Develop an “intake” briefing for middle managers who will be assisting in the planning and execution of an internal audit of employee use of company owned laptops as part of the company’s “Work From Home” arrangements. The purpose of an “intake” briefing is to get everyone “on the same page” with respect to what will be done, who will do it, and what the roles & responsibilities of the managers will be during the audit (e.g. assist with employee contacts and “smooth ruffled feathers” amongst their workers).
Background: The purpose of the audit is to determine how the laptops are being used by the employees working from home (what corporate and non corporate systems, services, networks, and websites are being accessed) and to uncover, if possible, any misuse (e.g. usage that is outside of the company’s acceptable use policy). The audit should also look for evidence of laptops that are improperly configured or have vulnerable software installed.
Background: The company will follow the Information System Security Audit Process as defined by Harris & Maymi in the CISSP All-in-One Exam Guide, 8th edition. The steps are:
- Determine Goals
- Involve the right business unit leaders
- Determine the scope
- Choose the audit team
- Plan the audit
- Conduct the audit
- Document the results
- Communicate the results
Is this the question you were looking for? Place your Order Here