3.2 Audit Completion

00:00

Greetings, everyone. Welcome to separate security Audit Overview

00:04

Episode seven

00:07

Auto Completion The last episode in this course

00:13

I think I'm gonna miss you guys.

00:16

Yeah, okay. I'm not All right. Let's get moving.

00:21

Learning objectives. In his video, you will learn how to compile all the results to present audit results

00:28

and how audit results help an organization.

00:31

All right, compiling water results

00:34

after the orders have done their control. Validation, verification,

00:39

they take all the information that they collected

00:42

and they compile it

00:44

into their auditor results.

00:47

Now, the results free charter is gonna be different based on the areas that they looked at. So each order is expected to review their results for content as well as accuracy. And they're also expect to provide a submarine.

01:00

Now, the summer you can just think of as an executive summary to three paragraphs.

01:06

Nothing too technical or detailed. Just an overall view of what the auditor thought about the programs that looked at.

01:14

Now the orders then provide the results of a team leader.

01:18

The team leader collects all of the results from all different orders,

01:23

and it starts to create the audit report. Now, once the auto report has been completed.

01:30

It is then reviewed.

01:32

Now, there you congee, either by the team Lear,

01:36

a team or third party.

01:38

And this review is important because it is the final review prior to presentation. Alright, Compiling water results Now. This whole entire slide is a knowledge bomb.

01:51

Let's get into the details. Your cyber security audit results and reports should be considered classified information. No. Why is that?

02:00

Well, you just took a look at your cybersecurity program.

02:04

You validate it, its strengths and you identified its weaknesses.

02:08

You know what single document

02:12

would be more beneficial to a hacker than that

02:15

identified the controls which are designed to mitigate risks.

02:19

You identify whether they're working or not.

02:23

All that information should be considered classified

02:27

and should be controlled and protected.

02:30

The only people that really need to see this audit result

02:34

are those with a need to know

02:37

those within the organization.

02:38

You know, those within cyber security

02:43

encryption? Well, that's up to you, but it should be filed and she on Lee be kept for a certain amount of years. According your policy.

02:52

All right,

02:53

Munch are The results have been collated

02:55

and collected into a single report,

03:00

it's time to present their report.

03:02

No formal presentation normally involves a meeting.

03:06

Normally, it's the audit teen employees that were audited and senior leadership

03:12

that participates in the meeting.

03:15

During the meeting,

03:16

there's gonna be a briefing, daughter reports when we reviewed

03:21

and the team members gonna provide summaries of the results.

03:24

Now it's important to understand that once the report has been submitted that completes the audit.

03:32

Now the opposite of a formal presentation is an informal presentation,

03:38

and that's usually based on organizations, protocol or desires.

03:42

Now it may involve a meeting between leadership, the program manager, and you ought it leader.

03:49

Or it can involve the auto report simply being submitted to either a leadership for review and then Todt

03:59

or B

04:00

first, the oddity for review and then to leadership.

04:03

And once again,

04:06

once the report has been submitted

04:10

formally or informally, that complete seal on it.

04:15

All right, several security audit benefits

04:17

and you talk to warn you

04:19

throughout the course, we've been talking about situational awareness for management, but there's also other benefits.

04:26

It identifies good and bad results.

04:29

Now this gives management the opportunity to reward the good

04:33

or unfortunately, is often happens. Ignore the good

04:38

and focus on investigating the bad

04:42

down. The auto report also provides a basis for corrective actions.

04:46

Well, that's the program manager. Know what is wrong. The one needs to be corrected,

04:50

and then he can use That Oughta Report

04:54

is a checklist

04:58

now the slide believer not. It's actually another knowledge bomb,

05:00

and it comes from personal experiences that I've had

05:04

no feeling. An audit

05:06

is never a good thing,

05:10

but the results, on the other hand, can prove to be beneficial to you. Is a program manager,

05:17

for example, in order, failure may identify a need for funding.

05:23

For example, you need new or upgraded hardware software to comply with the control.

05:29

What better way of showing management

05:32

that you need that extra money?

05:35

Upgrade your hardware or software

05:39

in a lot of failure?

05:42

No, not a failure may also show a need for training.

05:46

For example, you have new employees, high turnover rate or give new equipment,

05:53

and unfortunately,

05:55

another failure

05:57

may identify the need to terminate employees. You,

06:00

but you have to make sure that you consult Human resource is first, you know, before you decide to terminate employees based on the results.

06:10

All right, a quiz.

06:12

The last one.

06:14

It's like the right answer or answers.

06:16

A completed Oughta report is

06:19

available to anyone who requests it

06:23

a baseline for corrective action

06:26

or presented to management and the program manager.

06:30

All right. The correct answers are B N. C. A Complete Oughta Report is a baseline for corrective action for the program manager.

06:41

We identified what was wrong. It's up to the program manager to define how he's gonna fix it as well as presented to management in the program manager.

06:51

Remember, the audio is not complete until the report has been presented to management and the program manager.

07:00

All right. In this last video, we discussed compiling auto results, presenting auto results and other results benefit.

07:08

I hope this course was beneficial to you

07:12

and on behalf of everyone from Sai Berry and myself.

07:16

Best of luck to you.

07:18

Let's try to work together to make sure that I t

07:24

secure for everyone.