Scribd Logo
Importer

Bienvenue sur Scribd !

  • Audit of Security Management: Sl. No. Audit Area Test Procedures

    Transféré par

    pgupta101
    14 vues1 page
    Security Management Audit Check List

    Titre original

    Sec Mgmt Chklst

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    Security Management Audit Check List

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    14 vues1 page

    Audit of Security Management: Sl. No. Audit Area Test Procedures

    Transféré par

    pgupta101
    Security Management Audit Check List

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 1

    Section 3

    2. AUDIT OF SECURITY MANAGEMENT


    Sl. Audit Area Test Procedures
    No.
    1 Security Interview senior management on their commitment for information security
    Management Check minutes of board meeting, Security reports submitted, reporting
    framework frequency of security reports to management
    Check action and follow up by senior management on security initiatives
    Verify adequacy of security budget
    2 Information Check whether Information Security Policies have been created, approved by
    security policies management, and communicated to concerned users.
    Whether the policy states management commitment and sets out the
    organizational approach to managing information security.
    Ensure that security policies have link with risk assessment and suitable
    policies for organization’s need are appropriately developed.
    3 Review of Check whether the Information Security Policies are reviewed at planned
    Informational intervals, or if significant changes occur to ensure its continuing suitability,
    Security Policies adequacy and effectiveness.
    Check whether the results of the management review are
    taken into account.
    Check whether management approval is obtained for the revised policy.
    4 Confidentiality And Check whether the organization’s need for Confidentiality or Non-Disclosure
    Non-Disclosure Agreement (NDA) for protection of information is clearly defined and regularly
    Agreements reviewed.

    5 Independent Check whether the organization’s approach to managing information security,


    review of and its implementation, is reviewed independently and periodically or when
    information substantial changes to security policies occur.
    security
    6 Identification of Check whether risks to the organization’s information and information systems,
    risks related to 3rd from 3rd party access, are identified and appropriate control measures
    parties implemented before granting access.
    7 Exception process Check if the exception process is defined and implemented
    Verify if exception is against compensating controls and is for limited period of
    time and management has a plan to close the exceptions
    Ensure exceptions are reviewed periodically
    Interview approver for exceptions that they are aware of associated risks.
    8 Procedures, Check the internal standards for system configuration, documentation
    standards standard, segmentation and security baseline are defined and implemented
    Review the documented operating procedures for security controls and
    ensure these are reviewed and updated.

    Vous aimerez peut-être aussi