Article: How to Recover from Failed Security Audit 2050



  • This informative article offers good advice for recovery and hopefully a passing grade later
    Article: How to Recover from Failed Security Audit
    Please paste to browser and add www
    itsecurity.com/features/failing-a-security-audit-050707/
    An abbreviated version of the 5 key recovery points are noted below:
    The most important result of your audit will be the list of vulnerabilities your auditor discovers. Simply being aware of the specific vulnerabilities facing your company is a good step toward designing a comprehensive security program. Whatever your specific goals and time frame, you’ll need to manage the recovery process as you would any company project – by designing a plan, allocating resources and setting a time frame.

    1. Prioritize – You’ll come away from the audit with a lot of data – and all of it’s important, according to Julian. If your auditor hasn’t already assigned a risk level, you’ll need to sit down and decide what is high risk and what can wait.
    2. Assign Recovery Roles – Decide who will manage each task and hand off the solutions to the appropriate manager or team, whether it’s IT, a development group or the management. To make sure that each group follows through, assign a specific individual with responsibilities for specific solutions.
    3. Require Status Reports – Once you’ve assigned roles, you want to make sure that the project is completed as promised, by a given deadline. Make sure to plan out milestones along the way when certain steps toward the end goal need to be completed.
    4. Run Your Own Assessments – Once you’ve started repairing any security holes or reconfiguring systems, you can start testing the work you’ve done. Before you plan a second all-encompassing security audit, you’ll want to run automated scans or penetration tests, that focus on specific aspects of your security system to make sure each section is secure.
    5. Schedule Another Audit – … it’s rare for a company to return for a second audit, even if they failed the first. However, companies should have regular assessments.
      Additional Links
      10 Steps to Creating Your Own IT Security Audit
      Please paste to browser and add www
      itsecurity.com/features/it-security-audit-010407/
      Security Audits for Dummies
      Please paste to browser and add www
      itsecurity.com/features/feature-dummies-guide-security-audit/


  • Good article. Thanks.


Log in to reply