Scribd Logo
Upload

Welcome to Scribd!

  • Security Network Audit Steps

    Uploaded by

    Walid_Sassi_Tun
    874 views1 page
    audit sécurité informatique

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    audit sécurité informatique

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    874 views1 page

    Security Network Audit Steps

    Uploaded by

    Walid_Sassi_Tun
    audit sécurité informatique

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 1

    SECURITY AUDIT

    SECURITY AUDIT STEPS

    1. Vulnerability Scanning
    This involves scanning the infrastructure set up to reveal any existing vulnerabilities.

    2. Report Audit
    This involves auditing reports that are regularly generated as a part of the Security management process of the
    organisation. Audits are conducted on:

    Logs – logs that are maintained within the system (syslogs) by the network, system and database
    components.
    IDS Reports – reports that are generated by the Intrusion Detection System on an on-going basis.
    Any other reports that are maintained/generated by the organisation as part of its security maintenance
    program.

    3. Security Architecture Audit


    This involves auditing the existing security architecture of the organisation.

    4. Baseline Auditing
    This involves auditing the security setup to verify that it is in accordance with the security baseline of the
    organisation. Deviations are recorded to analyse compliance during the audit period.

    5. Internal Control and Workflow Audit


    This involves auditing the existing workflow in the organisation to ascertain whether it is sufficient to handle and
    escalate response to security issues.

    6. Policy Audit
    The Security policy is audited to ensure that it is in line with the business objectives of the organisation and
    complies with standards that the company follows or wishes to follow.

    7. Threat/Risk Assessment
    Assessment of the various risks and threats facing the company’s Information systems. Taking into account the
    results of the audits, this assessment gives an overall picture of the security risk/ threat to the organisation.

    DELIVERABLES
    1. Vulnerability Report: Presents vulnerabilities in the company’s IS setup.
    2. Threat/Risk Assessment Report: Presents the various threats and risks the company faces as a result of
    the existing vulnerabilities including faulty policy, architecture, etc.
    3. Audit Report: An Audit report is prepared giving a security overview, and the results of all the audits and
    reports are prepared and presented.

    SPECIALISED SKILLS
    1. Certified Internet Security systems (ISS) specialists
    2. Network, OS and database specialists
    3. Certified Information systems auditor (CISA)

    Company Confidential Version 1.0 1

    You might also like