XML Feed


Security Audit ProgramSecurity Audit Program


ISO 27001 - ISO 27002 - Sarbanes Oxley
Patriot Act  - HIPAA - PCI DSS Complaint

 

This Security Audit program contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to the ISO 27000 Series (ISO 27001 and ISO 27002, Sarbanes-Oxley, HIPAA, and PCI-DSS.

The 11 areas of audit focus objectives are:

  • Corporate Security Management

  • Systems Development and Maintenance

  • Information Access Control Management

  • Compliance Management

  • Human Resource Security Management

  • Information Security Incident Management

  • Communications and Operations Management

  • Organizational Asset Management

  • Physical and Environmental Security Management

  • Security Policy Management

  • Disaster Recovery Plan and Business Continuity

IT Toolkits update service is available for the Security Audit program.  The update service is for 24 months from the date of its purchase.  This subscription also provides you with membership in our ELITE SUBSCRIBER SERVICE which provides you with copies of Janco's and IT-Toolkits' White Papers, Surveys, and selected new products before they are released to the general public.

Included with this program are Microsoft (2003 and 2007 format) Excel workbooks and an indexed PDF document that contain the following:

  • Read me - General instructions on the use of the Excel worksheets

  • Audit Program Summary - Lists the 11 areas of audit focus and the 38 task groupings that are included within the audit.  The point summary on this work sheet is calculated automatically by Excel.

  • Audit Program Detail - Lists over 400 detail tasks the need to be completed in the audit and the relative point value of each task.  The only thing that the user needs to do is check the yes or no on each item and re-assign a relative point value for each task.

  • Audit Program Graphic - Lists the 11 areas of audit focus and a bar graph which shows the weights that are assigned to each area.  The point summary on this work sheet is calculated automatically by Excel and the graph is automatically updated.

  • Sample Audit Program - This is copy of the Audit Program Detail with data entered into the individual tasks.

  • Sample Audit Program Summary - This is a copy of the Audit Program Summary with the links changed to point to the Sample Audit Program.

  • Sample Audit Program Graphic - This is a copy of the Audit Program Graphic with links changed to point to the Sample Audit Program plus a chart has been added to show the positive and negative points of the audit. (see chart below)

 

This is a summary graphic that was produced from the Excel worksheet provided as the Audit Program.  In the sample above it is easy to see those areas where improvement is need.

 

 

 

 
 
 

 

 

Site Map

Compliance and Security Audit News

Effective Privacy Documentation to Empower your Organization The prevention plan may include a security audit or employee training. Employee Procedures for Safeguarding Personal Information: Implementing a formal procedure for safeguarding personal information internally guides your employees and ...
more info  

 

Boeing responds to questions - Round two What is Boeing doing to mitigate security weaknesses with its database design? We understand that the company is implementing application-level controls to address the segregation-of-duties concern and that audit tests in 2007 are ...
more info  

 

Boeing Responses to Questions - Round One Describe how Boeing reports SOx compliance issues to its board, audit committee and shareholders. A: Board and Audit Committee Communication: Regular reports are provided to both the audit committee and the board. ...
more info  

 

Computer security faults put Boeing at risk Experts said Boeing is not alone in its struggles, although the extent of other companies' information technology compliance problems is not known. In fact, law or no law, computer security is a "monster," audit expert Jack Champlain ...
more info  

 

CIO (Chief Information Officer) - Project People - London CIO (Chief Information Officer), London, £80K - 100K... consultancies. As CIO in this global role, you will be the business leader for the IT group (15 people... (From Gisajob)
more info  

 

LDAP as the COBOL of Identity? So what great advance would provide this motivation? It won't be security, audit, and compliance. These things can be achieved today with LDAP and strong identity management software. If you can do it today, why rework everything? ...
more info  

 

(IT) IT Security Manager Role/Responsibilities: Lead and manage a team of IT security/audit professionals Monitor the IT environment to ensure compliance with the National IT Security Policies and appropriate government standards and legislation conduct ...
more info  

 

091805 - IT Security Compliance Analyst Calgary Health Region (Calgary AB): "The IT Security Compliance Analyst is responsible for planning and performing audit and compliance projects, controls assessment and documentation for the Region's information..."
more info  

 

More OS Security ... integration like OAAS4OS is compliance requirements. Their company needs to comply with Sarbanes-Oxley (SOX) or similar rules and locally managed passwords for priviliged accounts don't meet those rules (in particular for audit). ...
more info  

 

Retailers find the solution to PCI Compliance on POS Devices ... to collect and maintain an audit-trail of all in-scope PCI servers, databases and network devices. This analyst mentioned that Section 10 was the main play of Security Information Management (SIM) vendors like Arcsight and Loglogic. ...
more info  

 

Russian translation of PCI DSS and SAP Maxim Emm from Infosec in Russia has translated the PCI DSS, PCI Security Audit Procedures, and Navigating the PCI DSS into Russian. This is an unofficial copy of these documents but could be helpful to people who would like this ...
more info  

 

PCI Compliance Project However, recently the PCI rules have broadened and require acquirers for level 4 merchants to put in place better security and procedures. So while you may not be directly required to have an audit, many providers have now passed on ...
more info  

 

IT Director - Novo Executive Search and Selection - GB need to recruit a Director of IT. With dual reporting... organisation. The role of Director of IT has three main strands to it: to align the IT strategy to the... (From Exec2Exec)
more info  

 

Pentagon IG Finds Lack of Oversight and Security for Classified Into. DSS needs to obtain and review copies of all independent annual audit reports, internal audit reports, and Government Security Committee annual reports from the contractor and use that information to monitor the contractor’s compliance ...
more info  

 

IT Director - Best - London the current IT team (of c15 heads) including remote... IT success vs. business needs - Transparency to IT cost structures and deliverables - Transparency to IT... (From JobServe)
more info  

 

Availabe Consultants Excellent IT Audit/Sox/Information Security ... Information Systems Audit Professional with over 11 years of progressive experience in Information Technology (IT) audits, Compliance Audits (SOX, GLBA, SAS70), primarily working on Sarbanes-Oxley testing and consulting for various ...
more info  

 

IT Director - MW Appointments LTD - Canterbury IT Director - Bromley£87000 + bens Large Insurance... is eager to recruit an IT Director with a sound track record and proven experience in driving IT strategy... (From Jobsite UK)
more info  

 

Security audit becomes handy with Secure Auditor Summary: Go and get a copy of Secure Auditor to conduct audit, ... enforces compliance and forensics on your network. ... Now you do not need to deploy multiple tools to audit Oracle, MSSQL, ...
more info  

 

Regulatory Compliance & The Real Risk of Undetected Malware: Part 2 “In the wake of undisclosed data breaches and public information exposure, regulatory compliance and security audit standards are becoming ever more important to protecting critical assets. However; despite this recent upsurge in ...
more info  

 

Regulatory Compliance & Real Risk of Undetected Malware Furthermore, a security audit encompasses some of following questions: - Are passwords difficult to break? - Are computers up-to-date with latest security patches? - Do any vulnerabilities exist in operating system or applications ...
more info  

 

Regulatory Compliance & the Real Risk of Undetected Malware When doing a security audit to ensure that adequate controls are in place from an information security perspective, the auditor is normally looking at whether the corporation is in adherence to a defined policy. Furthermore, a security ...
more info  

 

New PCI Audit Blogs Articles For Finance Professionals Blog, hosted by Tevora Business Solutions, which higlights technical Information Security tidbits, Regulatory Compliance such as Sarbanes-Oxley and PCI DSS, and general security news. Related | Answers | News | Network Security Audit ...
more info  

 

Don't Dread that Network Audit: Compliance with Government ... Security administrators need to be more proactive about preventing attacks, making vulnerability assessments a crucial tool in their portfolio.
more info  

 

New IBM Redbook - Deployment Guide Series: IBM Tivoli Compliance ... This IBM Redbooks publication is a valuable resource for security officers, administrators, and architects who wish to understand and deploy a centralized security audit and compliance solution. Download the Deployment Guide Series: IBM ...
more info  

 

(Unofficial) PCI Security Audit Procedures v1.1 in Russian Although the PCI DSS - Security Audit Procedures (SAP) v1.1 is published in many languages, Russian is not one of them. That is, until now. While teaching a PCI class in Europe last year I remember speaking with someone from a Russian ...
more info  

 

© 2008 Janco Associates, Inc. - ALL RIGHTS RESERVED  --  Revised: 05/02/08.