https://github.com/binhnhu1409/cybersecurity_conductsecurityaudit
Conduct an internal security audit based on fictional company' scenario
https://github.com/binhnhu1409/cybersecurity_conductsecurityaudit
cybersecurity security-audit
Last synced: 5 months ago
JSON representation
Conduct an internal security audit based on fictional company' scenario
- Host: GitHub
- URL: https://github.com/binhnhu1409/cybersecurity_conductsecurityaudit
- Owner: binhnhu1409
- Created: 2023-10-02T19:31:51.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-10-04T13:52:44.000Z (over 2 years ago)
- Last Synced: 2025-06-10T21:50:28.089Z (about 1 year ago)
- Topics: cybersecurity, security-audit
- Homepage:
- Size: 2.61 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Cybersecurity: Conduct a security audit
## Scenario
This scenario is based on a fictional company:
Botium Toys is a small U.S. business that develops and sells toys. The business has a single physical location, which serves as their main office, a storefront, and warehouse for their products. However, Botium Toy’s online presence has grown, attracting customers in the U.S. and abroad. As a result, their information technology (IT) department is under increasing pressure to support their online market worldwide.
The manager of the IT department has decided that an internal IT audit needs to be conducted. She expresses concerns about not having a solidified plan of action to ensure business continuity and compliance, as the business grows. She believes an internal audit can help better secure the company’s infrastructure and help them identify and mitigate potential risks, threats, or vulnerabilities to critical assets. The manager is also interested in ensuring that they comply with regulations related to internally processing and accepting online payments and conducting business in the European Union (E.U.).
The IT manager starts by implementing the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), establishing an audit scope and goals, listing assets currently managed by the IT department, and completing a risk assessment. The goal of the audit is to provide an overview of the risks and/or fines that the company might experience due to the current state of their security posture.
Botium Toys’ IT manager asked you to conduct an internal audit of the company’s assets, controls, and adherence to compliance regulations and standards. Then, based on the company’s current goals and level of risk, she requested that you complete a controls assessment and compliance checklist to identify and explain ways that the company can improve its security posture.
Your task is to clearly and concisely communicate your findings and recommendations to the IT manager and other stakeholders, so they can implement the necessary controls and create appropriate documentation, processes, and procedures to ensure business continuity, the safety of critical assets, and compliance.
## Task has been done
- Review the [IT manager’s scope, goals, and risk assessment report](https://github.com/binhnhu1409/Cybersecurity_ConductSecurityAudit/blob/main/Botium%20Toys_%20Scope%2C%20goals%2C%20and%20risk%20assessment%20report.pdf).
- Complete a [controls and compliance checklist](https://github.com/binhnhu1409/Cybersecurity_ConductSecurityAudit/blob/main/Controls%20and%20compliance%20checklist.pdf)
- Analyze audit results by answering the following questions:
```
What were the audit scope and goals?
What were the critical findings of the audit that need to be addressed immediately?
What were the findings (i.e., What controls and/or policies that need to be addressed in the future)?
How can I summarize the recommendations clearly and concisely to stakeholders?
```
- Create a [stakeholder memorandum](https://github.com/binhnhu1409/Cybersecurity_ConductSecurityAudit/blob/main/Stakeholder%20memorandum.pdf) to communicate my findings and recommendations to stakeholders.