Professional Documents
Culture Documents
1. Vulnerability Scanning
This involves scanning the infrastructure set up to reveal any existing vulnerabilities.
2. Report Audit
This involves auditing reports that are regularly generated as a part of the Security management process of the
organisation. Audits are conducted on:
Logs – logs that are maintained within the system (syslogs) by the network, system and database
components.
IDS Reports – reports that are generated by the Intrusion Detection System on an on-going basis.
Any other reports that are maintained/generated by the organisation as part of its security maintenance
program.
4. Baseline Auditing
This involves auditing the security setup to verify that it is in accordance with the security baseline of the
organisation. Deviations are recorded to analyse compliance during the audit period.
6. Policy Audit
The Security policy is audited to ensure that it is in line with the business objectives of the organisation and
complies with standards that the company follows or wishes to follow.
7. Threat/Risk Assessment
Assessment of the various risks and threats facing the company’s Information systems. Taking into account the
results of the audits, this assessment gives an overall picture of the security risk/ threat to the organisation.
DELIVERABLES
1. Vulnerability Report: Presents vulnerabilities in the company’s IS setup.
2. Threat/Risk Assessment Report: Presents the various threats and risks the company faces as a result of
the existing vulnerabilities including faulty policy, architecture, etc.
3. Audit Report: An Audit report is prepared giving a security overview, and the results of all the audits and
reports are prepared and presented.
SPECIALISED SKILLS
1. Certified Internet Security systems (ISS) specialists
2. Network, OS and database specialists
3. Certified Information systems auditor (CISA)