Red Clay Renovations is a company that is very well-known and praised for its renovation work (King, 2018). However, supporting this long-built excellence in home renovations is a very robust information technology (IT) system. With a very robust IT system comes a requirement for specific tools such as audit plans, in order to ensure the maximum defense against potential cybersecurity threats.
An audit plan that plays to this type of strength in reducing cyberattack threats and the potential of such threats is an audit of employee awareness of IT security policies. Studies have shown that company attacks happen very often due to human error and mistakes such as through phishing attacks, unwitting access to company systems, etc. (National Computing Centre, 2005), thus necessitating the testing of Red Clay Renovations employees’ knowledge of IT security policies. This is why this audit plan will be the most effective in curbing cyber threats.
Save your time - order a paper!
Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlinesOrder Paper Now
Outside consultants must conduct this audit. These consultants will report directly to the Chief Information Officer and the Chief Information Security Officer, who will then in turn brief Red Clay Renovations leadership in conjunction with these outside consultants. This is to ensure no bias during this type of fact-finding audit (HR Technologist, 2011).
All company information technology policies must be covered in order to test employee knowledge. Some examples include employee knowledge about Red Clay Renovations’ Acceptable Use Policy, the “Bring Your Own Device” Policy, as well as the Security Education, Training, and Awareness program (King, 2018). With most employees needing to use the Red Clay Renovations network daily, these employees must be tested on the policies and procedures allowing said access.
This audit must be conducted in the middle of the fiscal year. This is to prevent any disruption to Red Clay Renovations workflow, as Red Clay Renovations is particularly busy at most other times of the year due to tax compliance, financial information disclosure requirements at the end of the fiscal year, and so on and so forth.
This audit must be conducted at all locations, to include Red Clay Renovation headquarters. It is important that all locations be tested because different locations may have been adhering to different policies and procedures in the past. It is important to ensure standardization among all Red Clay officers.
The audit that must be conducted is one that tests employees’ IT awareness of company security policies and procedures. This type of audit is effective at ensuring employee knowledge of said policies and procedures in order to raise and maintain a workforce who understands and adheres to these policies and procedure in order to mitigate any risk from cybersecurity threats (Goodchild, 2010).
Goodchild, J. (2010). Security awareness – helping employees really get company policy. Retrieved from https://www.csoonline.com/article/2126196/security…
HR Technologist (2011). How to improve employee IT security awareness. Retrieved from https://www.hrtechnologist.com/articles/safety/how…
King, V. J (2018). Red Clay Renovations Company Profile. Retrieved from https://learn.umuc.edu/d2l/le/content/349440/viewC…
Swanson, M., Hash, J., & Bowen, P. (2006). Guide for developing security plans for federal information systems (NIST SP 800-18, Rev 1). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-18-…