• Kyser Clark

Security Assessment and Testing



Audits are needed to ensure and maintain a system's quality and integrity. In addition, these system checks aid in identifying security vulnerabilities and reassuring business stakeholders that the organization is doing all necessary to secure sensitive data (TechAdvisory, 2021). Therefore, the organization's IT department should conduct an internal audit of laptops used by employees working from home to ensure compliance with its acceptable use policy. The audit aims to determine how laptops are used and what systems are accessed. It should also search for evidence of incorrectly configured or installed software on laptops.


Analysis

The company will follow the Information System Security Audit Process defined by Harris & Maymi in the CISSP All-in-One Exam Guide, 8th edition (page 839).

  • Determine Goals

  • Determine how laptops are being used by employees working from home

  • Uncover instances where the company's acceptable use policy is being broken

  • Involve the right business unit leaders

  • Middle Managers

  • Determine the scope

  • All assets and employees not located at company-owned property or directly connected to company-managed networks

  • Choose the audit team

  • Select cybersecurity team members

  • Plan the audit

  • Inventory every company-owned laptop located off premises

  • Determine every employee who primarily works from home/remote works

  • Examine Instances where employees utilize personally owned devices to perform job-related duties/tasks

  • Determine the best method to audit devices and employees

  • Bring devices and employees on premises if possible

  • If not possible, audit devices and employees remotely

  • Conduct the audit

  • Perform tasks identified in the previous step

  • Document the results

  • Identify discrepancies

  • Determine how much or how little remote workers/laptops align with the company's acceptable use policy and other cybersecurity policies

  • Communicate the results

  • Prepare briefing paper for middle managers.

  • Present findings to middle managers

  • Answer questions

  • Determine what's next


Summary

A cybersecurity audit evaluates the company's cybersecurity risks and the policies, procedures, and controls it employs to maintain acceptable levels of these risks (Reciprocity, 2022). The cybersecurity department of the firm should conduct an internal audit of laptops used by telecommuting workers to ensure compliance with the acceptable usage policy. The audit aims to establish how laptops are used and which systems are accessed. It should also look for improperly configured or installed applications on laptops.



References

Harris, S., & Maymi, F. (2018). CISSP all-in-One exam guide (8th ed.). McGraw Hill Professional.

Reciprocity. (2022, April 26). Cybersecurity Audits: Best Practices + Checklist. Retrieved July 24, 2022, from https://reciprocity.com/resource-center/best-practices-cybersecurity-audits/

TechAdvisory. (2021, February 22). The importance of security audits. https://www.techadvisory.org/2021/02/the-importance-of-security-audits/

6 views