Security Management Strategies for the CIOConducting network security audits annually (if not with even greater frequency) is a security best practice for every organization. An audit, however, can expose an organization's every
Requires Free Membership to View
security vulnerability,
which can lead to embarrassing fines and penalties if they show an organization isn't compliant
with an industry guideline or government mandate. Still, they often prevent organizations from
suffering more serious offenses, such as a data security breach.
In order to be fully prepared for a network security audit, security pros must plan ahead. This SearchSecurity.com mini learning guide acts as a network security audit planning guide, offering guidelines for audit planning and preparation, as well as advice for security solution providers on how to perform an audit for customers and what to look for during a network security audit.
A
guide to internal and external network security auditing
According to a survey of IT executives and network administrators, nearly half (46%) of companies
that undertake internal security audits find the tests result in the identification of significant
security problems. That number rises to 54% for external network security audits conducted by
outside companies.
Considering these numbers, the chances of your organizations having significant network security problems are high. In this tip, contributor Stephen Cobb reviews the baseline network audit processes that a security professional need to conduct regularly in order to identify and fix security issues
Preparing
for a network security audit starts with monitoring and remediation
Security professionals each have their own way of getting ready for a network security audit. All
too often, IT teams rush around and make last-minute adjustments to their configurations and
processes. Clever security folks, however, treat audit preparation as an ongoing endeavor.
In this tip from SearchMidmarketSecurity.com, Mike Chapple stressed the importance of being prepared for a network security audit and explains how a detailed network security change-management and remediation process can make audit preparation easier.
How
to perform a network security audit for customers
Data breaches are a consistent threat in the security industry and the cost of a data security
breach is an expense that every organization wants to avoid. Considering, security solution
providers can minimize the risk of a breach and offer their customers a valuable service by
performing a network security audit.
In this tip from SearchSecurityChannel.com, which acts as a network security audit checklist, David Jacobs describes how to perform a network security audit for customers as well as what practitioners need to look for when at the customer site, and how to express the importance of a security audit to customers.
How
to select a set of network security audit guidelines
As we have discussed, performing and preparing for a network security audit can be a daunting task,
but thankfully, there are resources that can help.
In this expert response to a SearchSecurity.com reader inquiry, network security expert Mike Chapple identifies certain types of information or sources of information that every organization should look for when performing a network security audit, as well as how to choose a security audit standard.
This was first published in April 2011
Join the conversationComment
Share
Comments
Results
Contribute to the conversation