How to select a set of network security audit guidelines

A network security audit can be a daunting task, but there are resources that can help. Mike Chapple, network security expert, weighs in on why and how to choose a security audit standard.

Are there certain types of information or sources of information I should look for when I do a network security audit that most people overlook?

The single most important piece of advice that I can offer you is this: Select a solid security audit standard...

or set of standards that you will audit against, and advise the auditee of the standard(s) well in advance of the audit. This ensures a level playing field and prevents the subject of the audit from crying foul when you examine something they didn't expect.

As far as overlooked information sources, I normally refer to two sources when preparing materials for a network security audit. The Center for Internet Security has a wonderful selection of security standards that can be adapted to suit the purposes of your audit. Second, the Payment Card Industry Data Security Standard (PCI DSS) offers a great set of general security requirements that can be used for any audit, even if you're not involved in credit card processing.

For more information:

This was last published in June 2009

Dig Deeper on IT Security Audits



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

1 comment


Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: