Scribd Logo
Upload

Welcome to Scribd!

  • Audit Workshop Part-1-4526719 PDF

    Uploaded by

    Vaddadi Murali
    41 views3 pages
    The document provides an overview of an audit report for physical security at an organization. It lists the roles that would need to be interviewed as part of the audit, such as the Chief Information Security Officer and facilities management. A series of sample questions are then presented that would be asked of these roles regarding physical access controls, server room security, employee access monitoring, emergency procedures, and policy documentation. The document notes that several important pieces of information are missing from the audit report, such as the audit date/time, recommendations, auditors involved, findings, and involvement of HR.

    Original Description:

    Original Title

    Audit Workshop Part-1-4526719.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document provides an overview of an audit report for physical security at an organization. It lists the roles that would need to be interviewed as part of the audit, such as the Chief Information Security Officer and facilities management. A series of sample questions are then presented that would be asked of these roles regarding physical access controls, server room security, employee access monitoring, emergency procedures, and policy documentation. The document notes that several important pieces of information are missing from the audit report, such as the audit date/time, recommendations, auditors involved, findings, and involvement of HR.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    41 views3 pages

    Audit Workshop Part-1-4526719 PDF

    Uploaded by

    Vaddadi Murali
    The document provides an overview of an audit report for physical security at an organization. It lists the roles that would need to be interviewed as part of the audit, such as the Chief Information Security Officer and facilities management. A series of sample questions are then presented that would be asked of these roles regarding physical access controls, server room security, employee access monitoring, emergency procedures, and policy documentation. The document notes that several important pieces of information are missing from the audit report, such as the audit date/time, recommendations, auditors involved, findings, and involvement of HR.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    INFO8480-20F-Audit Report Part 1

    Audit Workshop – Part 1

    Venkata Satya Surya Naga Murali Vaddadi

    8684731

    INFO 8480

    Mel Walker

    November 27,2020
    INFO8480-20F-Audit Report Part 1

    1. I would talk to Chief Information Security Officer, who would be overall


    responsible for all the Security related implementations including Physical
    Security. In addition to that I would also talk to Facilities Management (Jim
    Broom and Team) and System Administrators and Receptionist .

    Sample Questions
    1. What kind of authentication methods they are implementing to access the server
    room from unauthorized access? Are they following Multi Factor authentication ?
    2. What is the time interval to change the lock combinations ?
    3. Are the doors to sever room are fireproof secured ?
    4. What extent premises monitored by CCTV and how they are stored ?
    5. What is the count of fire extinguishers placed inside the server room ?
    6. What are the temperature conditions and maintenance of HVAC ?
    7. What are the precautions and security measures taken to avoid USB and flash
    drives into server room ?
    8. How many people are allowed inside server room at one time ?
    9. What are the office timings?
    10. What are the security measures taken to allow third-party persons inside office
    premises ? What about the Record maintaining about their details with IN and
    OUT Timings ?
    11. Who are the list of approvers and method of approving to access ?
    12. What kind of cabling and electrical ducts used are they ISO certified ?
    13. What about the Bills and Invoices of the equipment’s purchased? And are the
    warranty documents are stored properly both soft copy and hardcopy
    14. How the data is stored regarding the employee access and how frequently
    backup is taken ?
    15. Do fire alarm drills conduct in regular intervals and involves all employees ?
    16. Is the floor plan is approved and all the emergency exists are available during
    emergency ?
    17. Are sign boards placed properly with all required signs ?
    INFO8480-20F-Audit Report Part 1

    18. Where is the policy documents and what are the policies involved with revision
    information ?

    2. Information related to Audit date and time were missing, along with the
    recommendations, team of Auditors who performed audit ,Findings, Summary,
    involvement of Human Resource management team were also missing from the
    given material.

    You might also like