XML Feed


Security Audit ProgramSecurity Audit Program


ISO 27001 - ISO 27002 - Sarbanes Oxley
Patriot Act  - HIPAA - PCI DSS Complaint

 

This Security Audit program contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to the ISO 27000 Series (ISO 27001 and ISO 27002, Sarbanes-Oxley, HIPAA, and PCI-DSS.

The 11 areas of audit focus objectives are:

  • Corporate Security Management

  • Systems Development and Maintenance

  • Information Access Control Management

  • Compliance Management

  • Human Resource Security Management

  • Information Security Incident Management

  • Communications and Operations Management

  • Organizational Asset Management

  • Physical and Environmental Security Management

  • Security Policy Management

  • Disaster Recovery Plan and Business Continuity

IT Toolkits update service is available for the Security Audit program.  The update service is for 24 months from the date of its purchase.  This subscription also provides you with membership in our ELITE SUBSCRIBER SERVICE which provides you with copies of Janco's and IT-Toolkits' White Papers, Surveys, and selected new products before they are released to the general public.

Included with this program are Microsoft (2003 and 2007 format) Excel workbooks and an indexed PDF document that contain the following:

  • Read me - General instructions on the use of the Excel worksheets

  • Audit Program Summary - Lists the 11 areas of audit focus and the 38 task groupings that are included within the audit.  The point summary on this work sheet is calculated automatically by Excel.

  • Audit Program Detail - Lists over 400 detail tasks the need to be completed in the audit and the relative point value of each task.  The only thing that the user needs to do is check the yes or no on each item and re-assign a relative point value for each task.

  • Audit Program Graphic - Lists the 11 areas of audit focus and a bar graph which shows the weights that are assigned to each area.  The point summary on this work sheet is calculated automatically by Excel and the graph is automatically updated.

  • Sample Audit Program - This is copy of the Audit Program Detail with data entered into the individual tasks.

  • Sample Audit Program Summary - This is a copy of the Audit Program Summary with the links changed to point to the Sample Audit Program.

  • Sample Audit Program Graphic - This is a copy of the Audit Program Graphic with links changed to point to the Sample Audit Program plus a chart has been added to show the positive and negative points of the audit. (see chart below)

 

This is a summary graphic that was produced from the Excel worksheet provided as the Audit Program.  In the sample above it is easy to see those areas where improvement is need.

 

 

 

 
 
 

 

 

Site Map

Compliance and Security Audit News

Privacy, please Phillips also discussed the CMS contract with PricewaterhouseCoopers to conduct 10 compliance reviews this year, saying that the audit firm has done six reviews, including the well-publicized critique of Piedmont Healthcare in Atlanta. ...
more info  

 

Security Operations Consultant Reporting to the Information Assurance Manager, you will be tasked with the delivery of specific security tasks and projects. You will deliver on a variety of tasks including accreditation, policies, compliance and audit documents. ...
more info  

 

Tax Audits- Know the High Risk Areas With today’s computers there are now greater degree ways than ever that the IRS can monitor your tax compliance. How can you avoid an IRS tax audits? Know the High-Risk Tax Audit Areas. The major reason as to why the IRS must support ...
more info  

 

New Security Jobs Coming to SecurityRecruiter.com Regulatory Compliance Audit Project Manager; Regulatory Compliance Consultants (Both full-time and contract / 1099). New York / New Jersey Metro Region. Security Product Sales. Southeast. Director, Security Operations and Service ...
more info  

 

Penetration Test != Audit != Assessment An Audit is generally a test for some form of compliance. The scope is defined exactly by whatever documentation outlines the requirements for compliance. This can be anything from multiple security compliance documents the size of ...
more info  

 

Get a website audit for SEO quality The following factors should be considered as part of a website audit for SEO quality:. Compliance with ISO standards. Autoresponder usage. Flow of data throughout the site. Presence and quality of a sitemap. ...
more info  

 

Learning Corner - Managing Operational Risk: 20 Firmwide Best ... ... such that they reinforce key aspects of existing control and risk management programs, including but not limited to those of Control Self-Assessment, Internal Audit, Compliance, Legal, Security, and other risk management functions. ...
more info  

 

Configuresoft and VMware Host "Proving PCI DSS Compliance in a ... Many organizations have limited deployment because of concerns over proving that virtualized environments are compliant and audit ready. With PCI version 1.2 set to release in early October and the PCI Security Standards Council's ...
more info  

 

Don’t Sell ‘Compliance’ If It Isn’t A Checkbox Does it reduce compliance costs? Does it reduce your risk of an exposure? For example, DLP content discovery, by identifying where credit card data is stored, can reduce both audit costs and the risk of non-compliance. ...
more info  

 

SAS70 Audits and PCI Assessments High quality means it is a report that covers all essential baseline elements considered for a SAS70 audit, which should include substantial testing for network security and logical access. If done correctly, you will see an overlap ...
more info  

 

How the Microsoft Release of SQL Server 2008 Impacts the ... The SQL Server 2008 enhanced auditing feature improves compliance and security by allowing you to audit data activity. Data auditing allows you to monitor the data that is read, inserted, updated, and deleted without making any ...
more info  

 

IT and Finance: Implementing an Efficient Data Security Model This can only be achieved by implementing solutions that address the complete database security lifecycle, combining database discovery, vulnerability assessment, activity monitoring, intrusion detection, auditing and compliance to ...
more info  

 

Audit and compliance demands force IT security upgrade at Arab ... Under pressure from its audit committee to tighten internal IT security controls, Arab National Bank has implemented automated user management and ...
more info  

 

King - Security Before Features Vet extensions and new features with independent security analysts during the design phase. Perform an independent security audit of reference implementations. View Online. Changes between revision 3 and revision 4: ...
more info  

 

Felix Ramirez working on organizing the governance, compliance ... Felix Ramirez working on organizing the governance, compliance, audit and security track of the SC World Congress.
more info  

 

Protecting Endpoints is the Key to Security Control A combination of good security functions and compliance management improves security operations efficiency and maturity. Enterprises can simplify compliance by using a single management console to audit, verify and report on regulatory ...
more info  

 

PeopleSoft Security Administrator Job (Alpharetta, GA, 30009, USA) Promulgation of security standards * Security Liaison with Corporate Security * Liaison for VZTracker and AORS user access request forms and trouble ticketing * Audit compliance including the performance of scheduled auditing of ERP ...
more info  

 

Secure Elements' C5 Compliance Platform Now Provides for 'Green ... Secure Elements (http://www.secure-elements.com) develops innovative products that help organizations achieve IT security compliance. We enable organizations to audit, evaluate, and comply with internal, industry, and regulatory ...
more info  

 

Beyond Logging: Address Security & Compliance with Audit Trails ... sponsored by Centrify Corporation Premieres: Format: Multimedia Type: Webcast Language: English To access webcasts you must: Have RealPlayer or Windows Media Player installed Disable pop-up.
more info  

 

Beyond Logging: Address Security & Compliance with Audit Trails ... Watch this webcast and learn about best practices for cross-platform auditing. It also discusses why traditional logging methods are insufficient for meeting today's compliance regulations. Published by: Centrify Corporation.
more info  

 

SAS70 & PCI Compliance | Creating Audit Efficiencies ... explosive growth of federal regulatory compliance laws and legislation. Interestingly also, Payment Card Industry (PCI) compliance has also received much attention as of recent, particularly with the recent breaches of security in a ...
more info  

 

It Productivity Center/CRWE.OB The integration of the new security audit framework into its nFX SIM One product enables netForensics to deliver the market????????s most comprehensive solution for managing and reporting on IT security and third-party compliance ...
more info  

 

WMI Based Compliance Checks Below is an example command line run of this audit file: [ron@test bin]# ./nasl -t 192.168.2.6 compliance_check.nbin Windows Compliance Checks, version 2.0.5 Which file contains your security policy : /root/wmi_example2.audit ...
more info  

 

Guide Provides Data Security Audit Steps The IT Compliance Institute (ITCi), an IT education, research, and analysis services organization, recently released its next IT audit checklist, Privacy and Data Protection, the next in its IT Audit Checklist Series, to help IT, ...
more info  

 

Don't Dread that Network Audit: Compliance with Government ... Security administrators need to be more proactive about preventing attacks, making vulnerability assessments a crucial tool in their portfolio.
more info  

 

© 1999 - 2008 Janco Associates, Inc. - ALL RIGHTS RESERVED  --  Revised: 07/02/08.