Audit Scope
In the course of carrying out this security audit, I concentrated on a specific area where I primarily wanted to focus my attention. This was important because I believed that these areas are the backbone of this organization’s security. My audit work was to focus on the administrative, technical and physical security measures put in place by the organization.
Initially, I realized that the organization had many assets such as; computers, laptops, cameras, and printers that are used to protect the business information. My first assignment was centered on proving how these assets are capable of ensuring maximum security to the information stored on them.
Administrative and technical safeguards
On the issue of computers and laptops, I learned from the administration that each laptop was specifically assigned to a single person who was entrusted with a password known to him and the organization’s administration alone. To enhance the security of the passwords, each employee was required to select a password that entailed a combination of letters and numerical figures.
The length of the password was not to be less than eight digits, which implied that it was exemplary hard for an imposter to hack the password. In the same measures, the password could only be changed from a centralized position meaning that not even the employee himself was able to violate the security program.
Physical security measures
Similarly, I realized that the administration had come up with a security policy that required physical monitoring of security personnel in addition to installing exceptionally strong metallic doors and state-of-art, topmost security locks. There were equally signs inscribed on most doors of the organization’s premises prohibiting entry of non-staffs beyond designated points, which I also learned was another security measure to prevent unwanted people from having access to the customers’ information.
Besides security personnel, an officer was stationed at the entrance. His role was to allow entry to approved persons only after leaving behind their identification card in exchange for another card bearing the name “visitor”. Apart from the visitors’ badges, there were also other access cards that the holder could only strictly open the intended door. This beefed up the security mostly on the server room that was completely restricted to the employee on duty alone.
The other area I emphasized my audit on was the knowledge and competence of the workforce. I discovered that most of the workers dealing with customers’ information were well equipped with the necessary knowledge and experience pertaining protection of information. Most of them were capable of protecting the information stored from viruses and online threats, through the installation of up-to-date software and other programs such as firewalls and antivirus.
Similarly, these workforces were able to filter spasms from their email and were conversant with opening unexpected attachments that could cause harm to the stored data.
Personal opinion and recommendations
Among the areas, I found wanting from my audit was; accessibility of computers and laptops. Going by the rate at which technology is advancing, I felt that the organization needed to do more than just trust the security of its information on passwords alone. The presence of experienced hackers has almost rendered the use of passwords useless (Hance&Cimino, 498). By this, Hance&Cimino (498) meant that more security measures such as biometric technologies are now readily available in the market and can be more trusted than the use of passwords.
According to Hance&Cimino, by use of biometric technology, it will be extremely hard for anyone to manipulate the security of the laptop because this technology entails the use of customized or individual characters such as one pulse or fingerprint which is passed over the screen of the computer and in the process identify the rightful owner. Another area that the company needed to improve its security was the use of closed-circuit television popularly known as CCTV. By using CCTV, the organization will be able not only to keep track of any intruder during working hours but also at any other time.
Conclusion
By instituting IT, security measures such as; biometric and CCTV among other security measures, the organization will feel secure of its stored information and any other assets within its premises. Thus, the organization will worry less about any other threat that might affect their IT systems.
Work cited
HanceShortliffe, E, & Cimino James, J.Biomedical informatics: computer applications in health care and biomedicine, New York, NY: Springer publishers, 2006. Print.