Audits are needed to ensure and maintain a system's quality and integrity. In addition, these system checks aid in identifying security vulnerabilities and reassuring business stakeholders that the organization is doing all necessary to secure sensitive data (TechAdvisory, 2021). Therefore, the organization's IT department should conduct an internal audit of laptops used by employees working from home to ensure compliance with its acceptable use policy. The audit aims to determine how laptops are used and what systems are accessed. It should also search for evidence of incorrectly configured or installed software on laptops.
Analysis
The company will follow the Information System Security Audit Process defined by Harris & Maymi in the CISSP All-in-One Exam Guide, 8th edition (page 839).
Determine Goals
Determine how laptops are being used by employees working from home
Uncover instances where the company's acceptable use policy is being broken
Involve the right business unit leaders
Middle Managers
Determine the scope
All assets and employees not located at company-owned property or directly connected to company-managed networks
Choose the audit team
Select cybersecurity team members
Plan the audit
Inventory every company-owned laptop located off premises
Determine every employee who primarily works from home/remote works
Examine Instances where employees utilize personally owned devices to perform job-related duties/tasks
Determine the best method to audit devices and employees
Bring devices and employees on premises if possible
If not possible, audit devices and employees remotely
Conduct the audit
Perform tasks identified in the previous step
Document the results
Identify discrepancies
Determine how much or how little remote workers/laptops align with the company's acceptable use policy and other cybersecurity policies
Communicate the results
Prepare briefing paper for middle managers.
Present findings to middle managers
Answer questions
Determine what's next
Summary
A cybersecurity audit evaluates the company's cybersecurity risks and the policies, procedures, and controls it employs to maintain acceptable levels of these risks (Reciprocity, 2022). The cybersecurity department of the firm should conduct an internal audit of laptops used by telecommuting workers to ensure compliance with the acceptable usage policy. The audit aims to establish how laptops are used and which systems are accessed. It should also look for improperly configured or installed applications on laptops.
References
Harris, S., & Maymi, F. (2018). CISSP all-in-One exam guide (8th ed.). McGraw Hill Professional.
Reciprocity. (2022, April 26). Cybersecurity Audits: Best Practices + Checklist. Retrieved July 24, 2022, from https://reciprocity.com/resource-center/best-practices-cybersecurity-audits/
TechAdvisory. (2021, February 22). The importance of security audits. https://www.techadvisory.org/2021/02/the-importance-of-security-audits/
Comments