Scribd Logo
Upload

Welcome to Scribd!

  • IT Security Audit Engagement Memo

    Uploaded by

    Amare Muluken
    6 views2 pages
    Thank u.

    Original Title

    IT Security Audit engagement memo

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Thank u.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views2 pages

    IT Security Audit Engagement Memo

    Uploaded by

    Amare Muluken
    Thank u.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Internal Audit & Risk Management Division

    Information Security Audit


    Engagement memo
    July 7, 2022

    Dear Solomon & Yonas,

    The Internal Audit & Risk Management division is planning to perform an Information Technology (IT)
    security Audit - a comprehensive assessment of an organization's security posture and IT infrastructure.

    The objective of the audit is -

     To provide reasonable assurance on the efficiency & effectiveness of overall IT security mgt of
    the co. & its compliance with local & international accepted standards.
     To help the Mgt find and assess the vulnerabilities existing within IT networks connected
    devices, and applications.
     To gives the Mgt the opportunity to fix security loopholes, and achieve compliance.

    Audit Scope & methodologies

    To accomplish our objective, we will


     Scans vulnerability to find out security loopholes in the IT systems.
     Conducting penetration tests to gain unauthorized access to the systems, applications and
    networks. Finally,
     verifies physical hardware access for security and other administrative issues
     Evacuating IT security team operation process, the existence and adequacy of IT security policies
    and procedures.
     Conduct IT security compliance assessment on basic security requirements in relations to
    protecting data - stores, processes, or transmits, & determine the extent to which established
    controls and procedures are functioning as required
     After performing all the necessary procedures generate reports  & submit to the Mgt for further
    analysis and action.
     Audit will also apply other auditing procedures/technique as necessary to achieve audit
    objective.
     Interview representatives of the CIO staff and other officials with IT security responsibilities
    and reviewed documentation.
     We will review relevant IT policies and procedures, regulatory requirements & other
    standards. .

    As part of this audit, we would like to have short audit opening meeting with you and the respective team.
    In the meeting we will discuss the audit objectives and solicit your input.
    We hope that the staff in your office will provide us the requested documents.

    Best Regards

    Tools Used for IT security Audit:

    1. Kali Linux Vulnerability Assessment Tool like N-map, Nikto, recon-ng,

    2. Advanced IP Scanner

    3. Other information gathering tool

    You might also like