IT Security Audit

A computer security audit is a manual or systematic measurable technical assessment of a system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems. Automated assessments, or Computer Assisted Auditing Technique's, include system generated audit reports or using software to monitor and report changes to files and settings on a system. Systems can include personal computers, servers, mainframes, network routers, switches, routers, mobile, tablets etc.

IT security audit services include reviews of:

• Authentication and access controls
• Network security
• Host security
• User equipment security (e.g., workstation, laptop, handheld)
• Personnel security
• Physical security
• Application security
• Software development and acquisition
• Business continuity – security
• Service provider oversight – security
• Encryption
• Data security
• Security monitoring

Documentation includes the policies, procedures and checklists that define and/or support IT controls. The interviews and walkthroughs, which are conducted with key personnel from the organization, are performed to validate adherence to the documented policies and procedures, as well as to corroborate the practices described during the interview process.

• Introduction
• Executive summary
• Remediation action plan
• Detailed audit results
• Control descriptions and verification procedures
• Supporting documentation