Skip to content

DevsousaC/Controls-compliance-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
01_Source_Documents
01_Source_Documents
Β 
Β 
02_Final_Report
02_Final_Report
Β 
Β 
.gitattributes
.gitattributes
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

Security Audit Analysis - Botium Toys

πŸ“„ Project Description

This project consists of a security audit analysis for the fictional company Botium Toys. Based on a set of documents describing the company's scope, assets, and risk assessment, the objective was to:

  1. Assess existing security controls.
  2. Verify compliance with key regulations (PCI DSS, GDPR, SOC).
  3. Identify vulnerabilities and risks.
  4. Develop a prioritized plan of recommendations to improve the organization's security posture.

The final report, Controls and compliance checklist.md, consolidates the analysis and the proposed actions.

πŸ› οΈ Reference Frameworks and Regulations

The analysis and recommendations were based on best practices and requirements from the following frameworks and regulations mentioned in the case study:

  • NIST Cybersecurity Framework (CSF)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • General Data Protection Regulation (GDPR)
  • System and Organizations Controls (SOC)

πŸ“ Repository Structure

/
β”œβ”€β”€ 01_Source_Documents/        # Contains the original case study files
β”‚   β”œβ”€β”€ Botium Toys_ Scope, goals, and risk assessment report.pdf
β”‚   β”œβ”€β”€ Control categories.pdf
β”‚   └── Controls and compliance checklist.pdf
β”‚
β”œβ”€β”€ 02_Final_Report/            # Contains the final report with the analysis and recommendations
β”‚   └── Controls and compliance checklist.md
β”‚
└── README.md                   # This file

πŸš€ How the Project Was Executed

  1. Scenario Analysis: Studied the Botium Toys_ Scope, goals, and risk assessment report.pdf to understand the company's environment, assets, and weaknesses.
  2. Checklist Completion: The Controls and compliance checklist.pdf was filled out by marking "Yes" or "No" for each control and compliance practice, based on evidence from the risk report.
  3. Development of Recommendations: Based on the identified gaps (items marked "No"), detailed recommendations were developed.
  4. Prioritization: The recommendations were prioritized (Immediate, High, Medium) according to their risk level and business impact, resulting in the final report.

🎯 Summary of Recommendations

The final report proposes 5 key actions to mitigate the identified risks:

  1. Customer Data Protection and PCI DSS Compliance: Implement access controls (Least Privilege) and encryption.
  2. Ensuring Business Continuity: Create a Disaster Recovery Plan (DRP) and a backup policy.
  3. Asset Identification and Classification: Conduct an asset inventory and a Business Impact Analysis (BIA).
  4. Formalizing Risk Management for Legacy Systems: Create procedures and schedules for maintaining old systems.
  5. Strengthening Threat Detection and Identity Management: Implement an Intrusion Detection System (IDS) and strengthen password policies.

✍️ Author

Diego Sousa de Carvalho

LinkedIn GitHub

About

This project consists of a security audit analysis for the fictional company Botium Toys.

Topics

audit cybersecurity pci-dss security-vulnerability gdpr security-tools nist-csf security-controls system-controls

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors