 Pending Information Security Audit Update
CSU, Sacramento will be audited in the future by the Chancellor's Office against the ISO 17799. This is a Subject Matter Audit in Information Security requested by the Board of Trustees. The audit will be conducted by the Internal Audit department of the Chancellor's Office with some third party assistance. The audit will start in January 2008 for about 10 campuses. The remaining campuses will be audited in 2009. The auditors will be onsite for approximately three weeks.
During the audit we will be asked to demonstrate and provide evidence that we have the ISO 17799 recommended controls in place. In areas that we have not implemented controls we will need to demonstrate that we have assessed our risks and identified a timeline for when we will implement the control. If we can not demonstrate this, we will have an audit finding issued and will be given six months to implement a fix.
While the audit's full scope and emphasis has not been finalized, discussions with the lead audit manager indicate they will audit against the full ISO 17799 standard with the exception of Physical Security and Business Continuity Management. ISO 17799 standard topics include:
- Security Policy
- Organization of Information Security
- Asset Management
- Human Resources Security
- Communications and Operations Management
- Access Control
- Information Systems Acquisition, Development, and Maintenance
- Information Security Incident Management
- Compliance
Click here to download "The Future of Security Audits" by Gregory Dove, Information Systems Audit Manager at the Chancellors Office. Gregory is the lead auditor that will help set the scope and is responsible to complete the audit. We will continue to update you as the scope and emphasis becomes finalized.
Check back to this site for updates on the Information Security audit or contact the Information Security Office.
|
 |
