In this assignment, you will learn to identify the role of frameworks in IT security domains and auditing compliance.
Review the Module Notes: Information Security Compliance Audit–Standards and Frameworks
You are a network administrator at XYZ, a large, publicly traded health care organization. XYZ has 25 sites across the region, 2,000 staff members, and thousands of patients. XYZ must meet its internal security policy and comply with the Health Insurance Portability and Accountability Act (HIPAA), among others.
You have been asked to meet with the Chief Information Security Officer (CISO) and the IT department manager to help them identify one or more frameworks for developing a set of formal control objectives for XYZ. The framework and control objectives will help the organization meet compliance audits and will become part of the long-term security strategy for the organization.
For this assignment:
Research Committee of Sponsoring Organizations (COSO), Control Objectives for Information and Related Technology (COBIT), and Service Organization Control (SOC).
Identify the best framework(s) that fits the organizational scenario.
Analyze the scenario based on the identified framework(s).
Develop a high-level plan to audit the identified framework(s) for compliance.
Draft a report that summarizes your findings and recommendations.
Your analysis should be 1–2 pages (no more than 500 words) in length. Your work should be submitted in a Word document, typed in double space, in 10– or 12–point Arial or Times New Roman font. The page margins on the top, bottom, left side, and right side should be 1 inch each. Assignments completed in a narrative essay or composition format must follow APA guidelines. This course will require students to use the citation and reference style established by the American Psychological Association (APA), and students should follow the guidelines set forth in Publication Manual of the American Psychological Association (6th ed.). (2010). Washington, D.C.: American Psychological Associatio