Question

Review Question 9 in Chapter 12 of the textbook.

The Company you work for is in the process of determining whether to have an information security audit (ISA) performed. Even though the Company is not (yet) required to have an ISA for compliance purposes with laws, rules, and/or regulations, they are very aware of the benefits such audit can provide. However, they also know how pricy these specialized audits are. Would you be inclined to advise your Company go through such type of audit, yes or no? Explain your position.

Response parameters:

The initial post should be between 250 and 350 words

The initial post must demonstrate effective communication skills and analysis that is thoughtful and objective

You must support your responses by searching beyond the chapter (i.e., IT literature and/or any other valid external source). Include examples, as appropriate, to evidence your case point

Use APA formatting (including working web links) to cite all of your sources

Plagiarism

You are expected to write primarily in your own voice, using paraphrase, summary, and synthesis techniques when integrating information from class and outside sources. Use an author’s exact words only when the language is especially vivid, unique, or needed for technical accuracy. Failure to do so may result in charges of Academic Dishonesty.

Overusing an author’s exact words, such as including block quotations to meet word counts, may lead your readers to conclude that you lack appropriate comprehension of the subject matter or that you are neither an original thinker nor a skillful writer.

Answer 1

ISA has a very important role with respect to security in a company. In any company the data plays an important role and also they are the medium in order to hack the important information from the information system of the company. So to protect our data for being hacked, company must have ISA as it performed different levels of checking and secure our data from different means of hacking. ISA use to appoint a person where an audit has to be performed then it checks the whole system, security of private information, and checks whether the data has been leaked from anywhere or not.ISA checks the security of the whole information system as it checks firewall, duplication of the data should not be done, data cannot be transferred to any other destination rather than the given destination. Proper encryption and decryption of the data have been performed by an ISA.ISA also uses several mechanisms such as a digital signature or digital lock where a company can keep its data securely and also at the time of need they can encrypt the data easily. Along with the information security audit, an electrical audit should also be well maintained and company should adopt it also. The report provided by the ISA must be followed in order to check the security of the system and if it was not the same as was expected then the company must rectify and solve the problem which has been identified by the ISA. They must secure their data for future use as well. Also, the auditor must consider the laws and regulations which can, directly and indirectly, affect any company.