Discussion: Understand Compliance Recommendations
Learning Goal: I’m working on a computer science discussion question and need an explanation and answer to help me learn.
Learning Objectives and Outcomes
- Identify correct and incorrect compliance recommendation statements in an auditing report.
Audit final reports may include recommendations supported by the audit findings. The recommended actions should be logically tied to a finding for which the problem has also been identified. Recommendations should be specific, sensible, cost-effective, and actionable.
Actionable recommendations should not include statements such as “controls should be strengthened.” Tactical recommendations are important and needed. However, the report should also provide strategic recommendations that consider the broader picture of the organization’s objectives and how identified gaps or vulnerabilities affect the organization’s ability to achieve those goals.
Discuss and compose examples of at least one correct and one incorrect compliance recommendation statement for the following:
- Retailer PCI DSS compliance finding: Company does not use vendor-supplied defaults for system passwords and other security parameters
- Health care organization HIPAA finding: E-mails with personally identifiable information (PII) and protected health information (PHI) can be sent out of the organization without screening
- Financial institution: Institution does not have a process in place for logging and auditing access control lists of users of the 401(k) database
Compose a list that includes the correct and incorrect compliance recommendation statements for each type of organization.
- Format: Microsoft Word or compatible
- Font: Arial, 12-point, double-space
- Citation Style: Follow your school’s preferred style guide
- Length: 1/2 to 1 page
- I helped to compose examples of at least one correct and one incorrect compliance recommendation statement for given scenarios.
- I provided a rationale for my selections.
- I engaged in a discussion of the assigned topics with at least two of my peers.
- I supported my arguments with data and factual information.
- I compared and contrasted my position with the perspectives offered by my peers.
- I raised questions and solicited peer and instructor input on the topics discussed.
- I articulated my position clearly and logically.