The single most important piece of advice that I can offer you is this: Select a solid security audit standard...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
or set of standards that you will audit against, and advise the auditee of the standard(s) well in advance of the audit. This ensures a level playing field and prevents the subject of the audit from crying foul when you examine something they didn't expect.
As far as overlooked information sources, I normally refer to two sources when preparing materials for a network security audit. The Center for Internet Security has a wonderful selection of security standards that can be adapted to suit the purposes of your audit. Second, the Payment Card Industry Data Security Standard (PCI DSS) offers a great set of general security requirements that can be used for any audit, even if you're not involved in credit card processing.
For more information:
- Read more about efforts to develop a common logging and audit standard.
- Learn best practices for Unix audit settings.
Dig Deeper on IT Security Audits
Related Q&A from Mike Chapple
Vulnerability scanning tools are necessary to be fully compliant with PCI DSS, but the tools need to come from a PCI DSS Approved Scanning Vendor. ...continue reading
Healthcare clearinghouses like Mass HIway are a new trend in health IT, but what are the security implications? Expert Mike Chapple explains what you...continue reading
The FFIEC Cybersecurity Assessment Tool has faced harsh criticism since its 2015 release. Expert Mike Chapple reviews the tool and how it can be ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.