Posted: August 2nd, 2022

Planning an IT Infrastructure Audit for Compliance

Overview
Note: Chapter 5 of the required textbook may help you complete the assignment.

The audit planning process directly affects the quality of the outcome. A proper plan ensures that resources are focused on the right areas and that potential problems are identified early. A successful audit first outlines the objectives of the audit, the procedures that will be followed, and the required resources.

Instructions
Choose an organization you are familiar with and develop an 8–10 page IT infrastructure audit for compliance in which you:

Define the following:
Scope.
Goals and objectives.
Frequency of the audit.
Duration of the audit.
Identify what you consider to be the critical requirements of the audit and provide a rationale for your choices.
Choose privacy laws that apply to the organization and identify who is responsible for privacy within the organization.
Develop a plan for assessing IT security for your chosen organization by conducting the following:
Risk management.
Threat analysis.
Vulnerability analysis.
Risk assessment analysis.
Explain how to obtain information, documentation, and resources for the audit.
Analyze how each of the seven domains aligns within your chosen organization.
Align the appropriate goals and objectives from the audit plan to each domain and provide a rationale for your alignment.
Develop a plan that:
Examines the existence of relevant and appropriate security policies and procedures.
Verifies the existence of controls supporting the policies.
Verifies the effective implementation and ongoing monitoring of the controls.
Identify the critical security control points that must be verified throughout the IT infrastructure and develop a plan that includes adequate controls to meet high-level defined control objectives in this organization.
Use at least three quality resources in this assignment. Note: Wikipedia and similar websites do not qualify as quality resources.
This course requires the use of Strayer Writing Standards. For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions.

The specific course learning outcome associated with this assignment is:

Develop an IT infrastructure audit for compliance.

Planning an IT Infrastructure Audit for Compliance
Student’s Name:
Institution:

Planning an IT Infrastructure Audit for Compliance
The IT infrastructure audit is a significant component in an organization that ensures that the IT infrastructure is connected and running in the most optimal way to meet its different goals and objectives. The infrastructure audit is implemented in a process and stages that evaluate every section of the interconnected security infrastructure to ensure that they are effectively designed and modeled to meet their duties and responsibilities (Ana and Garcia, 2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). In this regard, there is a need to have a sufficient audit planning process to ensure that the quality of the audit is effectively improved. There is a need for effective planning to ensure that resources are directed in the right areas, and the potential problems are identified well in advance. The IT infrastructure audit must be procedurally implemented to ensure that all the necessary components are effectively factored in. The audit ensures that the IT system’s vulnerabilities and gaps are identified and the relevant countermeasures adopted to ensure that the system operates effectively and efficiently to meet its different goals and objectives.
Scope
Scope of the IT infrastructure Audit determines the audit’s level and extent as determined by the objectives of the audit or the reasons the audit was established. The audit could be done for the entire organization or on specific departments or areas. The audits are done to control adequacy and effectiveness. In this regard, the scope will ensure adequate control of adequacy by taking relevant controls on the policies, procedures, and practices to achieve goals and avoid the associated risks (Weiss and Solomon, 2015 – Research Paper Writing Help Service). In this case, the scope will evaluate the operation of the entire computer and network system to ensure that it’s compliant with the different goals, policies, procedures, and best practices. Additionally, the different departments’ operating system will be evaluated to determine their effectiveness and efficiency in delivering different goals and objectives.
Goals and objectives
The IT infrastructure Audit, in this case, has different goals directed towards ensuring that availability, confidentiality, and integrity of data and system is achieved in the organization. The advancement in technology and innovation ensures that organizations are run through data to make analysis and assessment in decision making. In this regard, the infrastructure system must be effectively evaluated (Weiss and Solomon, 2015 – Research Paper Writing Help Service). The specific audit objectives take the enhancing system continuity through its availability and reliability, management and maintenance, enhancing the security standards through evaluation of logical and physical access, provision of reasonable assurance that control objectives are achieved, substantiation of risks as occasioned by different weakness and ensure that corrective measures are adopted to ensure that the system remains productive.
Frequency of the audit
It is vital to note that the technology is dynamic; thus, there is a need for regular IT infrastructure audits to ensure that the system’s vulnerabilities are eliminated and instead corrective measures adopted. In this regard, the IT audit needs to be done after every three months, thus ensuring that organizational IT systems are streamlined to the organizational goals.
Duration of the audit
The audit duration needs to be co9nducted in one week, where the audit will be conducted concurrently in the main office and the subsidiary offices.
Critical requirements of audit
The conduct of the audit needs to be enhanced by ensuring the availability of different requirements. In this regard, there is a need for all IT audit professionals to conduct the audit work that includes preparations, evaluation, and analysis of the existing IT infrastructure (Maghriby, 2018: 2024 – Write My Essay For Me | Essay Writing Service For Your Papers Online). Consequently, there is a need for the hardware and software to be used to implement the IT audit. The IT infrastructure audit staff use the hardware and software components to collect data required to assess and evaluate the IT systems and infrastructure. Furthermore, there is a need for open communication in the audit’s conduct between the auditors and the business to ensure that auditors can get certain documents such as system inventory records for the conduct of the audit. The different requirements are needed based on the function they play in the conduct of the audit.
Privacy laws applied at the hospital
The IT audit Infrastructure will adhere to the Health Insurance Portability and Accountability Act (HIPAA) or the privacy rule. The privacy rule sets a baseline for the protection of certain individually identifiable health information. The patient can choose if their information treatment, payment, and healthcare operations can be disclosed for certain purposes (Tendam, 2018: 2024 – Write My Essay For Me | Essay Writing Service For Your Papers Online). Therefore, the HIPAA security rule offers technical, physical, and administrative safeguards to the patients’ medical records. In this regard, the IT infrastructure audit needs to be conducted in adherence to the HIPAA to ensure that privacy for medical records is upheld.

IT Security Assessment
Risk management
Risk management takes the identification, assessment, and controlling threats to an organization. The threats can be in different forms, such as financial uncertainty, strategic management errors, legal liabilities, and accident and natural disasters to the IT infrastructure (Bichou, 2015 – Research Paper Writing Help Service). The risk management process would take risk identification, risk analysis, risk evaluation, risk treatment, and monitoring and reviewing the risk. This approach ensures that risks are effectively managed and eliminated.
Threat analysis
The threat analysis takes the process of determining the components of the system needed to be protected. This approach evaluates the types of threats that should be protected from affecting the IT infrastructure (Zalewski et al., 2013). Threat analysis is implemented by determining the scope of threat assessment, collecting data to cover threat assessment, identifying potential vulnerabilities, analyzing threats to uncover and assigning a rating, and eventually the performance of threat analysis.
Vulnerability analysis
The vulnerability assessment entails the identification, evaluation, and assessment of susceptibility to natural and technological hazards. The vulnerability assessment process takes the initial assessment where the IT assets at risk and critical value for each device, such as the security assessment vulnerability scanner (Correa and Yusta, 2013). Consequently, system vulnerability is done to determine the quality of the device and infrastructure and its configuration. Moreover, there is the performance of the vulnerability scan that evaluates the compliance requirements based on the hospital posture and business. Additionally, there is the drawing of the vulnerability assessment report creation that summarizes the details of the vulnerability in the system and a recommendation of the mitigation techniques.
Risk assessment analysis
The risk assessment analysis identifies risk factors with the potential to cause harm in an institution (Correa and Yusta, 2013). The risk assessment analysis process takes the identification of hazards, deciding parties that are likely to be harmed and how, evaluation of risks identified and settle on precautions, recording of finding and their implementation, and a review of your risk assessment and update it if necessary.
Obtaining information for the audit
The conduct of an IT infrastructure audit will be effective by collecting sufficient data to inform the research. In this regard, the information will be collected from the computer systems. The computer system tracks the operation within the IT infrastructure and presents reports and data adopted in the audit (Steinbart et al., 2018: 2024 – Write My Essay For Me | Essay Writing Service For Your Papers Online). Consequently, the audit’s hardware and software tools will favorably collect the needed data for the audit depicting the operation within the IT infrastructure. Additionally, data for the audit can be collected through surveys and interviews with the different IT professionals working within the IT system with questions directed at establishing the performance and issues to assist in the audit, such as on compliance with different policies and procedures and regulations.

Alignment of the seven domains with the hospital
The typical IT infrastructure is composed of seven domains. In this regard, the user domain represents all the users with access to the other domains (Kim and Solomon, 2013). This includes the end-users accessing information at the hospital, such as the employees in the different hospital departments such as accountants or physicians.
The workstation Domain takes the computer of an individual user where the production takes place, and they enable the users to connect to the actual IT infrastructure (Kim and Solomon, 2013). The hospital’s workstation ensures the generation of medical results, transferring them to different departments such as pharmacy or the physicians and the billing section.
The LAN Doman includes workstations, routers, switches, and hubs, making up the local area network (Kim and Solomon, 2013). The hospital uses the LAN Domain to communicate and interact within the hospital on the internal affairs.
LAN/WAN Domain is composed of the boundary between the trusted and untrusted zones where LAN connects to the internet (Kim and Solomon, 2013). The zone is filtered with a firewall. This domain represents the hospital’s network system, linking it with the external parties such as the insurance providers.
System/Application Storage Domain is made up of the user-accessed servers such as databases and emails (Kim and Solomon, 2013). For instance, it includes the software running the hospital system operations such as collecting, accessing, and storing information.
Remote Access Domain includes a mobile user can access the local network virtually through the VPN (Kim and Solomon, 2013). The remote Access Domain in the hospital included the medical professionals, vendors, and contractors working from the field or home away from the hospital environment.
WAN Domain represents the internet and stands for wide area network. It refers to the hospital’s outside entities represented by the domain, such as websites and external endpoints (Kim and Solomon, 2013). WAN domain enables the hospital to connect with third parties such as the insurer providers.
Alignment of goals and objectives to the audit plan for each domain
The IT infrastructure domain needs to be aligned to the audit goals and objectives to ensure that its operations are effectively streamlined. The end-user domain needs to be aligned to the audit objective of substantiating risk due to control weaknesses (Kayser et al., 2015 – Research Paper Writing Help Service). This approach ensures that the end-users use the IT infrastructure and systems appropriately while avoiding risks and threats.
The workstation domain needs to be aligned to adopting corrective measures in the general operations within the IT infrastructure and system (Kayser et al., 2015 – Research Paper Writing Help Service). The objective ensures that the workstations take effective and safe recommendations and incorporate them into the efficiency system.
The LAN domain needs to be aligned to the security objectives that ensure that security measures are adopted for physical and logical access (Kayser et al., 2015 – Research Paper Writing Help Service). The Security objective in the LAN Domain ensures that the internal communication in the hospital will not be interfered with or compromised by external parties.
The LAN/WAN Domain needs to be aligned to the security objectives to ensure that third parties or malicious parties do not gain unauthorized access to the system (Kayser et al., 2015 – Research Paper Writing Help Service). The domain involves using the internet; thus, there is a need for security measures such as the use of firewall to ensure that the internet and the system are not compromised.
The System/Application Storage Domain needs to be aligned to the continuity objectives that ensure that the storage is safe even after an attack or a threat (Kayser et al., 2015 – Research Paper Writing Help Service). The continuity ensures that the storage application and system are reliable, available, and backed up to ensure that the hospital can recover in the case of an attack or a risk.
The Remote Access Domain is aligned to management and maintenance objectives to ensure the VPN’s organizational communication system is improved through additions, up~ Hire our professional writers now and experience the best assignment help online with our custom paper writing service. We ensure your essays and assignments are expertly researched, written and delivered on time. ~ Grading, documentation, and the change of procedure (Kayser et al., 2015 – Research Paper Writing Help Service). This objective ensures that hospital communication is improved and secured.
The WAN Domain needs to be aligned with security, management, and maintenance to ensures that the external relations and interaction between the hospital and other parties are not compromised (Kayser et al., 2015 – Research Paper Writing Help Service). Interaction through the internet needs to be safeguarded and managed to achieve high levels of efficiency and effectiveness.
Plan development:
Examine the existence of relevant and appropriate security policies and procedures
Security policies and procedures are vital in the IT infrastructure to ensure that security threats and risks do not compromise operations. Therefore, there is a need to access and examine their existence in the IT infrastructure (Peltier, 2016: 2024 – Do my homework – Help write my assignment online). The existence of policies and procedures is evaluated from the compliance to the different policies and guidelines and their operation adherence. In this regard, one needed to establish rules and regulations adopted in the implementation of different duties. Consequently, one needs to classify the rules and regulations into different policies such as code of conduct, recruitment policy, internet, email policy, mobile phone policy, drug, alcohol policy, health, safety policy, grievance and handling discipline, and termination policy. Furthermore, the procedure is evaluated from the essential to stick to the different policies and enforce them fairly and reasonably (Cullingworth et al., 2013). The adherence to the procedure indicates that the different professionals observe the policies in their operations and decision making. Moreover, there is a need to establish the external regulations and compliances subjected to the hospital regulating its operations and decisions making. The regulations and compliances form part of the policies and procedures in implementing functions and decision making. More so, there is a need to establish control measures implemented to enhance the observation to ensure that the policies and procedures are observed. The controls can be in the form of output controls and behavioral controls subjected to the professionals to incline them to observe the set rules and regulations in implementing different duties and responsibilities. Additionally, there is a need to establish the impact of the policies and the procedures in meeting their intended goals. The hospital needs to evaluate if it can meet its goals and objectives by observing policies and procedures. The institution of policies in an organization is directed to help the organization meet its goals with certainty. Therefore, an organization’s success in its operations will certify the existence and operation of controls, policies, and procedures.

References
Ana, L., & García, F. M. (2014: 2024 – Essay Writing Service | Write My Essay For Me Without Delay). Do federal and state audits increase compliance with a grant program to improve municipal infrastructure (AUDIT study): study protocol for a randomized controlled trial. BMC public health, 14(1), 912.
Bichou, K. (2015 – Research Paper Writing Help Service). The ISPS code and the cost of port compliance: an initial logistics and supply chain framework for port security assessment and management. In Port Management (pp. 109-137). Palgrave Macmillan, London.
Correa, G. J., & Yusta, J. M. (2013). Grid vulnerability analysis based on scale-free graphs versus power flow models. Electric Power Systems Research, 101, 71-79.
Cullingworth, B., Caves, R. W., Cullingworth, J. B., & Caves, R. (2013). Planning in the USA: policies, issues, and processes.
Kayser, L., Kushniruk, A., Osborne, R. H., Norgaard, O., & Turner, P. (2015 – Research Paper Writing Help Service). Enhancing the effectiveness of consumer-focused health information technology systems through eHealth literacy: a framework for understanding users’ needs. JMIR human factors, 2(1), e9.
Kim, D., & Solomon, M. G. (2013). Fundamentals of information systems security. Jones & Bartlett Publishers.
Maghriby, B. (2018: 2024 – Write My Essay For Me | Essay Writing Service For Your Papers Online). Influence on Audit Process Effectiveness and Audit Infrastructure on Internal Audit Functions.
Peltier, T. R. (2016: 2024 – Do my homework – Help write my assignment online). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Steinbart, P. J., Raschke, R. L., Gal, G., & Dilla, W. N. (2018: 2024 – Write My Essay For Me | Essay Writing Service For Your Papers Online). The influence of a good relationship between the internal audit and information security functions on information security outcomes. Accounting, Organizations and Society, 71, 15-29.
Tendam, M. L. (2018: 2024 – Write My Essay For Me | Essay Writing Service For Your Papers Online). The HIPAA-Pota-Mess: How HIPAA’s Weak Enforcement Standards Have Led States To Create Confusing Medical Privacy Remedies. Ohio St. LJ, 79, 411.
Weiss, M., & Solomon, M. G. (2015 – Research Paper Writing Help Service). Auditing IT infrastructures for compliance. Jones & Bartlett Publishers.
Zalewski, J., Drager, S., McKeever, W., & Kornecki, A. J. (2013, January). Threat modeling for security assessment in cyberphysical systems. In Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop (pp. 1-4).

Order | Check Discount