Information Security Audit and Is Policy Design for a Premier Educational Institute

Date Added: Nov 2009
Format: PDF

A leading educational institute in India needed to conduct an audit of its Information Security (IS). This organization is the premier accounting body that works in the field of education, professional development, auditing, and ethical standards systems. They wanted to develop a new IS design to keep pace with information best practices. The company sought help from Mahindra Satyam to undertake an analysis and identify the gap between existing IS Best Practices (such as BS 7799) and what they followed. The requirement was also to take a risk assessment analysis while designing IS policies and procedures. These practices were to be based on BS7799. The institute also wanted Mahindra Satyam to review and refine their security policies and procedure manuals. They also wanted to develop a Disaster Recovery Plan (DRP) that could be aligned with the newly developed best practices structure. Mahindra Satyam brought together a team of Certified Information Systems Auditors (CISA) and Certified Information Systems Security Professionals (CISSP) to conduct an onsite review of existing IS policies. They undertook this for the head office one at a branch. With this, Mahindra Satyam was able to understand how the current IS systems of the company function. Mahindra Satyam conducted discussions with key stakeholders to understand the needs of the audit committee. They followed this up with an "As-Is" study of the processes that the institute uses to figure out the key IS risks and produce a gap analysis.