1 hour 21 minutes
Greetings, everyone. Welcome to separate security Audit Overview
Auto Completion The last episode in this course
I think I'm gonna miss you guys.
Yeah, okay. I'm not All right. Let's get moving.
Learning objectives. In his video, you will learn how to compile all the results to present audit results
and how audit results help an organization.
All right, compiling water results
after the orders have done their control. Validation, verification,
they take all the information that they collected
and they compile it
into their auditor results.
Now, the results free charter is gonna be different based on the areas that they looked at. So each order is expected to review their results for content as well as accuracy. And they're also expect to provide a submarine.
Now, the summer you can just think of as an executive summary to three paragraphs.
Nothing too technical or detailed. Just an overall view of what the auditor thought about the programs that looked at.
Now the orders then provide the results of a team leader.
The team leader collects all of the results from all different orders,
and it starts to create the audit report. Now, once the auto report has been completed.
It is then reviewed.
Now, there you congee, either by the team Lear,
a team or third party.
And this review is important because it is the final review prior to presentation. Alright, Compiling water results Now. This whole entire slide is a knowledge bomb.
Let's get into the details. Your cyber security audit results and reports should be considered classified information. No. Why is that?
Well, you just took a look at your cybersecurity program.
You validate it, its strengths and you identified its weaknesses.
You know what single document
would be more beneficial to a hacker than that
identified the controls which are designed to mitigate risks.
You identify whether they're working or not.
All that information should be considered classified
and should be controlled and protected.
The only people that really need to see this audit result
are those with a need to know
those within the organization.
You know, those within cyber security
encryption? Well, that's up to you, but it should be filed and she on Lee be kept for a certain amount of years. According your policy.
Munch are The results have been collated
and collected into a single report,
it's time to present their report.
No formal presentation normally involves a meeting.
Normally, it's the audit teen employees that were audited and senior leadership
that participates in the meeting.
During the meeting,
there's gonna be a briefing, daughter reports when we reviewed
and the team members gonna provide summaries of the results.
Now it's important to understand that once the report has been submitted that completes the audit.
Now the opposite of a formal presentation is an informal presentation,
and that's usually based on organizations, protocol or desires.
Now it may involve a meeting between leadership, the program manager, and you ought it leader.
Or it can involve the auto report simply being submitted to either a leadership for review and then Todt
first, the oddity for review and then to leadership.
And once again,
once the report has been submitted
formally or informally, that complete seal on it.
All right, several security audit benefits
and you talk to warn you
throughout the course, we've been talking about situational awareness for management, but there's also other benefits.
It identifies good and bad results.
Now this gives management the opportunity to reward the good
or unfortunately, is often happens. Ignore the good
and focus on investigating the bad
down. The auto report also provides a basis for corrective actions.
Well, that's the program manager. Know what is wrong. The one needs to be corrected,
and then he can use That Oughta Report
is a checklist
now the slide believer not. It's actually another knowledge bomb,
and it comes from personal experiences that I've had
no feeling. An audit
is never a good thing,
but the results, on the other hand, can prove to be beneficial to you. Is a program manager,
for example, in order, failure may identify a need for funding.
For example, you need new or upgraded hardware software to comply with the control.
What better way of showing management
that you need that extra money?
Upgrade your hardware or software
in a lot of failure?
No, not a failure may also show a need for training.
For example, you have new employees, high turnover rate or give new equipment,
may identify the need to terminate employees. You,
but you have to make sure that you consult Human resource is first, you know, before you decide to terminate employees based on the results.
All right, a quiz.
The last one.
It's like the right answer or answers.
A completed Oughta report is
available to anyone who requests it
a baseline for corrective action
or presented to management and the program manager.
All right. The correct answers are B N. C. A Complete Oughta Report is a baseline for corrective action for the program manager.
We identified what was wrong. It's up to the program manager to define how he's gonna fix it as well as presented to management in the program manager.
Remember, the audio is not complete until the report has been presented to management and the program manager.
All right. In this last video, we discussed compiling auto results, presenting auto results and other results benefit.
I hope this course was beneficial to you
and on behalf of everyone from Sai Berry and myself.
Best of luck to you.
Let's try to work together to make sure that I t
secure for everyone.
Course Assessment - Cybersecurity Audit Overview