Patrick,

Red Clay Renovations Company will be conducting an audit of employee awareness of the Red Clay Renovations Company IT Security Policy to ensure compliance with the policy and to identify any vulnerabilities that exist with the current policy. According to the City of Winnipeg (2008) “ Every City employee should have adequate knowledge of the various management, operational, and technical controls required and available to protect the information systems resources for which they are responsible’ (pg. 26). The purpose of this audit is to determine if the employee level of knowledge of Red Clay Renovations Company’s IT Security Policy is acceptable.

Red Clay Renovations Company will not be conducting an internal audit but rather we will be hiring a private organization to conduct the audit. Tracktik (2019) recommends that “A trained security auditor has the experience and expertise necessary to identify potential issues that you might overlook on your own. Most importantly, they have the training necessary to work with your company to identify meaningful solutions” (para. 3). The private organization will be identified by the end of August so that they have ample amount of time to conduct the audit at the end of the fiscal year.

This audit will be designed to test the knowledge of the employees as it relates to the IT Security Policy of Red Clay Renovations Company. Specifically, there will be a series of 20 questions that all employees will be required to answer to test their knowledge of the company’s policy. This audit process should be quick and painless. Bill Hayes (2003) recommends that “When the auditors arrive at the site, their aim is to not to adversely affect business transactions during the audit. They should conduct an entry briefing where they again outline the scope of the audit and what they are going to accomplish” (para. 15). This audit will be conducted at the Red Clay Renovations Operations Center and the field sites in order to gain information from the most employees in the company.

References

City of Winnipeg. (2008). Assessment of IT security awareness. Retrieved from http://www.winnipeg.ca/audit/pdfs/reports/ITSecurityAwareness.pdf

Hayes, B. (2003, May 26). Conducting a security audit: An introductory overview. Retrieved from http://www.symantec.com/connect/articles/conducting-security-audit-introductory-overview

TrackTik. (2019). How to Effectively Conduct a Security Audit in a Corporate Environment? Retrieved from https://www.tracktik.com/2018/03/23/security-audit-corporate-environment/

"Looking for a Similar Assignment? Order now and Get 10% Discount! Use Code "Newclient"