On this day, we will discuss how to do a basic security audit. A security audit is basically a practice of analyzing an organization's assets, systems and role structure to improve its defenses against cyberattacks.
Here are one of the major categories that we need to look over when performing a security audit:
Assessing all the available controls (an action taken by organizations to reduce security risk).
Assessing whether compliance is held with current standards.
Assessing whether proper data protection practices are followed and are compliant with data protection laws.
Making sure that physical security implementations are well established.
Scope
Analysis of all available assets and systems present in the organisation.
Goal
To ensure proper security controls for a better security posture.
Control categories
Administrative controls: Policies and procedures,company employee structure.
Technical controls: firewalls, IDS,IPS,AVs
Physical controls: door locks, cabinet locks, etc
Aim of audit
How the report will help strengthen organisational defense
Indicate audit frequency
Report of how existing systems, policies work
Compliance assessment
Making sure the organization is properly following the practices and policies adopted
Best practices
Making sure the best security practices are being exercised by employees in the organization as part of shared responsibility.