A: In 1–2 pages,You
have recently been promoted to Chief Information Security Officer of a large
healthcare organization with 10 hospitals under management. Your fist task is
to design an information security audit to determine the state of cyber
security of your organization as you enter into your new role. You know that
the implementation of a robust and effective information security program is
only the start of providing for the confidentiality, integrity and availability
of information assets. Those tasked with the responsibility for information
security will also implement a routine audit of their information security
controls. The National Institute of Standards and Technology (NIST) publishes
the cyber security framework for improving critical infrastructure cyber
security. Review this framework and prepare a sample audit to be reviewed by
your organizations Chief Information Officer for approval. Your sample audit should
include the 5 primary areas of your information security program that you would
audit, the details of what you would audit for and a 1 paragraph summary per
section that describe your goals for that section of the audit. Click here to review the NIST Cyber Security
Framework.Please reference your work B: In 4–6 paragraphs,As you
prepare for the final presentation to the LSS management of your information
systems audit, you want to ensure that they will accept the audit results and
properly address the findings.A sound
project management practice for any project (and an audit can be considered a
project) is to conduct a postmortem of the audit. Take
this opportunity to do the following:
Describe the
audit process you have just competed for LSS.
Outline the
relationship between an information governance program and the culture of
compliance in an organization.
Discuss what
went well and what did not.
Talk about what
changes you would implement in the future to ensure the success of an
audit. Please reference your work