Auditing It Infrastructures for Compliance
Auditing It Infrastructures for ComplianceIntroduction:
For this final paper, I am to assemble the executive reports for which I have completed over the last 5 weeks and combine them into one final report. These reports will consist of:
- The two auditing frameworks or hardening guidelines / security checklists used by the DoD.
- How a security assessment addressing modern day risks, threats, and vulnerabilities throughout the 7-domains of a typical IT infrastructure can help an organization achieve compliance.
- How to gather and obtain needed information to perform a GLBA Financial Privacy & Safeguards Rules compliance audit and what must be covered.
- The top workstation domain risks, threats, and vulnerabilities which will not only include possible causes, but mitigations as to prevent these issues from happening.
- The top LAN – to – WAN risks, threats, and vulnerabilities which will not only include possible causes, but mitigations as to how we can prevent these issues from happening.
- The top Remote Access Domain risks, threats, and vulnerabilities as well as ways to mitigate these types of issues.
- The top Systems / Application Domain risks, threats, and vulnerabilities as well as ways to mitigate these types of issues.
The purpose of part 1 for this lab is to develop an executive summary in regards to either the two auditing frameworks or hardening guidelines/security checklists used by the DoD. For this, I have chosen to discuss the two auditing frameworks.
A little background about the AF (Auditing Framework) for the DoD is that it provides a foundation for developing and representing descriptions that ensure a common denominator for understanding, comparing, and integration across organizational, joint, and multinational boundaries. All U.S. DoD weapons and information technology system acquisitions are required to develop and document an enterprise architecture (EA) using the views prescribed in the DoDAF. While it is clearly aimed at...