XML Feed


Security Audit ProgramSecurity Audit Program


ISO 27001 - ISO 27002 - Sarbanes Oxley
Patriot Act  - HIPAA - PCI DSS Complaint

 

This Security Audit program contains over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings. The audit program is one that either an external auditor, internal auditor can use to validate the compliance of the Information Technology and the enterprise to the ISO 27000 Series (ISO 27001 and ISO 27002, Sarbanes-Oxley, HIPAA, and PCI-DSS.

The 11 areas of audit focus objectives are:

  • Corporate Security Management

  • Systems Development and Maintenance

  • Information Access Control Management

  • Compliance Management

  • Human Resource Security Management

  • Information Security Incident Management

  • Communications and Operations Management

  • Organizational Asset Management

  • Physical and Environmental Security Management

  • Security Policy Management

  • Disaster Recovery Plan and Business Continuity

IT Toolkits update service is available for the Security Audit program.  The update service is for 24 months from the date of its purchase.  This subscription also provides you with membership in our ELITE SUBSCRIBER SERVICE which provides you with copies of Janco's and IT-Toolkits' White Papers, Surveys, and selected new products before they are released to the general public.

Included with this program are Microsoft (2003 and 2007 format) Excel workbooks and an indexed PDF document that contain the following:

  • Read me - General instructions on the use of the Excel worksheets

  • Audit Program Summary - Lists the 11 areas of audit focus and the 38 task groupings that are included within the audit.  The point summary on this work sheet is calculated automatically by Excel.

  • Audit Program Detail - Lists over 400 detail tasks the need to be completed in the audit and the relative point value of each task.  The only thing that the user needs to do is check the yes or no on each item and re-assign a relative point value for each task.

  • Audit Program Graphic - Lists the 11 areas of audit focus and a bar graph which shows the weights that are assigned to each area.  The point summary on this work sheet is calculated automatically by Excel and the graph is automatically updated.

  • Sample Audit Program - This is copy of the Audit Program Detail with data entered into the individual tasks.

  • Sample Audit Program Summary - This is a copy of the Audit Program Summary with the links changed to point to the Sample Audit Program.

  • Sample Audit Program Graphic - This is a copy of the Audit Program Graphic with links changed to point to the Sample Audit Program plus a chart has been added to show the positive and negative points of the audit. (see chart below)

 

This is a summary graphic that was produced from the Excel worksheet provided as the Audit Program.  In the sample above it is easy to see those areas where improvement is need.

 

 

 

 
 
 

 

 

Site Map

Compliance and Security Audit News

"Security": Whose Responsibility? Rather, Security will (if not already) need to pair itself with IT, Audit, and Privacy in order to be effective. One could say the same for and Compliance groups, Governance officers, and/or Physical Security teams, although I'm less ...
more info  

 

The Bare Minimum Perform an information security audit and management review to check that everything is in order (this typically involves an informal pre-certification assessment by the certification body). Make any last-minute adjustments to the ...
more info  

 

IT Director - NRG Group - Newcastle Upon Tyne IT Director Permanent £70000 - £80000 + Excellent Benefits An IT Director is required in Newcastle upon... Management Board, the IT Director will have ultimate... (From JobServe)
more info  

 

Security in Corporate IT Todays The business side, compliance, the infrastructure... basically all the stakeholders of the security control you can think of, are demanding more and more information and evaluation of potential risk. Security is a tricky business in a ...
more info  

 

IT Policy Compliance Focuses on assisting organizations to improve compliance results. (tags: research security audit isaca management news ict). ITPCG blog. Dedicated to promoting the development of research and information that will help IT security ...
more info  

 

Cost of PCI compliance? The answer here is that companies do not look to reduce the scope of compliance before pulling the trigger on security. If business people drive the audit they look at cost and balance business requirements against security. ...
more info  

 

Global Business IT Director - UK-Wide / Home Based / Worldwide ... Global Business IT Director - UK-Wide / Home Based / Worldwide, England Global Business IT Director - UK... looking for a director to lead the global engagement... (From OnQ Jobs)
more info  

 

Deputy Head of Information - Southport & Ormskirk Hospital NHS ... Our newly appointed Head of Information is seeking to... you do not hear from us within four weeks of the closing date consider that you have not been shortlisted... (From NHS Jobs)
more info  

 

Shimel Wants To Sell You A Dead Parrot. On An Iceberg. Slathered ... Now Alan does agree that the audit/compliance focus is an unfortunate reality that distracts from real security, but he thinks GRC tools offer at least a partial solution to this problem. GRC is a needed tool in todays security ...
more info  

 

Information Management Centres of Competence Director - UK-Wide ... Centres of Competence Director - UK-Wide, England Global Information Management Centres of Competence Director - UK-Wide / Home-Based / Worldwide. Global market... (From OnQ Jobs)
more info  

 

Reduce Network Security Threats with Password Security Audit Software ... a password audit and security test tool that makes it easy for NT4/2000/XP/2003 systems administrators to identify and close security holes in their networks. New features in version 1.7 include full UNICODE compliance, allowing the ...
more info  

 

Head Of IT, Liverpool, North West, 45k-50k - Computer Futures ... Head Of IT, Liverpool, North West, 45k-50k Permanent Head of IT, Liverpool, North West, 45k-50k, required... leading the IT function and deliver IT services to... (From JobServe)
more info  

 

IT Director - Regent Consulting - GB measured by sales and profits, but is consolidated by... global operations. Against this background they now wish to appoint an IT Director to complete and enhance... (From executive-i.com)
more info  

 

Global IT Vendor Management and Purchasing Director - UK-Wide ... Global IT Vendor Management and Purchasing Director - UK-Wide / Home-Based / Worldwide. Global market... organisations. The director will be responsible for... (From Jobsite UK)
more info  

 

Welcome This will be a forum for disseminating information about audit, compliance, governance, information security and technology management. We will be discussing relevant and emerging topics important to today's businesses in the areas of ...
more info  

 

Availabe Consultants Excellent IT Audit/Sox/Information Security ... Over 12 years of experience in Enterprise Information Security, Compliance, IT Governance, Regulatory requirements and Project Management and are able to effectively adapt to changing technologies and compliance efforts. ...
more info  

 

Head Of IT Change Investment Management Firm - Cornwallis Elt Ltd ... Head Of IT Change Investment Management Firm... are looking to hire a Head of IT Change to run and oversee multiple large scale and business critical IT... (From JobServe)
more info  

 

IT Director - DP Group,The - GB IT Director Description We are currently recruiting for an IT Director for our high profile city centre... desirable. For more information regarding this unique... (From RecruitNI.com)
more info  

 

CIO (Chief Information Officer) - Project People - London CIO (Chief Information Officer), London, £80K - 100K... consultancies. As CIO in this global role, you will be the business leader for the IT group (15 people... (From Gisajob)
more info  

 

Chief Information Office/ IT Manager - Project People Limited - London Chief Information Officer / Global IT Manager... a strategically minded Chief Information Officer based in London to act as business leader for IT and to... (From Jobsite UK)
more info  

 

International Head of IT - E-Scape Recruitment - Edinburgh International Head of IT International Head of IT £Excellent + Benefits Preferably based in Edinburgh... arisen for an International Head of IT to co-ordinate... (From Planetrecruit.com)
more info  

 

Russian translation of PCI DSS and SAP Maxim Emm from Infosec in Russia has translated the PCI DSS, PCI Security Audit Procedures, and Navigating the PCI DSS into Russian. This is an unofficial copy of these documents but could be helpful to people who would like this ...
more info  

 

Opening for Manager-Information Security - Bangalore - MNC Bank Maintaining IT Compliance Framework – keep existing compliance framework updated as per IT policy · Ensure compliance procedures(organisation and site specific) are defined and followed Compliance Audit ...
more info  

 

Security Specialist ... and produces reports to assist customers in reviewing accesses. Assists in the review of existing systems security issues and procedures. May provide support in installations, and conversions. Assist in audit compliance projects.
more info  

 

Don't Dread that Network Audit: Compliance with Government ... Security administrators need to be more proactive about preventing attacks, making vulnerability assessments a crucial tool in their portfolio.
more info  

 

© 2008 Janco Associates, Inc. - ALL RIGHTS RESERVED  --  Revised: 05/02/08.