This project contains the report I made for Internal Security Audit on a fictional company "Botium Toys" under the Google Cybersecurity Professional Certificate Course from coursera
This project contains the Report I made while performing a internal security audit on a fictional company called Botium Toys as a part of completing the Google Cybersecurity Professional Certificate from coursera.
Coursera link for Audit Portfolio Assessment:
- https://www.coursera.org/learn/manage-security-risks/exam/TMBj8/portfolio-activity-conduct-a-security-audit-part-1
- https://www.coursera.org/learn/manage-security-risks/exam/TMBj8/portfolio-activity-conduct-a-security-audit-part-2
PS: You'll need to have access to the course which you can get by taking trial for seven days or paying $49 for monthly subscription or by applying for financial aid on the course.
To view the file on google docs click here
To download click here - Internal Security Audit Report Report.docx
You receive the following email from your IT manager:
Hello!I have completed the audit scope and goals, as well as a risk assessment. At a high level, the main goals and risks are as follows:
Goals:
- Improve Botium Toys’ current security posture by aligning to industry best practices (e.g., adhere to the NIST CSF, implement concept of least permissions)
- Provide mitigation recommendations (i.e., controls, policies, documentation), based on current risks
- Identify compliance regulations Botium Toys must adhere to, primarily based on where we conduct business and how we accept payments
- To review the full report, read the Botium Toys: Audit scope and goals document
Risks:
- Inadequate management of assets
- Proper controls are not in place
- May not be compliant with U.S. and international regulations and guidelines
- Current risk score is 8/10 (high), due to a lack of controls and adherence to compliance regulations and standards
- To review the complete list of assets and risks, read the Botium Toys: Risk assessment document
Thank you, Botium Toys IT Manager
After you review the audit scope, goals, and risk assessment, consider the following questions:
- What are the biggest risks to the organization?
- Which controls are most essential to implement immediately versus in the future?
- Which compliance regulations does Botium Toys need to adhere to, to ensure the company keeps customer and vendor data safe, avoids fines, etc.?
Conduct the next step of the security audit by completing the controls assessment.
To complete the controls assessment, open the supporting materials. Then:
- Review the list of Botium Toys’ assets
- Review each control name
- Review the control types and explanation
- Mark an X next to each control that needs to be implemented
- Note levels of priority (high, medium, and/or low; NA if not applicable)
Be sure to address the following elements in your completed activity:
Controls assessment
- All listed assets are accounted for in the controls selected
- Appropriate administrative, technical, and physical controls are selected (marked X)
- The priority level for each control selected is noted, based on the need for implementation
Compliance checklist - The compliance regulations and standards that Botium Toys needs to adhere to are selected
The following is a self-assessment for your controls assessment and compliance checklist. You will use these statements to review your own work. The self-assessment process is an important part of the learning experience because it allows you to objectively assess your security audit.
- Reviewed the scope of the audit then considered risks to companies customers, employees and assets.
- You selected controls
- You rated each of the controls you selected to determine if they need to be implemented now or later.
- You selected compliance regulations and standards that company adhere to.
- You explained why company needs to adhere to the selected compliance regulations and standards.