Free Essay Example. Planning and Audits

Planning and auditing are critical consideration that needs to be given priority when setting up an information system designed for an organization to improve the production and operation process of organization management. Audit planning entails specific approaches that initiated efficiency and time-saving when carrying out an internal process that should follow a particular strategic plan. As personnel in charge of the IT compliance auditing system, there are specific aspects such as examination of the requirements, development of the strategic plan, creating documentation processes, and anticipating corrective mechanisms that need to be put into consideration. Therefore, the purpose of this paper focuses on specific aspects that need to be put into account during the creation of a strategic plan for the anticipated IT compliance auditing system domain for an organization.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Information Security Systems Requirements for Application Domain.

An application domain is one of the critical mechanisms that uses familiar language infrastructure to make specific isolation by executing software applications differently to prevent from affecting each other during operations. To secure the application domain needs to put into consideration means of keeping the IT system secure by setting up a robust protective password, designing safe systems, using a virus scanner, and maintaining the software updated alongside conducting regular screening and system background checking. Apart from taking into consideration the mechanisms to secure application software (Alcaraz & Zeadally,2015). It is a requirement to familiar with basic principles of information confidentialities, availability, and information integrity during the establishment of an information system for an application domain. Based on this requirements, the chief information officer needs to aware of the IT planning requirement, which should gather for all security, protection, and maintenance of the of application software by ensuring risk management strategies are in place to enable sustainable operations of the information system software or application software domain.

Controls Needed for Securing the System/Application Domain

Application Domain requires control mechanisms to countermeasure external threats to safeguard the application domain or system software, hardware installing its procedural methods. For instance, the most common underlying control mechanism to countermeasure most external threats and risks caused by viruses is achieved through the installation of a firewall that limits files execution by the particular installed program. The control mechanism of the Application domain needs a router, which is responsible for countermeasure virus threats, which can prevent the information system IP address of a private computer to be visible on the internet. The other vital information system control mechanisms which can be put in place to provide essential control of Application domain control include installation of network encryptions, anti-virus threat program, biometrics authentication system, and spyware detection. Based on these, the information system needs the entity mechanism for ensuring that control strategic plans for Application domain are designed to provide preventions against malicious codes such as but not limited to spyware, worms and Personal computer viruses to compromise with information system principles of information confidentialities, availability and information integrity during establishment of an information system for an application domains.Potential corrective measures for audit findings in the system/application domain.

To have risk control mechanisms, an audit needs to accompany any project at all the stages for the corrective action plan to be taken to ensure the direction being considered is the right one. Individual observation and also ensure that there is the correction of the system quality.as much as possible, efforts should be put to ensure that there is a focus on the root cause of what has been observed. It, therefore, is essential to ensure that the right problem is identified and that the right solution is given to that problem. This is because if care is not taken, resources could be wasted when fixing the wrong question.

Time is also an essential factor in consideration. Therefore, there should be a reasonable timeframe set aside provided in the previous audit reports.in most cases the time for audit is usually two weeks but if there is much observation to be done, an extension of time can be done to give ample time to allow action of plan, depending on the action needed, time can vary.

A member of the audit team should be tasked to do the tracking of corrective action task completion. Commitment to the end of the task should be taken with much seriousness, and in case it is noted that a particular job will not be completed within a specified period, then the supervisor should be notified (Chen,2016). Delays, in most cases, demonstrates that there is no commitment the senior management should not tolerate this. This is because failure to comply, liability is created; thus, losses and action should be taken against those individuals or even termination of their contract. the auditing should also be done at the right time for it to be effective. It should not be too late neither should it be very early

Compliance Requirements for the System/Application Domain

The scope of IT compliance auditing comes in all shapes and sizes based on the auditing presentations in systematic and measurable assessments that need to be put into considerations within organizational environments. The auditing for information system compliances regarding the ongoing corporate process by making sure effective security principles and policy control of an Application Domain controls (El Sadany, Schmittner, & Kastner,2019). To achieve a sustainable information system, an organization that is establishing the Application Domain needs to comply with external standards and regulations that assemble the policy infrastructure. It is also essential for an organization to meet all the expectations by enforcing infrastructure. Therefore, the policy requirement should not just focus on the technical measures alone but also putting more consideration into nontechnical mechanisms.

It is also a requirement of an organization to establish firm organizational governance frameworks which consist of applicable regulations that set up a high level of qualification which facilitate securing control of information system and IT infrastructure. Once the policy framework complies, an organization needs to implement the specific control to provide security control for the Application Domain.

The general procedures and best practices for system/application domain compliance

To design an information system that protects data privacy, it is essential to follow specific procedural guidelines. In most an organization keep vital information about their daily activities and personal information of their esteem clients. The general procedure that needs to put into consideration should revolve around Data collections, storage, usage, retentions, and destruction practice, and procedures. An organization needs to comply with the general procedures that govern all the practices that protect organizational data during the installation of an information system in an organization. The general process should follow the following data life cycle, as shown in the figure below, to comply with Application Domain regulations (Castrica et al.,2018).

In conclusion, As personnel in charge of the IT compliance auditing system, there are specific aspects such as examination of the requirements, development of the strategic plan, creating of documentation processes, and anticipating corrective mechanisms that need to be put into consideration.

References

Castrica, M., Ratti, S., Milicevic, V., Colavita, G., Ranghetti, F., Lucchini, M., ... & Balzaretti, C. M. (2018). GOOD HYGIENE PRACTICES IN THE RECOVERY FOOD SUPPLY CHAIN: CASE STUDY AND GRADING SYSTEM APPLICATION FOR CHARITABLE ORGANIZATIONS. Facta Universitatis, Series: Working and Living Environmental Protection, 235-242.

Alcaraz, C., & Zeadally, S. (2015). Critical infrastructure protection: Requirements and challenges for the 21st century. International journal of critical infrastructure protection, 8, 53-66.

Chen, X. Y. (2016, January). Three standard management system applications in research management. In 2016 International Forum on Management, Education, and Information Technology Application. Atlantis Press.

El Sadany, M., Schmittner, C., & Kastner, W. (2019, September). Assuring Compliance with Protection Profiles with ThreatGet. In International Conference on Computer Safety, Reliability, and Security (pp. 62-73). Springer, Cham.