Cal Poly Pomona - IT Security & Compliance

Course Name and Number CIS 4410 (03): Internship in Info Systems Course Instructor (Faculty Name) Jill Miller Course Instructor (Email) jtmiller@cpp.edu Internship Term and Year: Spring 2019 Internship Beg. Date Sat, 03/09/2019 Internship End Date Fri, 05/17/2019 Learning Objectives: What will you learn from this internship? 1. How to perform an internal audit 2. How to communication with different departments 3. Knowledge and understanding of the CSU Security standards 4. How to write an ICQ 5. How to write an official audit report How will this internship enhance your academic knowledge and professional preparation? From this I will be able to learn how to conduct an internal audit and the standards of one. Learning of how an audit process works helps prepare me for the professional industry because it will allow me to understand what is looked at in an audit, allowing me to assure, when I am working in the security industry, that what I am doing meet audit standards. And if where I am working do no meet audit standards, I will know how to resolve the issue to make sure we meet compliance. Additionally, this will help me improve my writing and reporting style to meet industry standards. Deiscribe the activities or projects of this internship that support your learning objective. Appended below are the related audit objectives derived from an audit program, based on the CSU security (ICSUAM) standards, and provided by the Chancellor’s Office. The audit team will be reviewing/revising the audit questionnaire (ICQ) based on their knowledge & experience with the audit environment, and then provide it to the client to complete. The ICQ asks questions related to the audit objectives, as well as for any existing supporting material. Once the audit team receives the completed questionnaire, they will follow up with interviews, and requests for any other supporting materials. As the team reviews and compiles material, they may have follow up questions, where they need additional information. In the final weeks, the team and I will be compiling the report for review and comment. The allocated timeline is 15 weeks, which includes audit planning through report delivery.Audit Objectives: • Assess Control Requirements for SRDC o Applications/Services operating/installed/accessed at the SRDC o Data stored at the SRDC • Assess risk and controls for the following: o Access security (physical & logical/remote access) o Fire security o Environmental controls o Emergency Procedures o Data Center Operational practices/procedures Understands and acknowledges the risks associated with participation in the internship may include, but are not limited to: (list three) N/A I agree to devote 100 hours per week in order to fulfill the learning objective described above.