Q

How to select a set of network security audit guidelines

A network security audit can be a daunting task, but there are resources that can help. Mike Chapple, network security expert, weighs in on why and how to choose a security audit standard.

Are there certain types of information or sources of information I should look for when I do a network security audit that most people overlook?

The single most important piece of advice that I can offer you is this: Select a solid security audit standard

or set of standards that you will audit against, and advise the auditee of the standard(s) well in advance of the audit. This ensures a level playing field and prevents the subject of the audit from crying foul when you examine something they didn't expect.

As far as overlooked information sources, I normally refer to two sources when preparing materials for a network security audit. The Center for Internet Security has a wonderful selection of security standards that can be adapted to suit the purposes of your audit. Second, the Payment Card Industry Data Security Standard (PCI DSS) offers a great set of general security requirements that can be used for any audit, even if you're not involved in credit card processing.

For more information:

This was first published in June 2009

Dig deeper on IT Security Audits

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close