You have recently been promoted to Chief Information Security Officer of a large healthcare organization with 10 hospitals under management. Your fist task is to design an information security audit to determine the state of cyber security of your organization as you enter into your new role. You know that the implementation of a robust and effective information security program is only the start of providing for the confidentiality, integrity and availability of information assets. Those tasked with the responsibility for information security will also implement a routine audit of their information security controls. The National Institute of Standards and Technology (NIST) publishes the cyber security framework for improving critical infrastructure cyber security. Perform the following actions:
Review this framework and prepare a sample audit to be reviewed by your organizations Chief Information Officer for approval.
Your sample audit should include the following:
5 primary areas of your information security program that you would audit
Details of what you would audit
2 paragraph summary or equivalent bulletized content per section that describe your goals for that section of the audit.
Reference list containing all references in APA format consulted when drafting the framework Click here to review the NIST Cyber Security Framework.