An information security audit is an audit on the level of information security in an organization. Govt Of India, under the National Cyber Security policy-2013 has stated that IS audit is mandatory for any organization, be it govt., public, private, banks etc. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized to technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases and highlights key components to look for and different methods for auditing these areas
When centered on the IT aspects of information security, it can be seen as a part of an information technology audit. It is often then referred to as an information technology security audit or a computer security audit. However, information security encompasses much more than IT.
Audit planning & preparation
The auditor should be adequately educated about the company and its critical business activities before conducting a data center review. The objective of the data center is to align data center activities with the goals of the business while maintaining the security and integrity of critical information and processes. To adequately determine whether or not the client’s goal is being achieved, the auditor should perform the following before conducting the review:
Our comprehensive approach of testing Web services and API undergoes following stages -
- Meet with IT management to determine possible areas of concern
- Review the current IT organization chart
- Review job descriptions of data center employees
- Research all operating systems, software applications and data center equipment operating within the data center
- Review the company’s IT policies and procedures
- Evaluate the company’s IT budget and systems planning documentation
- Review the data center’s disaster recovery plan
Strategize, build, and certify a robust and effective Information Security.
Cibernetica consultants will work with you from ISMS Scoping to onsite Certification Audit Support.
- Cibernetica have an established approach based on our experiences across many different sectors.
- From helping to achieve senior management buy-in and reporting for Information security audit, through implementation and providing practical support during and after your audit, our proven approach ensures that you build an Information Security Audit, that is appropriate and beneficial to the needs of your business