Security Management Audit Work Program
Best Practices for Security Management Auditing
The general steps included in this work program can be used by organizations looking to conduct a security management audit.
Sample work steps include: determine the extent of network connectivity internally and externally and the boundaries and functions of security domains; identify systems that have recently undergone significant changes, such as new hardware, software, configurations and connectivity; correlate the changed systems with the business processes they support, the extent of customer data available to those processes and the role of those processes in funds transfers; and evaluate management’s ability to control security risks given the frequency of changes to the computing environment.