SlideShare a Scribd company logo

IT AUDIT

Download as PPTX, PDF
I
Ibrahim Adeboye Apena

Brief Explanation of how to conduct IT audit on an organization , using a Health care information system designed for the organization in view.

Technology
1 of 18
IT AUDIT A Case of Group8_Health Care System 14 December 2016 1 Arun Kumar, Emenike Henry and Ibrahim Apena
Executive summary Group8_Health Care is a Medical Center that provides medical aids to patients from different part of the world. The company was established in 1999 with the objective of saving lives at all possible cost. Currently , Its has 3,423 staffs working in its head office is situated in Lagos and its branch in Abuja, Nigeria. The use of sophisticated technology for operations and adoption of information and Communication Technology solutions (Electronic Protected health Information System (ePHIS)) has given the organisation a competitive edge while serving customers effectively and efficiently. 14 December 2016 2
Why IT Audit for Group8_Health Care (ePHIS) 14 December 2016 3 • Fully automated medical organisation , • Assurance of information system Security • Possible Target of Attackers.
What is IT audit The process of collecting and evaluating evidence to determine weather a company’s system safeguards asset, maintain data integrity, allows organisational goals to be achieved effectively and use of resources efficiently. 14 December 2016 4
• Compliance with Laws and Regulations • Security (Access Control and Physical security) • Organisational continuity • Internal policies and procedures • Worries and interest of Management • Other Identified Risk 14 December 2016 5 Scope Audit
IT Audit To ensure assets are safeguarded , to ensure business continuity and achievement of organisational goals effectively and efficiently. Considerations Includes ; • Data Security (Availability , non repudiation , integrity , confidentiality and consistency ) • Application system functionality • People management • Technology, IT Infrastructure and Facility management 14 December 2016 6
Audit Process • Planning • Audit Activities and Testing • Reporting • Follow up • Conclusion 14 December 2016 7
14 December 2016 8
Planning 14 December 2016 9 NIST FUNCTIONS Identify What to protect ? Vs What they protect . Protect How to protect ? Vs How to protect . Detect Are we attacked ? Vs Are they attack. Respond How to mitigate the impact ? Vs How they mitigate the Impact Recover How to return to business as usual ? Vs How they Recover to Business Observation Interview Test specific documents E.t.c
Details Of our Planning Process 14 December 2016 10
14 December 2016 11 Controllable, Uncontrollable and Influential Risks
Audit Get Evidences • Interviews (testimonial Evidence) • Observations (physical Evidence ) • Analysis (Analytical Evidence) • Review of Documents (Documentation Evidence) Materiaity concept was highly considered 14 December 2016 12
Audit Activities 14 December 2016 13
Documentation of findings and Reporting The findings are documented in a report which includes 1. An introduction to the report, audit objectives, scope and time 2. Overall Conclusion and summary of Finding (The Healthcare centre is Security conscious to an extent but needs to improve on shortfalls mentioned in the findings, more attention should be paid to critical ones) 3. Statement on the regulations: Standards and audit guidelines followed (ISO/IEC 27002 For audit) 4. Findings : • Employees stay too long before going for leave (Max stay without mandatory leave was 3 years), • Most compliance standard are stated in IT documents but not fully complied to, • Less attention is paid to sources downloading information from Network, • Vulnerability of remote network because employees connect to unnecessary website through secured network, • There is no proper provision of reporting IT abnormality, • Password are kept for too long without changing and • Unclear IT contingencies and Disaster Recovery plan, unclearly defined back up recovery time • No Segregation of duties • Improved Control System. 14 December 2016 14 High Moderate Low http://www.slideshare.net/jkyriazoglou/published-audit-report-model-and-sample-2
Recommendations • Access control  Cryptography (Availability , Confidentiality , Integrity, non- repudiation)  Remote Vulnerability Scan  Periodic change of password Abnormal Packet downloads Scrutiny of Suppliers or partners 14 December 2016 15
Recommendations Cont’d Back up • Backups and Recovery • Effectiveness of back ups 14 December 2016 16 Physical Control • Door locks • Security officer shifts • Compulsory annual leave • Installations of camera • Segregation of Dities Resource Management • IT Budget Scrutiny • Quality of IT Infrastructure • Asset Maintenance • Cost benefit analysis Compliance to Standards • NIST, ISO for Internal Audit
Post Audit Activity (Follow Up) Reviewing of findings and recommendation alongside previous findings to determine if appropriate actions are implemented in timely basis 14 December 2016 17
Thank you 14 December 2016 18

Recommended

Bhis 515 capstone ppt lucky 7
Bhis 515 capstone ppt lucky 7Bhis 515 capstone ppt lucky 7
Bhis 515 capstone ppt lucky 7Joanna Cloutier
 
Collaborative Solutions eHealth Event - Wirasoft
Collaborative Solutions eHealth Event - WirasoftCollaborative Solutions eHealth Event - Wirasoft
Collaborative Solutions eHealth Event - WirasoftCollaborative Solutions
 
Encryption Solutions for Healthcare
Encryption Solutions for HealthcareEncryption Solutions for Healthcare
Encryption Solutions for HealthcareSteve Dunn
 
Collaborative Solutions e-Health event - WWWMachealth
Collaborative Solutions e-Health event - WWWMachealthCollaborative Solutions e-Health event - WWWMachealth
Collaborative Solutions e-Health event - WWWMachealthCollaborative Solutions
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointbradleyl2
 
Patients privacy training
Patients privacy trainingPatients privacy training
Patients privacy trainingBerttrin
 
Defending Healthcare Networks with NetFlow
Defending Healthcare Networks with NetFlowDefending Healthcare Networks with NetFlow
Defending Healthcare Networks with NetFlowLancope, Inc.
 
Healthcare strategy forum Presentation on Imprivata One Sign
Healthcare strategy forum Presentation on Imprivata One SignHealthcare strategy forum Presentation on Imprivata One Sign
Healthcare strategy forum Presentation on Imprivata One SignGrant Harris
 

Recommended

Bhis 515 capstone ppt lucky 7
Bhis 515 capstone ppt lucky 7Bhis 515 capstone ppt lucky 7
Bhis 515 capstone ppt lucky 7Joanna Cloutier
 
Collaborative Solutions eHealth Event - Wirasoft
Collaborative Solutions eHealth Event - WirasoftCollaborative Solutions eHealth Event - Wirasoft
Collaborative Solutions eHealth Event - WirasoftCollaborative Solutions
 
Encryption Solutions for Healthcare
Encryption Solutions for HealthcareEncryption Solutions for Healthcare
Encryption Solutions for HealthcareSteve Dunn
 
Collaborative Solutions e-Health event - WWWMachealth
Collaborative Solutions e-Health event - WWWMachealthCollaborative Solutions e-Health event - WWWMachealth
Collaborative Solutions e-Health event - WWWMachealthCollaborative Solutions
 
Introduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointIntroduction to Health Informatics Ch11 power point
Introduction to Health Informatics Ch11 power pointbradleyl2
 
Patients privacy training
Patients privacy trainingPatients privacy training
Patients privacy trainingBerttrin
 
Defending Healthcare Networks with NetFlow
Defending Healthcare Networks with NetFlowDefending Healthcare Networks with NetFlow
Defending Healthcare Networks with NetFlowLancope, Inc.
 
Healthcare strategy forum Presentation on Imprivata One Sign
Healthcare strategy forum Presentation on Imprivata One SignHealthcare strategy forum Presentation on Imprivata One Sign
Healthcare strategy forum Presentation on Imprivata One SignGrant Harris
 
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.pselonen
 
5 Reasons Why Medigate is a Game Changer For IoT Security in Healthcare
5 Reasons Why Medigate is a Game Changer For IoT Security in Healthcare5 Reasons Why Medigate is a Game Changer For IoT Security in Healthcare
5 Reasons Why Medigate is a Game Changer For IoT Security in HealthcareMedigate
 
Hrr cmio-benefits
Hrr cmio-benefitsHrr cmio-benefits
Hrr cmio-benefitsHealth Care DataWorks
 
Aezen_Solutions
Aezen_SolutionsAezen_Solutions
Aezen_SolutionsBharathi Lenin
 
HM312 Week 5 part 2 of 2
HM312 Week 5 part 2 of 2HM312 Week 5 part 2 of 2
HM312 Week 5 part 2 of 2BealCollegeOnline
 
RamData Protect - "When Can't Afford to Lose Your Data"
RamData Protect - "When Can't Afford to Lose Your Data"RamData Protect - "When Can't Afford to Lose Your Data"
RamData Protect - "When Can't Afford to Lose Your Data"efrid630
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityCollaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityDr Dev Kambhampati
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Interset
 
Pharmaceutical Data Integrity@IBA Karachi
Pharmaceutical Data Integrity@IBA KarachiPharmaceutical Data Integrity@IBA Karachi
Pharmaceutical Data Integrity@IBA KarachiCepal & Co.
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
Healthcare presentation
Healthcare presentationHealthcare presentation
Healthcare presentationNicholas Pace
 
Cloud Hosting: Your data, your cloud, your control.
Cloud Hosting: Your data, your cloud, your control. Cloud Hosting: Your data, your cloud, your control.
Cloud Hosting: Your data, your cloud, your control. NextGen Healthcare
 
Five steps to getting maximum value from Real World Data
Five steps to getting maximum value from Real World DataFive steps to getting maximum value from Real World Data
Five steps to getting maximum value from Real World DataSaama
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersNUS-ISS
 
Hadoop in Healthcare Systems
Hadoop in Healthcare SystemsHadoop in Healthcare Systems
Hadoop in Healthcare SystemsDataWorks Summit/Hadoop Summit
 
Jackie Shears: NHS Pathways Commissioning in Healthcare show (CiH 2015)
Jackie Shears: NHS Pathways Commissioning in Healthcare show (CiH 2015)Jackie Shears: NHS Pathways Commissioning in Healthcare show (CiH 2015)
Jackie Shears: NHS Pathways Commissioning in Healthcare show (CiH 2015)The Health and Social Care Information Centre
 
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Software
 
Data Science & Analytics – New approaches and capabilities for driving busine...
Data Science & Analytics – New approaches and capabilities for driving busine...Data Science & Analytics – New approaches and capabilities for driving busine...
Data Science & Analytics – New approaches and capabilities for driving busine...Leigh Hill
 
Quality Assurance in Healthcare
Quality Assurance in HealthcareQuality Assurance in Healthcare
Quality Assurance in HealthcareVodqaBLR
 
Apresentação gestao pessoas
Apresentação gestao pessoasApresentação gestao pessoas
Apresentação gestao pessoasnuiashrl
 
NIKOLCHE ILIEVSKI. cv
NIKOLCHE ILIEVSKI. cvNIKOLCHE ILIEVSKI. cv
NIKOLCHE ILIEVSKI. cvNikolche Ilievski
 

More Related Content

What's hot

Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.pselonen
 
5 Reasons Why Medigate is a Game Changer For IoT Security in Healthcare
5 Reasons Why Medigate is a Game Changer For IoT Security in Healthcare5 Reasons Why Medigate is a Game Changer For IoT Security in Healthcare
5 Reasons Why Medigate is a Game Changer For IoT Security in HealthcareMedigate
 
RamData Protect - "When Can't Afford to Lose Your Data"
RamData Protect - "When Can't Afford to Lose Your Data"RamData Protect - "When Can't Afford to Lose Your Data"
RamData Protect - "When Can't Afford to Lose Your Data"efrid630
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityCollaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityDr Dev Kambhampati
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Interset
 
Pharmaceutical Data Integrity@IBA Karachi
Pharmaceutical Data Integrity@IBA KarachiPharmaceutical Data Integrity@IBA Karachi
Pharmaceutical Data Integrity@IBA KarachiCepal & Co.
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devicesSafisSolutions
 
Healthcare presentation
Healthcare presentationHealthcare presentation
Healthcare presentationNicholas Pace
 
Cloud Hosting: Your data, your cloud, your control.
Cloud Hosting: Your data, your cloud, your control. Cloud Hosting: Your data, your cloud, your control.
Cloud Hosting: Your data, your cloud, your control. NextGen Healthcare
 
Five steps to getting maximum value from Real World Data
Five steps to getting maximum value from Real World DataFive steps to getting maximum value from Real World Data
Five steps to getting maximum value from Real World DataSaama
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersNUS-ISS
 
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Software
 
Data Science & Analytics – New approaches and capabilities for driving busine...
Data Science & Analytics – New approaches and capabilities for driving busine...Data Science & Analytics – New approaches and capabilities for driving busine...
Data Science & Analytics – New approaches and capabilities for driving busine...Leigh Hill
 
Quality Assurance in Healthcare
Quality Assurance in HealthcareQuality Assurance in Healthcare
Quality Assurance in HealthcareVodqaBLR
 

What's hot (20)

Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
Cloud Platform for Remote Patient Monitoring. Case: Stroke Remote Care.
 
5 Reasons Why Medigate is a Game Changer For IoT Security in Healthcare
5 Reasons Why Medigate is a Game Changer For IoT Security in Healthcare5 Reasons Why Medigate is a Game Changer For IoT Security in Healthcare
5 Reasons Why Medigate is a Game Changer For IoT Security in Healthcare
 
Hrr cmio-benefits
Hrr cmio-benefitsHrr cmio-benefits
Hrr cmio-benefits
 
Aezen_Solutions
Aezen_SolutionsAezen_Solutions
Aezen_Solutions
 
HM312 Week 5 part 2 of 2
HM312 Week 5 part 2 of 2HM312 Week 5 part 2 of 2
HM312 Week 5 part 2 of 2
 
RamData Protect - "When Can't Afford to Lose Your Data"
RamData Protect - "When Can't Afford to Lose Your Data"RamData Protect - "When Can't Afford to Lose Your Data"
RamData Protect - "When Can't Afford to Lose Your Data"
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare CybersecurityCollaborative Approaches for Medical Device & Healthcare Cybersecurity
Collaborative Approaches for Medical Device & Healthcare Cybersecurity
 
Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018Data Connectors San Antonio Cybersecurity Conference 2018
Data Connectors San Antonio Cybersecurity Conference 2018
 
Pharmaceutical Data Integrity@IBA Karachi
Pharmaceutical Data Integrity@IBA KarachiPharmaceutical Data Integrity@IBA Karachi
Pharmaceutical Data Integrity@IBA Karachi
 
Cybersecurity in medical devices
Cybersecurity in medical devicesCybersecurity in medical devices
Cybersecurity in medical devices
 
Healthcare presentation
Healthcare presentationHealthcare presentation
Healthcare presentation
 
Cloud Hosting: Your data, your cloud, your control.
Cloud Hosting: Your data, your cloud, your control. Cloud Hosting: Your data, your cloud, your control.
Cloud Hosting: Your data, your cloud, your control.
 
Five steps to getting maximum value from Real World Data
Five steps to getting maximum value from Real World DataFive steps to getting maximum value from Real World Data
Five steps to getting maximum value from Real World Data
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security Leaders
 
Hadoop in Healthcare Systems
Hadoop in Healthcare SystemsHadoop in Healthcare Systems
Hadoop in Healthcare Systems
 
Jackie Shears: NHS Pathways Commissioning in Healthcare show (CiH 2015)
Jackie Shears: NHS Pathways Commissioning in Healthcare show (CiH 2015)Jackie Shears: NHS Pathways Commissioning in Healthcare show (CiH 2015)
Jackie Shears: NHS Pathways Commissioning in Healthcare show (CiH 2015)
 
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery ProfessionalsHeureka Webinar – Security, the Growth Engine for eDiscovery Professionals
Heureka Webinar – Security, the Growth Engine for eDiscovery Professionals
 
Data Science & Analytics – New approaches and capabilities for driving busine...
Data Science & Analytics – New approaches and capabilities for driving busine...Data Science & Analytics – New approaches and capabilities for driving busine...
Data Science & Analytics – New approaches and capabilities for driving busine...
 
Quality Assurance in Healthcare
Quality Assurance in HealthcareQuality Assurance in Healthcare
Quality Assurance in Healthcare
 

Viewers also liked

Apresentação gestao pessoas
Apresentação gestao pessoasApresentação gestao pessoas
Apresentação gestao pessoasnuiashrl
 
Matrimonio Igualitario.
Matrimonio Igualitario.Matrimonio Igualitario.
Matrimonio Igualitario.Valeria. Gomez
 
Design pp 1 edited
Design pp 1 edited Design pp 1 edited
Design pp 1 edited Daniel Katz
 
Derechos y deberes de los estudiantes
Derechos y deberes de los estudiantesDerechos y deberes de los estudiantes
Derechos y deberes de los estudiantesdiego quiroga
 
6.soal praktek power point
6.soal praktek power point6.soal praktek power point
6.soal praktek power pointarehansanada
 
Navegación Segura
Navegación Segura Navegación Segura
Navegación Segura manupereia2k
 
Game design (1)
Game design (1)Game design (1)
Game design (1)fallotag
 

Viewers also liked (11)

Apresentação gestao pessoas
Apresentação gestao pessoasApresentação gestao pessoas
Apresentação gestao pessoas
 
NIKOLCHE ILIEVSKI. cv
NIKOLCHE ILIEVSKI. cvNIKOLCHE ILIEVSKI. cv
NIKOLCHE ILIEVSKI. cv
 
mansoor cv
mansoor cvmansoor cv
mansoor cv
 
Matrimonio Igualitario.
Matrimonio Igualitario.Matrimonio Igualitario.
Matrimonio Igualitario.
 
Design pp 1 edited
Design pp 1 edited Design pp 1 edited
Design pp 1 edited
 
Road Rollers
Road RollersRoad Rollers
Road Rollers
 
Derechos y deberes de los estudiantes
Derechos y deberes de los estudiantesDerechos y deberes de los estudiantes
Derechos y deberes de los estudiantes
 
6.soal praktek power point
6.soal praktek power point6.soal praktek power point
6.soal praktek power point
 
Navegación Segura
Navegación Segura Navegación Segura
Navegación Segura
 
Game design (1)
Game design (1)Game design (1)
Game design (1)
 
Diapositivas de gestión humana
Diapositivas de gestión humana Diapositivas de gestión humana
Diapositivas de gestión humana
 

Similar to IT AUDIT

Presentation: Data Integrity – an international regulatory perspective
Presentation: Data Integrity – an international regulatory perspectivePresentation: Data Integrity – an international regulatory perspective
Presentation: Data Integrity – an international regulatory perspectiveTGA Australia
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
 
TGA presentation: Data Integrity - an international regulatory perspective
TGA presentation: Data Integrity - an international regulatory perspectiveTGA presentation: Data Integrity - an international regulatory perspective
TGA presentation: Data Integrity - an international regulatory perspectiveTGA Australia
 
Asset Reliability Through Integrated Asset Management
Asset Reliability Through Integrated Asset ManagementAsset Reliability Through Integrated Asset Management
Asset Reliability Through Integrated Asset ManagementL&T Technology Services
 
IND and CTA Webinar slides.pptx
IND and CTA Webinar slides.pptxIND and CTA Webinar slides.pptx
IND and CTA Webinar slides.pptxMMS Holdings
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...Health IT Conference – iHT2
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are comingErnest Staats
 
PROSAFE PROMOTING QUALITY AND SAFETY IN ICUS
PROSAFE PROMOTING QUALITY AND SAFETY IN ICUSPROSAFE PROMOTING QUALITY AND SAFETY IN ICUS
PROSAFE PROMOTING QUALITY AND SAFETY IN ICUSYIANNIS TALIADOROS
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.Imperva
 
FDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection IntelligenceFDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection IntelligenceArmin Torres
 
FDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection IntelligenceFDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection IntelligenceArmin Torres
 
Cor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiCor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiRobust Marketing & Consulting (Pty) Ltd
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
Optimising Clinical Trials Monitoring Data review - Neill Barron
Optimising Clinical Trials Monitoring Data review - Neill BarronOptimising Clinical Trials Monitoring Data review - Neill Barron
Optimising Clinical Trials Monitoring Data review - Neill BarronNeill Barron
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandThorntongroup
 
Audit Webinar: Surefire ways to succeed with Data Analytics
Audit Webinar: Surefire ways to succeed with Data AnalyticsAudit Webinar: Surefire ways to succeed with Data Analytics
Audit Webinar: Surefire ways to succeed with Data AnalyticsCaseWare IDEA
 
OWASPTop10PrivacyRisks_v2(1).pptx
OWASPTop10PrivacyRisks_v2(1).pptxOWASPTop10PrivacyRisks_v2(1).pptx
OWASPTop10PrivacyRisks_v2(1).pptxagam37
 
Research Ethics and Integrity | Ethical Standards | Data Mining | Mixed Metho...
Research Ethics and Integrity | Ethical Standards | Data Mining | Mixed Metho...Research Ethics and Integrity | Ethical Standards | Data Mining | Mixed Metho...
Research Ethics and Integrity | Ethical Standards | Data Mining | Mixed Metho...Glenn Villanueva
 

Similar to IT AUDIT (20)

Presentation: Data Integrity – an international regulatory perspective
Presentation: Data Integrity – an international regulatory perspectivePresentation: Data Integrity – an international regulatory perspective
Presentation: Data Integrity – an international regulatory perspective
 
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTime for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits
 
TGA presentation: Data Integrity - an international regulatory perspective
TGA presentation: Data Integrity - an international regulatory perspectiveTGA presentation: Data Integrity - an international regulatory perspective
TGA presentation: Data Integrity - an international regulatory perspective
 
Asset Reliability Through Integrated Asset Management
Asset Reliability Through Integrated Asset ManagementAsset Reliability Through Integrated Asset Management
Asset Reliability Through Integrated Asset Management
 
Overview: Information Management at ICARDA
Overview: Information Management at ICARDAOverview: Information Management at ICARDA
Overview: Information Management at ICARDA
 
Planning and monitoring work section 22
Planning and monitoring work section 22Planning and monitoring work section 22
Planning and monitoring work section 22
 
IND and CTA Webinar slides.pptx
IND and CTA Webinar slides.pptxIND and CTA Webinar slides.pptx
IND and CTA Webinar slides.pptx
 
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
CHIME LEAD Fourm Houston - "Creating an Effective Cyber Security Strategy: Ke...
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
 
PROSAFE PROMOTING QUALITY AND SAFETY IN ICUS
PROSAFE PROMOTING QUALITY AND SAFETY IN ICUSPROSAFE PROMOTING QUALITY AND SAFETY IN ICUS
PROSAFE PROMOTING QUALITY AND SAFETY IN ICUS
 
More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.More Databases. More Hackers. More Audits.
More Databases. More Hackers. More Audits.
 
FDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection IntelligenceFDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection Intelligence
 
FDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection IntelligenceFDA News Webinar - Inspection Intelligence
FDA News Webinar - Inspection Intelligence
 
Cor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiCor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popi
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Optimising Clinical Trials Monitoring Data review - Neill Barron
Optimising Clinical Trials Monitoring Data review - Neill BarronOptimising Clinical Trials Monitoring Data review - Neill Barron
Optimising Clinical Trials Monitoring Data review - Neill Barron
 
Surviving an ODPC Audit - Ireland
Surviving an ODPC Audit - IrelandSurviving an ODPC Audit - Ireland
Surviving an ODPC Audit - Ireland
 
Audit Webinar: Surefire ways to succeed with Data Analytics
Audit Webinar: Surefire ways to succeed with Data AnalyticsAudit Webinar: Surefire ways to succeed with Data Analytics
Audit Webinar: Surefire ways to succeed with Data Analytics
 
OWASPTop10PrivacyRisks_v2(1).pptx
OWASPTop10PrivacyRisks_v2(1).pptxOWASPTop10PrivacyRisks_v2(1).pptx
OWASPTop10PrivacyRisks_v2(1).pptx
 
Research Ethics and Integrity | Ethical Standards | Data Mining | Mixed Metho...
Research Ethics and Integrity | Ethical Standards | Data Mining | Mixed Metho...Research Ethics and Integrity | Ethical Standards | Data Mining | Mixed Metho...
Research Ethics and Integrity | Ethical Standards | Data Mining | Mixed Metho...
 

Recently uploaded

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Recently uploaded (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

IT AUDIT

  • 1. IT AUDIT A Case of Group8_Health Care System 14 December 2016 1 Arun Kumar, Emenike Henry and Ibrahim Apena
  • 2. Executive summary Group8_Health Care is a Medical Center that provides medical aids to patients from different part of the world. The company was established in 1999 with the objective of saving lives at all possible cost. Currently , Its has 3,423 staffs working in its head office is situated in Lagos and its branch in Abuja, Nigeria. The use of sophisticated technology for operations and adoption of information and Communication Technology solutions (Electronic Protected health Information System (ePHIS)) has given the organisation a competitive edge while serving customers effectively and efficiently. 14 December 2016 2
  • 3. Why IT Audit for Group8_Health Care (ePHIS) 14 December 2016 3 • Fully automated medical organisation , • Assurance of information system Security • Possible Target of Attackers.
  • 4. What is IT audit The process of collecting and evaluating evidence to determine weather a company’s system safeguards asset, maintain data integrity, allows organisational goals to be achieved effectively and use of resources efficiently. 14 December 2016 4
  • 5. • Compliance with Laws and Regulations • Security (Access Control and Physical security) • Organisational continuity • Internal policies and procedures • Worries and interest of Management • Other Identified Risk 14 December 2016 5 Scope Audit
  • 6. IT Audit To ensure assets are safeguarded , to ensure business continuity and achievement of organisational goals effectively and efficiently. Considerations Includes ; • Data Security (Availability , non repudiation , integrity , confidentiality and consistency ) • Application system functionality • People management • Technology, IT Infrastructure and Facility management 14 December 2016 6
  • 7. Audit Process • Planning • Audit Activities and Testing • Reporting • Follow up • Conclusion 14 December 2016 7
  • 9. Planning 14 December 2016 9 NIST FUNCTIONS Identify What to protect ? Vs What they protect . Protect How to protect ? Vs How to protect . Detect Are we attacked ? Vs Are they attack. Respond How to mitigate the impact ? Vs How they mitigate the Impact Recover How to return to business as usual ? Vs How they Recover to Business Observation Interview Test specific documents E.t.c
  • 10. Details Of our Planning Process 14 December 2016 10
  • 11. 14 December 2016 11 Controllable, Uncontrollable and Influential Risks
  • 12. Audit Get Evidences • Interviews (testimonial Evidence) • Observations (physical Evidence ) • Analysis (Analytical Evidence) • Review of Documents (Documentation Evidence) Materiaity concept was highly considered 14 December 2016 12
  • 14. Documentation of findings and Reporting The findings are documented in a report which includes 1. An introduction to the report, audit objectives, scope and time 2. Overall Conclusion and summary of Finding (The Healthcare centre is Security conscious to an extent but needs to improve on shortfalls mentioned in the findings, more attention should be paid to critical ones) 3. Statement on the regulations: Standards and audit guidelines followed (ISO/IEC 27002 For audit) 4. Findings : • Employees stay too long before going for leave (Max stay without mandatory leave was 3 years), • Most compliance standard are stated in IT documents but not fully complied to, • Less attention is paid to sources downloading information from Network, • Vulnerability of remote network because employees connect to unnecessary website through secured network, • There is no proper provision of reporting IT abnormality, • Password are kept for too long without changing and • Unclear IT contingencies and Disaster Recovery plan, unclearly defined back up recovery time • No Segregation of duties • Improved Control System. 14 December 2016 14 High Moderate Low http://www.slideshare.net/jkyriazoglou/published-audit-report-model-and-sample-2
  • 15. Recommendations • Access control  Cryptography (Availability , Confidentiality , Integrity, non- repudiation)  Remote Vulnerability Scan  Periodic change of password Abnormal Packet downloads Scrutiny of Suppliers or partners 14 December 2016 15
  • 16. Recommendations Cont’d Back up • Backups and Recovery • Effectiveness of back ups 14 December 2016 16 Physical Control • Door locks • Security officer shifts • Compulsory annual leave • Installations of camera • Segregation of Dities Resource Management • IT Budget Scrutiny • Quality of IT Infrastructure • Asset Maintenance • Cost benefit analysis Compliance to Standards • NIST, ISO for Internal Audit
  • 17. Post Audit Activity (Follow Up) Reviewing of findings and recommendation alongside previous findings to determine if appropriate actions are implemented in timely basis 14 December 2016 17