Cyber Security Audit
G M Faruk Ahmed, CISSP, CISA
CISSP | CISA | InfoSec Trainer | Cyber Security Analyst & IS Auditor
Cyber Security Audit is the activities of analyzing business’s IT infrastructure, exposing weaknesses and high-risk practices. Security Auditor can do following jobs:
- Verifying that information processes are in line with security policy criteria and procedural requirements;
- Defining and implementing processes and techniques to ensure ongoing compliance with security policies, standards, and legal, regulatory and contractual requirements;
- Carrying out security compliance audits in accordance with an appropriate methodology, standard or framework;
- Providing impartial assessment and audit reports covering security compliance audits, investigations and information risk management;
- Providing an independent opinion on whether your organisation is meeting information assurance control objectives;
- Developing audit plans and audit regimes that match your organisation’s business needs and risk appetite;
- Identifying your organisation’s systemic trends and weaknesses in security;
- Recommending responses to audit findings and appropriate corrective actions;
- Recommending appropriate security controls;
- Assessing the management of information risk across the organisation or business unit;
- Recommending efficiencies and cost-effective options to address non-compliance issues and information assurance gaps identified during the audit process; and
- Objectively assessing the maturity of an existing information auditing function using cross-government benchmark standards.
Depending on the type of audit and review engagement, the audit will focus on one or a combination of the following policies, standards and frameworks:
- HMG Security Policy Framework
- NCSC Policies and Guidelines
- 10 Steps to Cyber Security
- 20 Critical Controls for Cyber Defence
- IA Maturity Model
- NIS Regulations
- 14 Cloud Security Principles
- Cyber Essentials
- EU GDPR (General Data Protection Regulation)?
- ISO 27001
- NHS DSP (Data Security and Protection) Toolkit
- NHS DCB 1596 Secure Email Standard
- PCI DSS???