IT Audit Response: A Cross-Discipline Approach

In the wake of a 2008 student records system audit, Kennesaw State University was faced with numerous findings of a cross-discipline nature. While technical safeguards had been the basis for past audit resolutions, the mitigations for the 2008 audit adopted a different approach. By examining the business processes and engaging applicable stakeholders, university staff were able to further identify areas in which information security controls were lacking. In the end, this approach has created a more effective information security program at KSU while resolving the audit findings in a meaningful way.