Preparing for an IT Audit: Why Audits are Essential to Prevent Data Breaches

Download Presenatation
Preparing for an IT Audit: Why Audits are Essential to Prevent Data Breaches
Slide Note
Embed
Share

University IT audits are crucial. Learn from past breaches at University of Hawaii, Ohio State, and University of Texas. Find out why audits matter and how to prepare for them effectively to safeguard sensitive information. Gain insights on what auditors look for, IT-developed tools, and processes to enhance security measures. Stay ahead by understanding the importance of audits in preventing cyberattacks and data breaches.

  • IT security
  • Audits
  • Data breaches
  • Cybersecurity
  • University
analiy
analiy Follow

Uploaded on Mar 12, 2025 | 2 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Dotting Your Is and Crossing Your Ts: Preparing for an IT Audit David Nisbet & Shelia Sloan Information Technology Services Board of Regents of the University System of Georgia GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  2. Agenda Why Audits Matter Learning from the Past Two Years Audits Knowing What Auditors are Looking For ITS-developed Tools and Processes How You Can Prepare for Your Next IT Audit Q&A GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  3. Why Do Audits Matter? University of Hawaii faces lawsuit after a security breach in 2009 Names, academic performance, disabilities, and other sensitive information of 40,000 former University of Hawaii students was online for nearly a year. GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  4. Why Do Audits Matter? Ohio State University is notifying up to 760,000 students, professors and others that their names and Social Security numbers might have made it to cyberspace in one of the largest and most costly breaches to hit a college campus. Ohio State expects to spend about $4 million to pay for the forensic investigation and credit-protection services for those whose personal information was on a server that was hacked. GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  5. Why Do Audits Matter? University of Texas at Austin acknowledged that the names, e-mail addresses and Social Security numbers of some 59,000 students, alumni and employees were obtained through a brute force attack on a University database. According to the University, the incident could have been prevented if additional security measures were taken. GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  6. Why Do Audits Matter? Headline: Two Charged with Hacking PeopleSoft to Fix Grades Two California men are facing 20 years in prison on charges they hacked into a California state university's PeopleSoft system to change their grades. IT staff finally caught wind of the problem during a routine audit. GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  7. What is an IT Audit? An examination of the checks and balances, or controls, within an information technology (IT) group Collects and evaluates "evidence" of an organization's information systems, practices, and operations Determines if the information systems are: - safeguarding the information assets - maintaining data integrity - operating effectively and efficiently to achieve the organization's business goals or objectives GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  8. Previous Years Audits 2010 focused on: 2011 focused on: Change management issues Supporting documentation Approvals Terminated employee access in PeopleSoft Financials Security forms and approvals for user access More concentrated campus focus PeopleTools access Shift in focus to Banner GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  9. Auditors are interested in insuring data integrity, availability and confidentiality. Auditors are looking for: General and application controls Backup procedures Monitored and documented job scheduling GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  10. General and Application Controls include Logical Access, Change Management, and IT Operations. There are ways to help maintain general and application controls GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  11. Nine General and Application Controls 1. Strong Password Settings Minimum lengths Complex password composition Lock accounts Frequently force changes GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  12. Nine General and Application Controls 2. Limit Privilege Functions to appropriate personnel Review your security administrators on campus. Look at users with full access. Do users have access to system utilities/resources such as database tools, sql tools and crystal reports? GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  13. Nine General and Application Controls 3. Maintain Segregation of Duties by separating the following roles: Requesting Access Approving Access Setting up Access Monitoring Access and Violations Performing Rights as a privileged user, and Monitoring a privileged user GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  14. Nine General and Application Controls 4. Ensure Appropriate User Access and Authorization Is there an authorization form on file with the appropriate approvals in place? Are these periodically reviewed for changes or updates? Are terminated employee accounts locked or removed? GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  15. Nine General and Application Controls 5. Maintain General Security Settings Firewalls Anti-Virus software Re-authentication Encryption Time-outs GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  16. Nine General and Application Controls 6. Control Access Physical access of computer hardware Access to the data center Environmental controls such as fire suppression, temperature control, and UPS GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  17. Nine General and Application Controls 7. Change Management Are the changes to the application approved, tested, monitored, and authorized? What are the types of changes? Updates Bugs Functionality Report changes GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  18. Nine General and Application Controls 8. Change Management - Maintain Separation of Duties Requester of change Developer of change System Tester of change Person who migrates the change in and out of production Person who monitors the program development and changes GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  19. Nine General and Application Controls 9. Testing should involve User Testing F89UAT was created for the purpose of user testing. Changes are migrated here after system testing is complete. Users validate the changes in a test environment and provide approval that it has met their requirements. GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  20. ITS-developed Tools and Processes Monthly, ITS performs an internal security review. This review focuses on: Super User Access Security Admins Terminations Are the accounts locked and base role removed? Uses query BOR_SEC_TERMINATED_USERS User Access User Page Access report: Main Menu > BOR Menus > BOR Utilities > User Access Report There is also a ROLE PAGE access report to cross reference GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  21. ITS-developed Tools and Processes Locking Accounts GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  22. ITS-developed Tools and Processes Remove the Base Role GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  23. Prepare for an Audit with Monthly Monitoring Review documentation and security request form Is there a security request form on file for all users, and does it match their access in the system? http://www.usg.edu/gafirst- fin/documentation/job_aids/category/security/ Update PeopleSoft and security forms for users whose jobs have changed Ensure appropriate approvals are in place Review terminations GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  24. Prepare for an Audit with Monthly Monitoring Review user preferences and role assignments for control and segregation of duty issues. Review budget security Limit approvals to certain individuals GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

  25. GALILEO GeorgiaBEST GeorgiaFIRST Georgia ONmyLINE GeorgiaVIEW GIL PeachNet USG123

Related


Privacy Breach Management Guide by Health PEI

Privacy Breach Management Guide by Health PEI

zack
Class 2 Permit Modification Request

Class 2 Permit Modification Request

aadhya
Utilizing Audits for Antimicrobial Stewardship in General Practice

Utilizing Audits for Antimicrobial Stewardship in General Practice

thorne
Role of Supreme Audit Institution of the Philippines in Employing Artificial Intelligence to Fight Corruption

Role of Supreme Audit Institution of the Philippines in Employing Artificial Intelligence to Fight Corruption

aasiyah
Single Audits for Federal Fund Compliance

Single Audits for Federal Fund Compliance

flavia
Internal Audit Planning and Practices for Effective Risk Management

Internal Audit Planning and Practices for Effective Risk Management

keir
Weatherization Energy Auditor Single Family - Energy Audit Software

Weatherization Energy Auditor Single Family - Energy Audit Software

kylo
Comparison of Financial Audit and Management Audit

Comparison of Financial Audit and Management Audit

april
Departmental Audits in GST

Departmental Audits in GST

sansa
Guidelines for Social Audits under MGNREGA

Guidelines for Social Audits under MGNREGA

alden
Internal Audit and Controls Process

Internal Audit and Controls Process

auden
Internal Audit Department Overview

Internal Audit Department Overview

bellatrix
Federal Audit Practices and Metrics Evaluation

Federal Audit Practices and Metrics Evaluation

sulo990
Reforming Audit Requirements for Federal Awards

Reforming Audit Requirements for Federal Awards

mair_s
Federal Audit Executive Council - Contract Closeout Guide Highlights

Federal Audit Executive Council - Contract Closeout Guide Highlights

hgren
Essential Tips for a Successful Audit Process

Essential Tips for a Successful Audit Process

hum_ru
Key Access Services Audit Process Overview

Key Access Services Audit Process Overview

noes579
NHS Sussex Conflicts of Interest Breach Register Summary May 2024

NHS Sussex Conflicts of Interest Breach Register Summary May 2024

nave_633
Powercor Industry Forum Audit Results and Trends Analysis

Powercor Industry Forum Audit Results and Trends Analysis

bbri
Local Government Audit Outcomes Analysis as of February 2013

Local Government Audit Outcomes Analysis as of February 2013

mgelst
Auditing Lowballing: Impact on Audit Quality and Recovery

Auditing Lowballing: Impact on Audit Quality and Recovery

cox_le
The Impact of Audits on Post-Audit Tax Compliance

The Impact of Audits on Post-Audit Tax Compliance

ilanyhi

More Related Content