AllenGregory-Assignment4

.docx

School

Full Sail University *

*We aren’t endorsed by this school

Course

CYB3841

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

2

Uploaded by JusticeMink2465

Report
1. Provide the name of the audit report and a clickable link to the report. Audit of the Information Systems General and Application Controls at American Postal Workers Union Health Plan Audit Link 2. Provide the date of the audit report. January 16, 2018 3. Provide the objective - overall. Do not copy and paste the entire section. The primary objective of this audit was to assess controls governing the confidentiality, integrity, and availability of data related to the Federal Employees Health Benefits Program (FEHBP) processed and maintained within the information technology (IT) environment of the American Postal Workers Union Health Plan (APWUHP). 4. What governed this audit report? (HINT: this is more than frameworks) This audit was conducted in accordance with the contractual obligations outlined in FEHBP contract CS 1370, 5 U.S.C. Chapter 89, and 5 Code of Federal Regulations (CFR) Chapter 1, Part 890. The audit was carried out by the U.S. Office of Personnel Management’s (OPM) Office of the Inspector General (OIG). 5. Given the age of the audit report, how do you think the report would be different if it were issued today. (Do not assume that anything at the auditee has changed, only work from the standpoint that the governing frameworks and standards may have changed). 6. What sections, if any, would you present in a different way? Introduction and Contextualization, Framework Alignment, Recommendations Emphasizing Emerging Threats, Incorporate Mention of Cloud Security, Enhanced Incident Response Section a) Why would you change the way it was originally presented? Mostly to be able to better adjust to the apropriate readers or Ceo and shareholders who are going to be reading this, so they have a more centralized and realistic view of what they are reading and why they are reading it. b) Please rewrite the section with the changes you would make. Introduction and Contextualization: Original Text: The original report might not explicitly provide the context of how the audit aligns with the contemporary threat landscape or recent cybersecurity trends. Revised Text: Enhance the introduction to include a brief overview of the evolving cybersecurity landscape, recent notable cyber incidents, or changes in regulations that could impact the relevance and urgency of the audit findings.
Framework Alignment: Original Text: The report may not explicitly mention the alignment with the most current cybersecurity frameworks or standards. Revised Text: Include a section that highlights the alignment of the audit with the latest cybersecurity frameworks, such as NIST Cybersecurity Framework or ISO/IEC 27001, to demonstrate the report's adherence to current industry standards. Recommendations Emphasizing Emerging Threats: Original Text: Recommendations might not address emerging threats or technologies not widely prevalent in 2018. Revised Text: Integrate recommendations that specifically address emerging threats like ransomware, zero-day vulnerabilities, or advancements in social engineering techniques. This ensures that the audit report remains relevant to current risks. Incorporate Mention of Cloud Security: Original Text: The original report may not extensively cover aspects related to cloud security, which has become more prevalent since 2018. Revised Text: Introduce a section or update existing sections to discuss the organization's approach to cloud security, if applicable. Address any unique risks associated with cloud services. Enhanced Incident Response Section: Original Text: The incident response section might not delve deeply into contemporary incident response best practices. Revised Text: Expand the incident response section to cover more advanced incident response practices, including threat hunting, improved detection capabilities, and coordination with external incident response teams. c) If you would not make any changes, support your decision. N/A
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help