The learning outcome for this unit involves the process of developing an information system (IS) compliance audit plan for an organization. There are many factors involved in this process including...

Information Security
Information Security    April 9    2021    
    
Contents
Introduction    2
Explain the information security systems requirements for securing the system/application domain.    2
Evaluate the controls needed for securing the system/application domain.    3
Develop the compliance requirements for the system/application domain.    4
Describe the general procedures and best practices for system/application domain compliance.    5
Summarize potential corrective measures for audit findings in the system/application domain.    6
References    9
Introduction
The Audit and Compliance Department conducted an audit of the IT functions of Bluebird Ltd. The review involves the assessment of risk exposures related to IT-related governance, operations and systems. We assess the adequacy and effectiveness of existing control measures, which involve safeguarding donor funds, the effectiveness and efficiency of operations, and compliance with Bluebird IT policies and procedures.
Explain the information security systems requirements for securing the system/application domain.
The IT department includes the most critical systems, applications and data. The security of these domains is always necessary. Otherwise, it is easy to destroy your organization's information. The most common target systems and applications include operating systems, enterprise resource planning (ERP), email, servers, and web browsers. The most common vulnerabilities in the organization include unauthorized access, server operating systems and application software vulnerabilities, and data loss (Beegle, 2007).
This involves gaining access to the entity without the permission of the company manager. This is a threat because malicious people can easily access departments with highly sensitive information, such as finance and personnel departments, and can steal, change, or destroy stored systems and data. If the target is very sensitive, it will be very dangerous. To prevent such threats, the Company's IT department has developed standard operating strategies, procedures and guidelines for visiting employees and guests. The company regulates the visits of employees and visitors to the facilities by providing visible job tags and recording detailed information when they enter. The company also installed RFID readers at the main entrance to the entrance to identify people entering the facility.
Software vulnerabilities are vulnerabilities in software or servers that allow attackers to gain access to the system. This vulnerability can be exploited in malicious software executed unknowingly by users or attackers. Bluebird mitigates this vulnerability by removing periodic security updates from system applications, installing anti-malware intrusions, assigning staff strong domain passwords that change every two months, discarding outdated software, and replacing it immediately (Garigue & Stefaniu, 2003).
Data is information stored on a network or on a computing device. Bluebird Ltd stores emails, documents, database records, spreadsheets and other forms. Cooling can lose data during storage, transmission, or processing. When they do occur, they are considered a great risk to the company's system because it interferes with the primary purpose of the system, which includes creating, storing, retrieving, and processing data. The IT department backs up all stored information every day.
Evaluate the controls needed for securing the system/application domain.
Access control is all policies, procedures and organizational methods that can ensure the security of assets, the reliability and accuracy of information, and compliance with management standards in...