Identify the critical requirements of the audit for your chosen
organization and explain why you consider them to be critical
requirements.
Choose privacy laws that apply to the organization, and suggest who is
responsible for privacy within the organization.
Develop a plan for assessing IT security for your chosen organization
by conducting the following:
Risk management
Threat analysis
Vulnerability analysis
Risk assessment analysis
Explain how to obtain information, documentation, and resources for
the audit.
Analyze how each of the seven (7) domains aligns within your chosen
organization.
Examines the existence of relevant and appropriate security policies
and procedures.
Verifies the existence of controls supporting the policies.
Verifies the effective implementation and ongoing monitoring of the
controls.
Identify all critical security control points that must be verified
throughout the IT infrastructure, and develop a plan that include
adequate controls to meet high-level defined control objectives within
this organization.