Page Content

Information Security Audit

CSU, Sacramento is being audited by the Chancellor's Office. The Subject Matter for the Audit involves Information Security. This Audit request is from the Board of Trustees. The audit will be conducted by the Internal Audit department of the Chancellor's Office with some third party assistance. The audit will start in January 2008 for about 10 campuses. The remaining campuses will be audited in 2009. The auditors will be onsite for approximately five weeks.

During the audit Sacramento State will be asked to demonstrate and provide evidence that we have the ISO 27002 recommended controls in place. In areas that we have not implemented controls we will need to demonstrate that we have assessed our risks and identified a timeline for when we will implement the control. If we cannot demonstrate this, we will have an audit finding issued and will be given six months to implement a fix.

ISO 27002 standard topics include:

• Security Policy
• Organization of Information Security
• Asset Management
• Human Resources Security
• Communications and Operations Management
• Access Control
• Information Systems Acquisition, Development, and Maintenance
• Information Security Incident Management
• Compliance

For more information on the security audit please see the kickoff Power Point Presentation below:

Check this site for updates on the Information Security audit or contact the Information Security Office.

Information Security Reports for Audited CSU Campuses:

http://www.calstate.edu/audit/Audit_Reports/information_security/index.shtml