Question
Use the attached Case Study for this assignment. Pick one of the audit steps from Chapter 3 (Auditing Entity-Level Controls) and one of the audit
Use the attached Case Study for this assignment.
Pick one of the audit steps from Chapter 3 (Auditing Entity-Level Controls) and one of the audit steps from Chapter 4 (Auditing Data Centers and Disaster Recovery). Describe the audit step and how you would conduct it for the case study company. Include specific procedures for performing and validating the audit step and any expected results. The procedures you use should be in your own words and not copied from the book. You may make assumptions, but should document those assumptions in your report. If you use references outside of the book, please cite those.
CIS 411 Case Study Architecture Firm.
Dalton, Walton, & Carlton, Inc. is an architecture firm with approximately 250 employees in four cities in a regional area. The main office is in Kansas City, Mo, which houses 100 of the employees. The main office is located in a suburb neighborhood where physical security is not considered a concern.
Their IT infrastructure is as follows:
o They primarily use Microsoft servers and PCs with a number of Mac computers used to perform design work. They use Active Directory, have a Web Server for their Internet web site, four servers used as file shares (one in each office), four servers housing their architecture applications, a training server, five MS SQL database servers, and two Microsoft Exchange servers for email.
o There are 20 Windows 2008 servers in the main office, twelve of which are virtualized on three physical servers.
o System updates and patches are run from the main office. Most systems get Microsoft updates once a month, but some are missed. Also, most third party products (e.g., Adobe PDF & Flash) are not kept up to date.
o Each satellite office has 3-4 servers for storing files and running local applications.
o Each office has its own, decentralized wireless network connected to the production network.
o Each employee has a desktop or laptop PC running Windows 7. HR personnel have laptops for conducting interviews.
o They outsource their email spam filter and all HR applications to two separate third party companies.
o The network sits behind a gateway router and firewall. Antivirus is in use, but is not automatically updated across the company. Employees often work remotely and only use their login and password to gain access to the corporate systems.
o There is a Director of IT who has a full time staff of 5 employees, one of which does security duties part time.
There are a few known issues with their IT infrastructure and organization:
o Recently, a number of PCs and office equipment has been stolen out of the office.
o Its at the data owners discretion as to whether or not to secure their data files or folders. Many do not secure their files, while some lock them so only they have access. There have been rumors that customer data and intellectual property have been lost.
o Two employees recently left your company and went to your biggest competitor, where they just landed a contract with your largest account.
o Vendors are allowed access to the site and computers without authorization or supervision.
o Onsite staff at each location provides IT support part time along with their other responsibilities. Password resets are done by giving out a generic password Chiefs2011.
You are an independent auditor brought in by Dalton, Walton, & Carltons management. Theyve tasked you with conducting an audit of their entire IT infrastructure, organization, and processes.
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started