an information security culture in
organisations. Information & Computer Security.
Pasquier, T., Singh, J., Powles, J. and Bacon, J., 2018. Data provenance to audit compliance with
privacy policy in the Internet of Things. Personal and Ubiquitous Computing, 22(2),
pp.333-344.
Sharma, S. and Warkentin, M., 2019. Do I really belong?: Impact of employment status on
information security policy compliance. Computers & Security, 87, p.101397.
Stafford, T., Deitz, G. and Li, Y., 2018. The role of internal audit and user training in
information security policy compliance. Managerial Auditing Journal.
Stevens, R., Dykstra, J., Everette, W.K. and Mazurek, M.L., 2020, February. Compliance
Cautions: Investigating Security Issues Associated with US Digital-Security Standards.
In NDSS.
Stevens, R., Dykstra, J., Knox-Everette, W. and Mazurek, M.L., 2020. How to Hack
Compliance: Using Lessons Learned to Repeatably Audit Compliance Programs for
Digital Security Concerns. Learning from Authoritative Security Experiment Results
(LASER).
9
Books and Journals
Bicaku, A., Tauber, M. and Delsing, J., 2020. Security standard compliance and continuous
verification for Industrial Internet of Things. International Journal of Distributed Sensor
Networks, 16(6), p.1550147720922731.
Blagorazumov, A., Chernikov, P., Glukhov, G. and Elisov, L., 2018. The background to the
development of the information system for aviation security oversight in
Russia. International Journal of Mechanical Engineering and Technology (IJMET), 9(11),
pp.341-350.
Ghaffari, F. and Arabsorkhi, A., 2018, December. A new adaptive cyber-security capability
maturity model. In 2018 9th International Symposium on Telecommunications (IST) (pp.
298-304). IEEE.
Hale, M.L. and Gamble, R.F., 2019. Semantic hierarchies for extracting, modeling, and
connecting compliance requirements in information security control
standards. Requirements Engineering, 24(3), pp.365-402.
Hashmi, A., Ranjan, A. and Anand, A., 2018. Security and compliance management in cloud
computing. International Journal of Advanced Studies in Computers, Science and
Engineering, 7(1), pp.47-54.
Huy, A.Q. and Hung, P.D., 2019, January. Security and Cost Optimization Auditing for Amazon
Web Services. In Proceedings of the 2nd International Conference on Software
Engineering and Information Management (pp. 44-48).
Kahyaoglu, S.B. and Caliyurt, K., 2018. Cyber security assurance process from the internal audit
perspective. Managerial Auditing Journal.
Lois, P., Drogalas, G., Karagiorgos, A. and Vrontis, D., 2021. Internal auditing and cyber
security: audit role and procedural contribution. International Journal of Managerial and
Financial Accounting, 13(1), pp.25-47.
Mohammad, S.M. and Lakshmisri, S., 2018. Security Automation in Information
Technology. INTERNATIONAL JOURNAL OF CREATIVE RESEARCH THOUGHTS
(IJCRT)–Volume, 6.
Nel, F. and Drevin, L., 2019. Key elements of an information security culture in
organisations. Information & Computer Security.
Pasquier, T., Singh, J., Powles, J. and Bacon, J., 2018. Data provenance to audit compliance with
privacy policy in the Internet of Things. Personal and Ubiquitous Computing, 22(2),
pp.333-344.
Sharma, S. and Warkentin, M., 2019. Do I really belong?: Impact of employment status on
information security policy compliance. Computers & Security, 87, p.101397.
Stafford, T., Deitz, G. and Li, Y., 2018. The role of internal audit and user training in
information security policy compliance. Managerial Auditing Journal.
Stevens, R., Dykstra, J., Everette, W.K. and Mazurek, M.L., 2020, February. Compliance
Cautions: Investigating Security Issues Associated with US Digital-Security Standards.
In NDSS.
Stevens, R., Dykstra, J., Knox-Everette, W. and Mazurek, M.L., 2020. How to Hack
Compliance: Using Lessons Learned to Repeatably Audit Compliance Programs for
Digital Security Concerns. Learning from Authoritative Security Experiment Results
(LASER).
9
Tsohou, A., Magkos, E., Mouratidis, H. and Crespo, B.G.N., 2020. Privacy, security, legal and
technology acceptance elicited and consolidated requirements for a GDPR compliance
platform. Information & Computer Security.
10
technology acceptance elicited and consolidated requirements for a GDPR compliance
platform. Information & Computer Security.
10
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 12
Related Documents
![Data and System Security Assignment - [Course Name] Overview](/_next/image/?url=https%3A%2F%2Fdesklib.com%2Fmedia%2Fimages%2Fea%2Fc6a7b1592b5747cb82c287512501193a.jpg&w=256&q=75)
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.