- MS Word:
o A description of the company with relevant aspects to security. For example, you would recommend a different training approach on a global fortune-500 company with 5,000 employees versus a local non-profit organization with 25 employees so clearly articulating the context is critical.
o Include a prioritized list of security concerns (i.e. which security concerns would be most relevant to this company) and why those are the most important topics for the context of that company.
- MS Excel:
o Numbering feature to identify each area/step
o Create a category system of the types of threats you’re evaluating. What makes the most sense to you in terms of grouping your audit activities? For example, will you segregate based on people/process/technology? By the team who owns that risk? By the type of action it is (avoidance/acceptance/risk mitigation/deterrence/transference)? Something else? Attendance & Participation
o Ownership. Who do you think has accountability for each audit step? Who would you direct your questions to?
o Risk Level (what is the impact if the step does not pass the audit?) High/Med/Low
These solutions may offer step-by-step problem-solving explanations or good writing examples that include modern styles of formatting and construction of bibliographies out of text citations and references. Students may use these solutions for personal skill-building and practice. Unethical use is strictly forbidden.Introduction
The company that I have chosen for this audit project is Tesco Bank, a wholly owned subsidiary of the British supermarket chain Tesco Plc. This company was formed in 1997 as a joint venture with the Royal Bank of Scotland, but Tesco Plc. later purchased the 50% shares owned by the Royal Bank of Scotland, thus making the bank a wholly owned subsidiary. As of June 1, 2017, Tesco Bank had a total of 2,818 employees and more than 7 million customer accounts and policies. The main reason I selected this company for this project is because it experienced a security breach resulting in loss of customer funds.
The breach occurred on November 6, 2016 and affected more than 40,000 customer accounts whereby cash running into hundreds of pounds, and in some cases thousands of pounds was withdrawn. This forced the bank to suspend all online transactions pending a review of the security breach. While I will not be focusing on the specific event highlighted above in this audit project, I believe that performing an ERP system security audit for Tesco Bank would present an excellent learning opportunity. The security breach was external as it was traced back to cybercriminals operating outside the United Kingdom, but focusing on Tesco Bank would help me to better understand how the company manages security internally....
By purchasing this solution you'll be able to access the following files:
Solution.xlsx and Solution.docx.