The objective of a Cyber Security audit is to evaluate Strategies, Policies, Security systems, Processes and Controls in the areas of information security, namely:
a. Safeguarding the systems / applications to ensure system are available as per requirement.
b. Maintaining data integrity, and confidentiality of data & information as per right to know.
c. Safeguarding data / information from unauthorized access.
d. Ensuring Compliance to regulatory and corporate information security policies
A typical scope of Cyber Security Audit would be:
- Cyber & IS security policy
- Cyber crisis management plan
- Network management and security
- Application & Infrastructure security
- Patch/Vulnerability & Change Management
- User Access Control / Management & Desktop security
- Secure mail and messaging systems
- Vendor Risk Management
- Maintenance, Monitoring, and Analysis of Audit Logs
- Incident Response & Management
- Firewall & SIEM Management processes
- Data classification, management & back up policy
- Physical Security & Environmental (Data centre & key IT Rooms)
- Customer user management, Authentication methodologies and privilege management
- Database and Systems Administration
- Logging of activity and controls over error handling
- SDLC & Change management controls over app/portal management