Posted: August 2nd, 2022

Planning an IT Infrastructure Audit for Compliance

Overview
Observe: Chapter 5 of the required textbook might enable you to full the task.

The audit planning course of straight impacts the standard of the end result. A correct plan ensures that assets are targeted on the best areas and that potential issues are recognized early. A profitable audit first outlines the targets of the audit, the procedures that will probably be adopted, and the required assets.

Directions
Select an group you’re acquainted with and develop an eight–10 web page IT infrastructure audit for compliance through which you:

Outline the next:
Scope.
Objectives and targets.
Frequency of the audit.
Period of the audit.
Establish what you contemplate to be the essential necessities of the audit and supply a rationale for your selections.
Select privateness legal guidelines that apply to the group and determine who’s accountable for privateness throughout the group.
Develop a plan for assessing IT safety for your chosen group by conducting the next:
Threat administration.
Risk Assessment.
Vulnerability Assessment.
Threat Assessment Assessment.
Clarify find out how to get hold of data, documentation, and assets for the audit.
Analyze how every of the seven domains aligns inside your chosen group.
Align the suitable objectives and targets from the audit plan to every area and supply a rationale for your alignment.
Develop a plan that:
Examines the existence of related and acceptable safety insurance policies and procedures.
Verifies the existence of controls supporting the insurance policies.
Verifies the efficient implementation and ongoing monitoring of the controls.
Establish the essential safety management factors that should be verified all through the IT infrastructure and develop a plan that features enough controls to fulfill high-level outlined management targets on this group.
Use at the least three high quality assets on this task. Observe: Wikipedia and comparable web sites don’t qualify as high quality assets.
This course requires using Strayer Writing Requirements. For help and data, please discuss with the Strayer Writing Requirements hyperlink within the left-hand menu of your course. Examine along with your professor for any extra directions.

The particular course studying end result related to this task is:

Develop an IT infrastructure audit for compliance.

Planning an IT Infrastructure Audit for Compliance
Scholar’s Identify:
Establishment:

Planning an IT Infrastructure Audit for Compliance
The IT infrastructure audit is a significant factor in an group that ensures that the IT infrastructure is related and operating in probably the most optimum technique to meet its completely different objectives and targets. The infrastructure audit is applied in a course of and phases that consider each part of the interconnected safety infrastructure to make sure that they’re successfully designed and modeled to fulfill their duties and obligations (Ana and Garcia, 2014). On this regard, there’s a have to have a enough audit planning course of to make sure that the standard of the audit is successfully improved. There’s a want for efficient planning to make sure that assets are directed in the best areas, and the potential issues are recognized effectively prematurely. The IT infrastructure audit should be procedurally applied to make sure that all the required elements are successfully factored in. The audit ensures that the IT system’s vulnerabilities and gaps are recognized and the related countermeasures adopted to make sure that the system operates successfully and effectively to fulfill its completely different objectives and targets.
Scope
Scope of the IT infrastructure Audit determines the audit’s degree and extent as decided by the targets of the audit or the explanations the audit was established. The audit may very well be carried out for all the group or on particular departments or areas. The audits are carried out to regulate adequacy and effectiveness. On this regard, the scope will guarantee enough management of adequacy by taking related controls on the insurance policies, procedures, and practices to realize objectives and keep away from the related dangers (Weiss and Solomon, 2015). On this case, the scope will consider the operation of all the pc and community system to make sure that it is compliant with the completely different objectives, insurance policies, procedures, and finest practices. Moreover, the completely different departments’ working system will probably be evaluated to find out their effectiveness and effectivity in delivering completely different objectives and targets.
Objectives and targets
The IT infrastructure Audit, on this case, has completely different objectives directed in direction of making certain that availability, confidentiality, and integrity of knowledge and system is achieved within the group. The development in expertise and innovation ensures that organizations are run via information to make Assessment and Assessment in choice making. On this regard, the infrastructure system should be successfully evaluated (Weiss and Solomon, 2015). The particular audit targets take the enhancing system continuity via its availability and reliability, administration and upkeep, enhancing the safety requirements via analysis of logical and bodily entry, provision of cheap assurance that management targets are achieved, substantiation of dangers as occasioned by completely different weak spot and be certain that corrective measures are adopted to make sure that the system stays productive.
Frequency of the audit
It is important to notice that the expertise is dynamic; thus, there’s a want for common IT infrastructure audits to make sure that the system’s vulnerabilities are eradicated and as an alternative corrective measures adopted. On this regard, the IT audit must be carried out after each three months, thus making certain that organizational IT methods are streamlined to the organizational objectives.
Period of the audit
The audit length must be co9nducted in a single week, the place the audit will probably be carried out concurrently in the principle workplace and the subsidiary places of work.
Crucial necessities of audit
The conduct of the audit must be enhanced by making certain the provision of various necessities. On this regard, there’s a want for all IT audit professionals to conduct the audit work that features preparations, analysis, and Assessment of the prevailing IT infrastructure (Maghriby, 2018). Consequently, there’s a want for the and software program for use to implement the IT audit. The IT infrastructure audit workers use the and software program elements to gather information required to evaluate and consider the IT methods and infrastructure. Moreover, there’s a want for open communication within the audit’s conduct between the auditors and the enterprise to make sure that auditors can get sure paperwork comparable to system stock data for the conduct of the audit. The completely different necessities are wanted based mostly on the operate they play within the conduct of the audit.
Privateness legal guidelines utilized on the hospital
The IT audit Infrastructure will adhere to the Well being Insurance coverage Portability and Accountability Act (HIPAA) or the privateness rule. The privateness rule units a baseline for the safety of sure individually identifiable well being data. The affected person can select if their data remedy, fee, and healthcare operations could be disclosed for sure functions (Tendam, 2018). Due to this fact, the HIPAA safety rule affords technical, bodily, and administrative safeguards to the sufferers’ medical data. On this regard, the IT infrastructure audit must be carried out in adherence to the HIPAA to make sure that privateness for medical data is upheld.

IT Safety Assessment
Threat administration
Threat administration takes the identification, Assessment, and controlling threats to an group. The threats could be in several varieties, comparable to monetary uncertainty, strategic administration errors, authorized liabilities, and accident and pure disasters to the IT infrastructure (Bichou, 2015). The danger administration course of would take threat identification, threat Assessment, threat analysis, threat remedy, and monitoring and reviewing the chance. This method ensures that dangers are successfully managed and eradicated.
Risk Assessment
The risk Assessment takes the method of figuring out the elements of the system wanted to be protected. This method evaluates the forms of threats that needs to be shielded from affecting the IT infrastructure (Zalewski et al., 2013). Risk Assessment is applied by figuring out the scope of risk Assessment, accumulating information to cowl risk Assessment, figuring out potential vulnerabilities, analyzing threats to uncover and assigning a score, and ultimately the efficiency of risk Assessment.
Vulnerability Assessment
The vulnerability Assessment entails the identification, analysis, and Assessment of susceptibility to pure and technological hazards. The vulnerability Assessment course of takes the preliminary Assessment the place the IT belongings in danger and significant worth for every system, such because the safety Assessment vulnerability scanner (Correa and Yusta, 2013). Consequently, system vulnerability is completed to find out the standard of the system and infrastructure and its configuration. Furthermore, there’s the efficiency of the vulnerability scan that evaluates the compliance necessities based mostly on the hospital posture and enterprise. Moreover, there’s the drawing of the vulnerability Assessment report creation that summarizes the main points of the vulnerability within the system and a suggestion of the mitigation methods.
Threat Assessment Assessment
The danger Assessment Assessment identifies threat elements with the potential to trigger hurt in an establishment (Correa and Yusta, 2013). The danger Assessment Assessment course of takes the identification of hazards, deciding events which can be prone to be harmed and the way, analysis of dangers recognized and choose precautions, recording of discovering and their implementation, and a assessment of your threat Assessment and replace it if crucial.
Acquiring data for the audit
The conduct of an IT infrastructure audit will probably be efficient by accumulating enough information to tell the analysis. On this regard, the data will probably be collected from the pc methods. The pc system tracks the operation throughout the IT infrastructure and presents studies and information adopted within the audit (Steinbart et al., 2018). Consequently, the audit’s and software program instruments will favorably accumulate the wanted information for the audit depicting the operation throughout the IT infrastructure. Moreover, information for the audit could be collected via surveys and interviews with the completely different IT professionals working throughout the IT system with questions directed at establishing the efficiency and points to help within the audit, comparable to on compliance with completely different insurance policies and procedures and rules.

Alignment of the seven domains with the hospital
The everyday IT infrastructure consists of seven domains. On this regard, the person area represents all of the customers with entry to the opposite domains (Kim and Solomon, 2013). This consists of the end-users accessing data on the hospital, comparable to the staff within the completely different hospital departments comparable to accountants or physicians.
The workstation Area takes the pc of an particular person person the place the manufacturing takes place, they usually allow the customers to hook up with the precise IT infrastructure (Kim and Solomon, 2013). The hospital’s workstation ensures the technology of medical outcomes, transferring them to completely different departments comparable to pharmacy or the physicians and the billing part.
The LAN Doman consists of workstations, routers, switches, and hubs, making up the native space community (Kim and Solomon, 2013). The hospital makes use of the LAN Area to speak and work together throughout the hospital on the inner affairs.
LAN/WAN Area consists of the boundary between the trusted and untrusted zones the place LAN connects to the web (Kim and Solomon, 2013). The zone is filtered with a firewall. This area represents the hospital’s community system, linking it with the exterior events such because the insurance coverage suppliers.
System/Software Storage Area is made up of the user-accessed servers comparable to databases and emails (Kim and Solomon, 2013). As an illustration, it consists of the software program operating the hospital system operations comparable to accumulating, accessing, and storing data.
Distant Entry Area features a cellular person can entry the native community nearly via the VPN (Kim and Solomon, 2013). The distant Entry Area within the hospital included the medical professionals, distributors, and contractors working from the sector or house away from the hospital setting.
WAN Area represents the web and stands for vast space community. It refers back to the hospital’s exterior entities represented by the area, comparable to web sites and exterior endpoints (Kim and Solomon, 2013). WAN area permits the hospital to attach with third events such because the insurer suppliers.
Alignment of objectives and targets to the audit plan for every area
The IT infrastructure area must be aligned to the audit objectives and targets to make sure that its operations are successfully streamlined. The top-user area must be aligned to the audit goal of substantiating threat resulting from management weaknesses (Kayser et al., 2015). This method ensures that the end-users use the IT infrastructure and methods appropriately whereas avoiding dangers and threats.
The workstation area must be aligned to adopting corrective measures within the common operations throughout the IT infrastructure and system (Kayser et al., 2015). The target ensures that the workstations take efficient and protected suggestions and incorporate them into the effectivity system.
The LAN area must be aligned to the safety targets that be certain that safety measures are adopted for bodily and logical entry (Kayser et al., 2015). The Safety goal within the LAN Area ensures that the inner communication within the hospital is not going to be interfered with or compromised by exterior events.
The LAN/WAN Area must be aligned to the safety targets to make sure that third events or malicious events don’t acquire unauthorized entry to the system (Kayser et al., 2015). The area includes utilizing the web; thus, there’s a want for safety measures comparable to using firewall to make sure that the web and the system will not be compromised.
The System/Software Storage Area must be aligned to the continuity targets that be certain that the storage is protected even after an assault or a risk (Kayser et al., 2015). The continuity ensures that the storage software and system are dependable, obtainable, and backed up to make sure that the hospital can get well within the case of an assault or a threat.
The Distant Entry Area is aligned to administration and upkeep targets to make sure the VPN’s organizational communication system is improved via additions, upgrading, documentation, and the change of process (Kayser et al., 2015). This goal ensures that hospital communication is improved and secured.
The WAN Area must be aligned with safety, administration, and upkeep to ensures that the exterior relations and interplay between the hospital and different events will not be compromised (Kayser et al., 2015). Interplay via the web must be safeguarded and managed to realize excessive ranges of effectivity and effectiveness.
Plan growth:
Look at the existence of related and acceptable safety insurance policies and procedures
Safety insurance policies and procedures are important within the IT infrastructure to make sure that safety threats and dangers don’t compromise operations. Due to this fact, there’s a have to entry and study their existence within the IT infrastructure (Peltier, 2016). The existence of insurance policies and procedures is evaluated from the compliance to the completely different insurance policies and pointers and their operation adherence. On this regard, one wanted to determine guidelines and rules adopted within the implementation of various duties. Consequently, one must classify the foundations and rules into completely different insurance policies comparable to code of conduct, recruitment coverage, web, e-mail coverage, cell phone coverage, drug, alcohol coverage, well being, security coverage, grievance and dealing with self-discipline, and termination coverage. Moreover, the process is evaluated from the important to stay to the completely different insurance policies and implement them pretty and fairly (Cullingworth et al., 2013). The adherence to the process signifies that the completely different professionals observe the insurance policies of their operations and choice making. Furthermore, there’s a want to determine the exterior rules and compliances subjected to the hospital regulating its operations and selections making. The rules and compliances type a part of the insurance policies and procedures in implementing features and choice making. Extra so, there’s a want to determine management measures applied to reinforce the statement to make sure that the insurance policies and procedures are noticed. The controls could be within the type of output controls and behavioral controls subjected to the professionals to incline them to watch the set guidelines and rules in implementing completely different duties and obligations. Moreover, there’s a want to determine the impression of the insurance policies and the procedures in assembly their meant objectives. The hospital wants to guage if it may possibly meet its objectives and targets by observing insurance policies and procedures. The establishment of insurance policies in an group is directed to Help the group meet its objectives with certainty. Due to this fact, an group’s success in its operations will certify the existence and operation of controls, insurance policies, and procedures.

References
Ana, L., & García, F. M. (2014). Do federal and state audits improve compliance with a grant program to enhance municipal infrastructure (AUDIT examine): examine protocol for a randomized managed trial. BMC public well being, 14(1), 912.
Bichou, Ok. (2015). The ISPS code and the price of port compliance: an preliminary logistics and provide chain framework for port safety Assessment and administration. In Port Administration (pp. 109-137). Palgrave Macmillan, London.
Correa, G. J., & Yusta, J. M. (2013). Grid vulnerability Assessment based mostly on scale-free graphs versus energy move fashions. Electrical Energy Methods Analysis, 101, 71-79.
Cullingworth, B., Caves, R. W., Cullingworth, J. B., & Caves, R. (2013). Planning within the USA: insurance policies, points, and processes.
Kayser, L., Kushniruk, A., Osborne, R. H., Norgaard, O., & Turner, P. (2015). Enhancing the effectiveness of consumer-focused well being data expertise methods via eHealth literacy: a framework for understanding customers’ wants. JMIR human elements, 2(1), e9.
Kim, D., & Solomon, M. G. (2013). Fundamentals of data methods safety. Jones & Bartlett Publishers.
Maghriby, B. (2018). Affect on Audit Course of Effectiveness and Audit Infrastructure on Inner Audit Capabilities.
Peltier, T. R. (2016). Data Safety Insurance policies, Procedures, and Requirements: pointers for efficient data safety administration. CRC Press.
Steinbart, P. J., Raschke, R. L., Gal, G., & Dilla, W. N. (2018). The affect of a superb relationship between the inner audit and data safety features on data safety outcomes. Accounting, Organizations and Society, 71, 15-29.
Tendam, M. L. (2018). The HIPAA-Pota-Mess: How HIPAA’s Weak Enforcement Requirements Have Led States To Create Complicated Medical Privateness Treatments. Ohio St. LJ, 79, 411.
Weiss, M., & Solomon, M. G. (2015). Auditing IT infrastructures for compliance. Jones & Bartlett Publishers.
Zalewski, J., Drager, S., McKeever, W., & Kornecki, A. J. (2013, January). Risk modeling for safety Assessment in cyberphysical methods. In Proceedings of the Eighth Annual Cyber Safety and Data Intelligence Analysis Workshop (pp. 1-Four).

Order | Check Discount

Tags: Planning an IT Infrastructure Audit for Compliance