{"id":22111185,"url":"https://github.com/binhnhu1409/cybersecurity_conductsecurityaudit","last_synced_at":"2026-02-02T15:03:23.844Z","repository":{"id":198084972,"uuid":"699514230","full_name":"binhnhu1409/Cybersecurity_ConductSecurityAudit","owner":"binhnhu1409","description":"Conduct an internal security audit based on fictional company' scenario","archived":false,"fork":false,"pushed_at":"2023-10-04T13:52:44.000Z","size":2736,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-10T21:50:28.089Z","etag":null,"topics":["cybersecurity","security-audit"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/binhnhu1409.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-02T19:31:51.000Z","updated_at":"2023-10-25T19:56:35.000Z","dependencies_parsed_at":"2024-12-01T10:36:38.651Z","dependency_job_id":null,"html_url":"https://github.com/binhnhu1409/Cybersecurity_ConductSecurityAudit","commit_stats":null,"previous_names":["binhnhu1409/cybersecurity_conductsecurityaudit"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/binhnhu1409/Cybersecurity_ConductSecurityAudit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binhnhu1409%2FCybersecurity_ConductSecurityAudit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binhnhu1409%2FCybersecurity_ConductSecurityAudit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binhnhu1409%2FCybersecurity_ConductSecurityAudit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binhnhu1409%2FCybersecurity_ConductSecurityAudit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/binhnhu1409","download_url":"https://codeload.github.com/binhnhu1409/Cybersecurity_ConductSecurityAudit/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binhnhu1409%2FCybersecurity_ConductSecurityAudit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29013719,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-02T14:58:54.169Z","status":"ssl_error","status_checked_at":"2026-02-02T14:58:51.285Z","response_time":58,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","security-audit"],"created_at":"2024-12-01T10:35:41.113Z","updated_at":"2026-02-02T15:03:23.828Z","avatar_url":"https://github.com/binhnhu1409.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cybersecurity: Conduct a security audit\n\n## Scenario \n\nThis scenario is based on a fictional company:\n\nBotium Toys is a small U.S. business that develops and sells toys. The business has a single physical location, which serves as their main office, a storefront, and warehouse for their products. However, Botium Toy’s online presence has grown, attracting customers in the U.S. and abroad. As a result, their information technology (IT) department is under increasing pressure to support their online market worldwide. \n\nThe manager of the IT department has decided that an internal IT audit needs to be conducted. She expresses concerns about not having a solidified plan of action to ensure business continuity and compliance, as the business grows. She believes an internal audit can help better secure the company’s infrastructure and help them identify and mitigate potential risks, threats, or vulnerabilities to critical assets. The manager is also interested in ensuring that they comply with regulations related to internally processing and accepting online payments and conducting business in the European Union (E.U.).   \n\nThe IT manager starts by implementing the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), establishing an audit scope and goals, listing assets currently managed by the IT department, and completing a risk assessment. The goal of the audit is to provide an overview of the risks and/or fines that the company might experience due to the current state of their security posture.\n\nBotium Toys’ IT manager asked you to conduct an internal audit of the company’s assets, controls, and adherence to compliance regulations and standards. Then, based on the company’s current goals and level of risk, she requested that you complete a controls assessment and compliance checklist to identify and explain ways that the company can improve its security posture. \n\nYour task is to clearly and concisely communicate your findings and recommendations to the IT manager and other stakeholders, so they can implement the necessary controls and create appropriate documentation, processes, and procedures to ensure business continuity, the safety of critical assets, and compliance.  \n\n## Task has been done \n- Review the [IT manager’s scope, goals, and risk assessment report](https://github.com/binhnhu1409/Cybersecurity_ConductSecurityAudit/blob/main/Botium%20Toys_%20Scope%2C%20goals%2C%20and%20risk%20assessment%20report.pdf).\n- Complete a [controls and compliance checklist](https://github.com/binhnhu1409/Cybersecurity_ConductSecurityAudit/blob/main/Controls%20and%20compliance%20checklist.pdf)\n- Analyze audit results by answering the following questions:\n```\nWhat were the audit scope and goals?\nWhat were the critical findings of the audit that need to be addressed immediately?\nWhat were the findings (i.e., What controls and/or policies that need to be addressed in the future)?\nHow can I summarize the recommendations clearly and concisely to stakeholders?\n```\n- Create a [stakeholder memorandum](https://github.com/binhnhu1409/Cybersecurity_ConductSecurityAudit/blob/main/Stakeholder%20memorandum.pdf) to communicate my findings and recommendations to stakeholders.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbinhnhu1409%2Fcybersecurity_conductsecurityaudit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbinhnhu1409%2Fcybersecurity_conductsecurityaudit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbinhnhu1409%2Fcybersecurity_conductsecurityaudit/lists"}