Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Data destruction audit proposal

Published byVitória Damásio da Cunha Modified over 6 years ago

Similar presentations

Presentation on theme: "IT Data destruction audit proposal"— Presentation transcript:

1 IT Data destruction audit proposal
Ryan Boyce, sheena Thomas, candace nelson, Jason wulf, folake stella alabede

2 CRS InfoSec Solution’s Proposed Objective and Scope
Ensure effectiveness of the IT Data Destruction Policy and assess the sufficiency of associated controls and procedures Appropriate mechanisms to enforce and monitor adherence Compliance with Policy

3 Assets Subject to Audit
Hard Drives RAM Removable Storage Devices

4 Risk 1: The Wrong Hardware is Identified for Destruction
Preventive Controls Asset Inventory Management Tool Asset Tagging (e.g. Barcodes) Help Desk Ticketing Tool Detective Control Physical Inventory

5 Risk 2: Failure to Adequately Wipe Hardware
Preventive Control Help Desk Ticketing Tool Detective Control Independent Sampling Mitigating Control Physical Destruction

6 Risk 3: Wrong Hardware Transferred to Vendor
Preventive Controls Help Desk Ticketing Tool Service Level Agreement Detective Controls IT Oversight Certificate of Destruction

7 Risk 4: Vendor Fails to Adequately Destroy Equipment
Preventive Controls On-Site Destruction Visual Verification Certificate of Destruction Service Level Agreement Detective Controls Management Oversight

8 Other Controls to be Considered:
Segregation of Duties Monitoring Independent Oversight of IT Physical Inventories Employee Training Independent Audits of Systems Asset Inventory Management Tool Help Desk Ticketing Tool Contract Audits (e.g. Compliance with SLA’s)

9 Wrap Up Global leader in IT GR&C consulting > 15 years experience
Provides leading edge consulting services CISA, CISSP and COBIT certified auditors

10 Questions??

Download ppt "IT Data destruction audit proposal"

Similar presentations

Financial Monitoring Techniques

Financial Monitoring Techniques
Www.theiia.org WHO, WHAT, HOW Your Internal Audit Team …by your side. …at your service. …in your best interests.

WHO, WHAT, HOW Your Internal Audit Team …by your side. …at your service. …in your best interests.
 Capacity Development; National Systems / Global Fund Summary of the implementation capacities for National Programs and Global Fund Grants For HIV /TB.

 Capacity Development; National Systems / Global Fund Summary of the implementation capacities for National Programs and Global Fund Grants For HIV /TB.
1 FACTA ID Theft Programs Auditing for Compliance Steven Nyren, CRCM Sheshunoff Consulting & Solutions BCAC Program – September 2008.

1 FACTA ID Theft Programs Auditing for Compliance Steven Nyren, CRCM Sheshunoff Consulting & Solutions BCAC Program – September 2008.
Internal Controls Protect resources against waste and fraud Ensure accuracy and reliability Secure compliance Evaluate the level of performance in all.

Internal Controls Protect resources against waste and fraud Ensure accuracy and reliability Secure compliance Evaluate the level of performance in all.
October 3, 2006TCBC Meeting October, 2006Slide 1 TCB Code of Practice Art Wall

October 3, 2006TCBC Meeting October, 2006Slide 1 TCB Code of Practice Art Wall
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Security Controls – What Works

Security Controls – What Works
S11: Risk Based Audit Approach. Session Objectives  To define audit risks and establish the relationship between materiality and audit risk  To discuss.

S11: Risk Based Audit Approach. Session Objectives  To define audit risks and establish the relationship between materiality and audit risk  To discuss.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
HEDIS Audit – Appropriate Monitoring and Oversight of Vendors Presenter: Yolanda Strozier, MBA Project Manager, EQRO Services.

HEDIS Audit – Appropriate Monitoring and Oversight of Vendors Presenter: Yolanda Strozier, MBA Project Manager, EQRO Services.
OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.

OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
ISO 9000 Certification ISO 9001 and ISO 9000.3.

ISO 9000 Certification ISO 9001 and ISO
Fraud Prevention and Risk Management

Fraud Prevention and Risk Management
IT Service Delivery And Support Week Five IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA CISA CISSP) 1.

IT Service Delivery And Support Week Five IT Auditing and Cyber Security Spring 2014 Instructor: Liang Yao (MBA MS CIA CISA CISSP) 1.
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Consultancy.

Consultancy.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google