Are the policies being reviewed and approved by the appropriate oversight authorities (managers, IT governance board, etc.)?

Project 3 – IT Security Audit Policy & Plans

Issue Specific Policy requiring an annual compliance audit for IT security policies as documented in the company’s Policy System

Audit Plan for assessing employee awareness of and compliance with IT security policies

Are employees aware of the IT security policies in the Employee Handbook?

Do employees know their responsibilities under those policies?

Audit Plan for assessing the IT security policy system

Do required policies exist?

Have they been updated within the past year?

Are the policies being reviewed and approved by the appropriate oversight authorities (managers, IT governance board, etc.)?

Identify and discuss the products, services, and/or technologies which the company must purchase in the future to implement the recommended risk mitigation strategies.

Risk Management Strategy for an e-Commerce Company

Identify and discuss the products, services, and/or technologies which the company must purchase in the future to implement the recommended risk mitigation strategies.

Identify and qualify appropriate sources of technologies, products, and services.

Identify and fully discuss a minimum of three categories or types of cybersecurity products or services which this company will need to purchase in order to appropriately mitigate the identified risks.