Skip to content
/ it-security-audit Public

Internal IT audit case study for Botium Toys: controls checklist, PCI/GDPR/SOC review, and prioritized recommendations.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mateusiclopes/it-security-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

4 Commits
docs
docs
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

IT Security Audit – Botium Toys (Case Study)

EN: Internal IT audit case study for Botium Toys, a fictional U.S. toy company expanding to the EU.

πŸ“„ Full Audit Report (PDF):
docs/Botium-Toys_Audit.pdf

πŸ“Œ Scope & Objectives

  • Assess IT controls (technical/administrative/physical) and compliance maturity
  • Evaluate PCI DSS, GDPR, SOC criteria exposure
  • Provide prioritized recommendations (0–90 days)

βœ… Highlights (Executive)

  • Controls: Firewall βœ… Β· DRP ❌ Β· IDS ❌ Β· Encryption ❌ Β· AV βœ…
  • PCI DSS: Missing encryption & access controls for cardholder data ❌
  • GDPR: Data inventory/classification missing ❌ Β· Breach notification plan βœ…
  • SOC (TSC): Integrity/Availability βœ… Β· Access control/Confidentiality ❌

πŸ“Š Audit Flow (Mermaid)

graph TD
  A[Define Scope & Goals] --> B[Risk Assessment]
  B --> C[Controls & Compliance Checklist]
  C --> D[Findings & Recommendations]
  D --> E[Report & Next Steps]
Loading

About

Internal IT audit case study for Botium Toys: controls checklist, PCI/GDPR/SOC review, and prioritized recommendations.

Topics

cybersecurity pci-dss gdpr risk-management it-audit nist-csf soc2

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published