Skip to content

This project contains a security audit report template which can be used in a professional manner.

Notifications You must be signed in to change notification settings

darkoid/SecurityAuditReportTemplate

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 

Repository files navigation

Security Audit Report Template

Description

This project contains the report I made for Internal Security Audit on a fictional company "Botium Toys" under the Google Cybersecurity Professional Certificate Course from coursera

This project contains the Report I made while performing a internal security audit on a fictional company called Botium Toys as a part of completing the Google Cybersecurity Professional Certificate from coursera.

Coursera link for Audit Portfolio Assessment:

PS: You'll need to have access to the course which you can get by taking trial for seven days or paying $49 for monthly subscription or by applying for financial aid on the course.

Project Result

To view the file on google docs click here

To download click here - Internal Security Audit Report Report.docx

Project walkthrough

Step 1: Read the supporting materials provided by the company

Step 2: Analyse the audit scope, goals, and risk assessment

You receive the following email from your IT manager:

Hello!

I have completed the audit scope and goals, as well as a risk assessment. At a high level, the main goals and risks are as follows:

Goals:

  • Improve Botium Toys’ current security posture by aligning to industry best practices (e.g., adhere to the NIST CSF, implement concept of least permissions)
  • Provide mitigation recommendations (i.e., controls, policies, documentation), based on current risks
  • Identify compliance regulations Botium Toys must adhere to, primarily based on where we conduct business and how we accept payments
  • To review the full report, read the Botium Toys: Audit scope and goals document

Risks:

  • Inadequate management of assets
  • Proper controls are not in place
  • May not be compliant with U.S. and international regulations and guidelines
  • Current risk score is 8/10 (high), due to a lack of controls and adherence to compliance regulations and standards
  • To review the complete list of assets and risks, read the Botium Toys: Risk assessment document

Thank you, Botium Toys IT Manager

After you review the audit scope, goals, and risk assessment, consider the following questions:

  • What are the biggest risks to the organization?
  • Which controls are most essential to implement immediately versus in the future?
  • Which compliance regulations does Botium Toys need to adhere to, to ensure the company keeps customer and vendor data safe, avoids fines, etc.?

Step 3: Conduct the audit: controls assessment

Conduct the next step of the security audit by completing the controls assessment.

To complete the controls assessment, open the supporting materials. Then:

  1. Review the list of Botium Toys’ assets
  2. Review each control name
  3. Review the control types and explanation
  4. Mark an X next to each control that needs to be implemented
  5. Note levels of priority (high, medium, and/or low; NA if not applicable)
****Pro Tip: Save a copy of your work****

Be sure to address the following elements in your completed activity:

Controls assessment

  • All listed assets are accounted for in the controls selected
  • Appropriate administrative, technical, and physical controls are selected (marked X)
  • The priority level for each control selected is noted, based on the need for implementation

Controls Assessment

Compliance checklist - The compliance regulations and standards that Botium Toys needs to adhere to are selected

Compliance checklist

Step 5: Assess your security

The following is a self-assessment for your controls assessment and compliance checklist. You will use these statements to review your own work. The self-assessment process is an important part of the learning experience because it allows you to objectively assess your security audit.

  • Reviewed the scope of the audit then considered risks to companies customers, employees and assets.
  • You selected controls
  • You rated each of the controls you selected to determine if they need to be implemented now or later.
  • You selected compliance regulations and standards that company adhere to.
  • You explained why company needs to adhere to the selected compliance regulations and standards.

About

This project contains a security audit report template which can be used in a professional manner.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published