Evaluate the practice of defining and implementing a security audit
For this task you will be using the attached “Task 3 Healthy Body Wellness Center Risk Assessment” case study. You will be required to conduct a partial as-is audit of the Healthy Body Wellness Center organization.
The idea behind using an as-is question set is to determine the current compliance levels and awareness of the organization’s security posture. The three key aspects of the question set are to determine if the organization has appropriate policies, procedures, and practices in place to adhere to ISO 27002 for the ISMS.
- Complete the attached “Task 3 As-Is Question Set” by identifying whether the tasks are done or not done.
- Discuss how you determined the status of the tasks if they are done and include the page numbers from the risk assessment to support that discussion; or, if they are not done, provide recommendations for completing the tasks in compliance with ISO 27002.
Note: If the policy, procedure, or practice does not exist, provide justification as to why it is needed or why it should exist. If it does exist, give evidence (i.e., page number, brief description) where it is found in the risk assessment.
- Develop the twoadditional question sets in the attached “As-Is Question Set” that are relevant to the risk assessment and ISO 27002.
Note: You may consider your own industry, organization, or situation when developing your additional question categories.
- Justify the inclusion of eachadditional question within eachquestion set with regard to the case study and ISO 27002.
- Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
- Demonstrate professional communication in the content and presentation of your submission.
APA 924 words