This assignment consists of four (4) sections: an internal

This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan. You must submit all four (4) sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and /or assume all necessary assumptions needed for the completion of this assignment.Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits.In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics:They have a main office and 268 stores in the U.S.They utilize a cloud computing environment for storage andapplications.Their IT infrastructure includes Cisco workgroup and core switches, Ciscorouters, Cisco firewalls and intrusion prevention systems, and servers runningMicrosoft Windows Server 2012.They have over 1000 desktops and approximately 500 organization-ownedlaptops in the main headquarters.They allow employees to bring their own devices into the organization;however, they are subject to being searched upon entry and exit from thebuilding.They enable remote access to corporate information assets for employees andlimited access to extranet resources for contractors and other businesspartners.They enable wireless access at the main office and the stores.They process an average of 67.2 credit card transactions per hour every dayat each location and via their corporate Website.Section 1: Internal IT Audit PolicyWrite a three to four(3-4) page paper in which you:1. Develop an Internal IT Audit Policy, whichincludes at a minimum:a. Overviewb. Scopec. Goals andobjectivesd. Compliance with applicable laws and regulationse.Management oversight and responsibilityf. Areas covered in the ITauditsg. Frequency of the auditsh. Use at least three (3) qualityresources in this assignment. Note: Wikipedia and similarWebsites do not qualify as quality resources.Section 2: Management PlanWrite a four to six (4-6) pagepaper in which you:2. Explain the management plan for conducting ITaudits, including:a. Risk managementb. System Software andApplicationsc. Wireless Networkingd. Cloud Computinge.Virtualizationf. Cybersecurity and Privacyg. BCP and DRPh.Network Securityi. Use at least four (4) quality resources in thisassignment. Note: Wikipedia and similar Websites do not qualifyas quality resources.Section 3: Project PlanUse Microsoft Project or an OpenSource alternative, such as Open Project to:3. Develop a project plan which includes theapplicable tasks for each of the major areas listed below for each element ofthe IT audit mentioned above; plan for the audit to be a two (2) week audit.a. Risk managementb. System software andapplicationsc. Wireless networkingd. Cloud computinge.Virtualizationf. Cybersecurity and privacyg. Network securitySection 4: Disaster Recovery PlanWrite a five to seven(5-7) page paper in which you:4. Develop a disaster recovery plan (DRP) forrecovering from a major incident or disaster affecting the organization.a. The organization must have no dataloss.b. The organization must have immediate access to organizationaldata in the event of a disaster.c. The organization must have criticalsystems operational within 48 hours.d. Include within the DRP the auditactivities needed to ensure that the organization has an effective DRP and willbe able to meet the requirements stated above.e. Use at least four (4)quality resources in this assignment. Note: Wikipedia andsimilar Websites do not qualify as quality resources.Your assignment must follow these formatting requirements:Be typed, double spaced, using Times New Roman font (size 12), with one-inchmargins on all sides; citations and references must follow APA orschool-specific format. Check with your professor for any additionalinstructions.Include an abstract and a table of contentsInclude a cover page containing the title of the assignment, the student’sname, the professor’s name, the course title, and the date. The cover page andthe reference page are not included in the required assignment pagelength.The specific course learning outcomes associated with this assignmentare:Describe the Sarbanes-Oxley (SOX) act and Committee of SponsoringOrganizations (COSO) framework.Describe the process of performing effective information technology auditsand general controls.Describe the various general controls and audit approaches for software andarchitecture to include operating systems, telecommunication networks, cloudcomputing, service-oriented architecture and virtualization.Explain the role of cybersecurity privacy controls in the review of systemprocesses.Discuss and develop strategies that detect and prevent fraudulent businesspractices.Describe and create an information technology disaster recovery plan.Develop an audit plan and control framework that addresses and solves aproposed business problem.Use technology and information resources to research issues in informationtechnology audit and control.Write clearly and concisely about topics related to information technologyaudit and control using proper writing mechanics and technical styleconventions.Use the following template for the paper… APA_Template_With_Advice_(6th_Ed) .doc