An IT security audit is a preventive measure performed to assess the security defense level of your IT infrastructure. Its purpose is to determine weaknesses and possible points of entry for malicious activity such as hacking and denial of service attacks.
The first step in performing a security audit is to conduct a Risk Analysis, which will determine your assets and risks. This is followed by the development of a Security policy, which states what assets we are going to defend and how. Such assets include computers, laptops, servers, routers, networking equipment, data, smart phones and email systems.
Intertek performs a series of system evaluation techniques in every security audit –
– Physical configuration and environment – Wireless network devices, firewall configuration, smart phones, workstations, laptops
– Software – Antivirus, anti-spam, email security and encryption, web filtering, spyware, outdated software
– User practices
– Information handling processes
– Vulnerabilities assessment
– Penetration testing
– Password policies
– Remote access security – authentication, intrusion detection, VPN encryption protocols
– Physical security – Risk of fire, theft, destruction, flooding, etc…
– Backups – What is being backed up? How is it being backed up? When is it being backed up? Where is it being backed up? Onsite/Offsite?
– Data logging – Audit trail – Who accessed what data
– Access control – Who has access to which data
– Call logging and restrictions
– Scheduling – antivirus scans, backup runs