MEMO to CIO: AUDIT of SEC & AWARENESS TRNG PGRM
Like Shawn Barnes

MEMO to CIO: AUDIT of SEC & AWARENESS TRNG PGRM

MEMO to CIO: AUDIT of SEC & AWARENESS TRNG PGRM

Description:

Published: January 7, 2017 0 0 845
By: Shawn Barnes, Cal State San Marcos
Category: Management
Hashtags: #Analysis #Audit #Communications #impact #Management #RecommendationReport #Research #ResearchAnalysis #riskmanagement #StrategicThinking

Weekly Prompt


You have been hired as Acme Rocket Company’s internal auditor. You are ready to start working on auditing their information security program. Your focus today is in the area of Training and Security Awareness. Your scope is past 3 years. You have the InfoSec Training Standard, which includes the following:


ARC Security Awareness and Training Program
1. The ARC ISO or designee is responsible for overseeing development and coordination of the information security awareness and training program. At a minimum, the program must:
a. Be completed by new employees within 21 days of the start of employment.
b. Include periodic information security awareness refresher training for all employees who access information assets on a schedule not to exceed three years. Security awareness refresher training may take the form of activities such as brown-bag sessions, information on special topics delivered via email and other presentations or publications
c. Maintain a record of the content, distribution and/or attendance, event and date of each security awareness training or outreach activity.


Your assignment is to come up with a list of questions to ask and also documents or reports you might need in order to complete the audit.

Attachments:

AUDITMEMO11.pdf 149.3 KB