Understanding Third-Party Audits

Understanding Third-Party Audits

Overview

You have examined the role of communication in cybersecurity throughout the cybersecurity program. In this course, you have shaped technical data from assessments for technical and non-technical audiences, in media and genres ranging from graphics to technical briefs. In this assignment, you will practice another form of communication, an email to a manager, to provide justification for investing resources in a third-party audit based on your analysis of a case study.

Scenario

You are a security analyst with Grey Matter, and your line manager is the Director of Information Services, Sarah Jackson. She reports to the Executive Vice President, Martin Spearing.

Prompt

ed by the security assessment findings involved with the BrainMeld acquisition, Sarah has been advocating for a third-party security audit of all Grey Matter systems and data assets. She believes this is a good time for an audit and has also pointed out that in its 20-year history, Grey Matter has never had a third-party security audit. The company is relying solely on the internal team’s diligence and expertise to ensure security and compliance.

In your research into this matter, you find a case study from the SANS Institute. You decide to write an email to Sarah explaining why the piece applies and what it shows about the role of a third-party security audit for an organization. You also want to explain how the security team responded to the audit in the case study, and discuss how that can be applied to your organization.

Prompt

In this assignment, you will write an email to your manager using Recovering from a Failed Security Audit – A Case Study, from the Reading and Resources section of this module, to justify the value of a third-party security audit for Grey Matter.