plan for conducting the audit
Case Study – Architecture Firm.
Dalton, Walton, & Carlton, Inc. is an architecture firm with approximately 250 employees in four cities in a regional area. The main office is in Kansas City, Mo, which houses 100 of the employees. The main office is located in a suburb neighborhood where physical security is not considered a concern.
You are an independent auditor brought in by Dalton, Walton, & Carlton’s management. They’ve tasked you with conducting an audit of their entire IT infrastructure & organization.
Their IT infrastructure is as follows:
- They primarily use Microsoft servers and PCs with a number of Mac computers used to perform design work. They use Active Directory, have a Web Server for their Internet web site, four servers used as file shares (one in each office), four servers housing their architecture applications, a training server, five MS SQL database servers, and two Microsoft Exchange servers for email.
- There are 20 Windows 2008 R2 servers in the main office, twelve of which are virtualized on three physical servers.
- System updates and patches are run from the main office. Most systems get Microsoft updates once a month, but some are missed. Also, most third party products (e.g., Adobe PDF & Flash) are not kept up to date.
- Each satellite office has 3-4 servers for storing files and running local applications.
- Each office has its own, decentralized wireless network connected to the production network.
- Each employee has a desktop or laptop PC running Windows 7. HR personnel have laptops for conducting interviews.
- They outsource their email spam filter and all HR applications to two separate third party companies.
- The network sits behind a gateway router and firewall. Antivirus is in use, but is not automatically updated across the company. Employees often work remotely and only use their login and password to gain access to the corporate systems.
- There is a Director of IT who has a full time staff of 5 employees, one of which does security duties part time.
There are a few known issues with their IT infrastructure and organization:
- Recently, a number of PCs and office equipment has been stolen out of the office.
- It’s at the data owner’s discretion as to whether or not to secure their data files or folders. Many do not secure their files, while some lock them so only they have access. There have been rumors that customer data and intellectual property have been lost.
- Two employees recently left your company and went to your biggest competitor, where they just landed a contract with your largest account.
- Vendors are allowed access to the site and computers without authorization or supervision.
- Onsite staff at each location provides IT support part time along with their other responsibilities. Password resets are done by giving out a generic password — Chiefs2011.
See the weekly assignment’s page for specific information on this assignment.
……………………….Answer preview……………..
Flow chart
Planning
Fieldwork and documentation…………………..
APA
641 words