Scribd Logo
Upload

Welcome to Scribd!

  • Audit Report 3

    Uploaded by

    peterbotts40
    17 views5 pages
    This audit report provides a summary of an audit of St. Paul's University's database. The audit found that the database meets some COBIT 5 requirements but needs improvement in several areas like data privacy, retention, and backup/recovery testing. Risks identified include data breaches, loss, and inaccuracy. Recommendations include implementing stronger privacy controls, retention policies, backup testing, and centralized governance. Adopting encryption, monitoring, improved backups, and disaster recovery are suggested solutions.

    Original Description:

    Audit report

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This audit report provides a summary of an audit of St. Paul's University's database. The audit found that the database meets some COBIT 5 requirements but needs improvement in several areas like data privacy, retention, and backup/recovery testing. Risks identified include data breaches, loss, and inaccuracy. Recommendations include implementing stronger privacy controls, retention policies, backup testing, and centralized governance. Adopting encryption, monitoring, improved backups, and disaster recovery are suggested solutions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    17 views5 pages

    Audit Report 3

    Uploaded by

    peterbotts40
    This audit report provides a summary of an audit of St. Paul's University's database. The audit found that the database meets some COBIT 5 requirements but needs improvement in several areas like data privacy, retention, and backup/recovery testing. Risks identified include data breaches, loss, and inaccuracy. Recommendations include implementing stronger privacy controls, retention policies, backup testing, and centralized governance. Adopting encryption, monitoring, improved backups, and disaster recovery are suggested solutions.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 5

    AUDIT REPORT: ST.

    PAUL'S UNIVERSITY DATABASE

    PREPARED BY PETER BOTTS

    BCISLMR194122

    CSC 3104 IS AUDIT

    LEC LUCY NDUNG’U


    Executive Summary:

    This audit report provides a comprehensive analysis of St. Paul's University Database,
    focusing on its compliance with the COBIT 5 framework. The audit assesses the necessary
    requirements, highlights the advantages and disadvantages, and provides recommendations
    and possible solutions to enhance the security, availability, and reliability of the database.

    1. Introduction:

    St. Paul's University relies heavily on its database infrastructure to store and manage critical
    information related to students, faculty, administration, and other stakeholders. Ensuring the
    integrity, confidentiality, and availability of this data is of utmost importance. This audit
    report aims to evaluate the effectiveness of the university's database management practices
    and identify areas that require improvement.

    2. COBIT 5 Framework:

    COBIT 5 is a widely recognized framework that provides guidelines and best practices for
    effective governance and management of enterprise IT. It consists of five main domains:
    Evaluate, Direct, and Monitor (EDM); Align, Plan, and Organize (APO); Build, Acquire, and
    Implement (BAI); Deliver, Service, and Support (DSS); and Monitor, Evaluate, and Assess
    (MEA). These domains help organizations establish control objectives, align IT with business
    goals, and optimize IT-related processes.

    3. Audit Scope and Objectives:

    The scope of this audit encompasses the St. Paul's University Database, including the
    underlying infrastructure, data management processes, security measures, and disaster
    recovery capabilities. The primary objectives of this audit are to:

    Assess the compliance of the database with COBIT 5 framework requirements.

    Identify potential risks and vulnerabilities within the database system.

    Evaluate the effectiveness of security controls and data protection measures.

    Provide recommendations and possible solutions for enhancing the overall database
    management practices.

    4. Audit Findings:

    4.1 Requirements Assessment:


    The database system at St. Paul's University meets several COBIT 5 requirements, such as
    data accuracy, data integrity, and data availability. However, certain areas require
    improvement, including:

    Data Privacy: The database lacks robust data privacy controls, such as encryption and access
    restrictions, to protect sensitive information adequately.

    Data Retention: The University should establish clear policies and procedures for data
    retention, ensuring compliance with legal and regulatory requirements.

    Backup and Recovery: Although backups are performed regularly, the testing of backup
    restoration procedures is inadequate, posing a risk to data recovery in case of system failures.

    4.2 Advantages and disadvantages

    Advantages:

    The database system is accessible and available to authorized users, facilitating efficient data
    retrieval and management.

    The university has implemented basic security controls, such as user authentication and role-
    based access control, to protect the database from unauthorized access.

    Regular backups are conducted, reducing the risk of data loss due to hardware or software
    failures.

    Disadvantages:

    Inadequate data privacy controls expose sensitive information to potential breaches and
    unauthorized access.

    Limited disaster recovery testing and incomplete documentation of procedures hinder the
    ability to recover the database in the event of a major system failure.

    Lack of a centralized database governance framework makes it challenging to enforce


    consistent data management practices across the university.

    4.3 Risk Assessment:

    A risk-based approach was used to identify potential risks and vulnerabilities within the
    database system. The key risks identified include:
    Data Breaches: Insufficient data privacy controls increase the risk of unauthorized access,
    leading to data breaches and potential reputational damage.

    Data Loss: Inadequate backup testing and documentation pose a risk of data loss in case of
    system failures or disasters.

    Data Inaccuracy: Without proper data validation and integrity checks, there is a risk of
    inaccurate or inconsistent data, leading to errors in decision-making processes.

    5. Recommendations:

    Based on the audit findings and risk assessment, the following recommendations are
    provided:

    Implement a comprehensive data privacy framework, including encryption, access controls,


    and regular security assessments, to protect sensitive information from unauthorized access.

    Develop and enforce clear data retention policies, ensuring compliance with applicable laws
    and regulations.

    Enhance backup and recovery procedures by regularly testing restoration processes and
    maintaining up-to-date documentation.

    Establish a centralized database governance framework, including data management policies,


    procedures, and responsibilities, to ensure consistent practices across the university.

    Conduct regular security awareness training for database users and administrators to promote
    a culture of security and data protection.

    6. Possible Solutions:

    To address the identified risks and improve the overall database management practices, the
    following possible solutions are recommended:

    Implement data encryption mechanisms, such as transparent data encryption, to protect


    sensitive data at rest and in transit.

    Deploy intrusion detection and prevention systems to monitor and prevent unauthorized
    access attempts and suspicious activities.

    Establish a data backup strategy that includes off-site backups and periodic testing of
    restoration processes.
    Adopt a disaster recovery plan that outlines the steps and procedures for recovering the
    database in the event of a major system failure or natural disaster.

    Develop and enforce data classification policies to categorize data based on its sensitivity and
    implement appropriate access controls accordingly.

    7. Conclusion:

    This audit report evaluated St. Paul's University Database against the COBIT 5 framework
    and identified areas that require improvement to enhance the security, availability, and
    reliability of the database. By implementing the recommended solutions, the university can
    strengthen its data protection practices, mitigate potential risks, and ensure compliance with
    applicable regulations. Continuous monitoring and periodic audits will be essential to
    maintain the effectiveness of the database management practices and address emerging
    threats in the future.

    REFERRENCE

    St Paul’s University ICT Lab.

    St Paul’s University Database system

    You might also like