There are lot many things that must be included in the cybersecurity audit for any organisation. Here we are mentioning some broad categories that are important and must be included.
A. MANAGEMENT
1. Security policies
2. Security policies written and enforced
3. Hardware and software asset list
4. Data confidentiality and ownership
B. EMPLOYEES
1. Cyber hygiene and awareness training
2. Policies of dealing with strangers in the workplace
3. Ensuring secure Bring Your Device (BYOD) plans
C. BUSINESS PRACTICES
1. Emergency and response plans
2. Determine all possible risks
3. Risks/security breaches handling policies and mitigation
4. Emergency disaster recovery plan.
5. Alternate business continuity locations for crises.
6. Tested restoration and redundancy plans
D. IT STAFF
1. System Hardening plans
2. Automated software patch management
3. Security mailing list
4. Regular audits and penetration testing
5. Anti-virus and anti-malware software installed with auto-updates.
6. Systematic log reviews
E. PHYSICAL SECURITY
1. Protected servers and network equipment
2. Secure and remote backup solution
3. Securing keys
4. Keep devices visible
5. Regular inspections
6. Limited access and security camera monitoring
7. Proper access system and data discard policies
F. SECURE DATA
1. Encryption enabled
2. Secured devices
3. Secure Sockets Layer and secure email gateways
G. ACTIVE MONITORING AND TESTING
1. Regular monitoring
2. Regular scheduling of security testing
3. External penetration testing
4. Scanning for data types
These may vary as per the requirements of the organisation and its nature of business. One thing is sure in today's world, we have to protect our data and resources from getting exploited. Conducting regular cyber security audits will help in staying safe from the new emerging threats.
Go Back