What is a Security Audit?
A Security Audit is a systematic and repetitive process where an independent and skilled professional (Certified Information Security Auditor – CISA), performs controls assessments, makes personnel interviews, obtains and analyzes evidences with the objective to generate a final report on findings, possible issues and recommendations.
A Security Audit requires prior planning where is necessary to establish:
- Risks Analysis
The final deliverable will be an Audit Report that will be presented to the customer with findings and recommendations.
The Audit Report will have an introduction, executive summary, audit description, systems analyzed, interviewed personnel, found evidences, sampling techniques, findings and recommendations.
Here are some examples:
- DMZ Audit
- Internal Network Audit
- Application Audit
- Technical Security Audit
- VPN´s Audit
- Advanced Firewall Audit
- WIFI Audit
- SOX, PCI-DSS Compliance Audit
- Privacy and Compliance Laws Audit
Obviously, duet to the segregation principle, the auditor will not be allowed to participate in any project arising from his recommendations.
A follow up process to analyze the effectiveness of any recommended implementation will be available under customer´s request.