Audit Program

How to handle the IT Auditor - A simple checklists

1. Help the auditor gather information.

2. Do not expect to see the audit report.

3. If asked for a response, provide it promptly.

4. Work with internal audit to identify key risks for the organization.

5. If an external audit is expected, talk with system administrators to learn how they are implementing security policies and procedures.

6. Conduct a mock audit before a real one to identify potential findings.

Download free SysTrust Audit Framework Templates

Download Free IT Outsourcing Cost-of-Living Adjustment (COLA) Provisions Checklist

1. What is a COLA provision? (A provision that calls for an adjustment to the fees to reflect inflation)

2. At what point during the term of the Agreement will COLA apply?
- Is any inflation built into the fees?
- To what extent should the vendor be managing inflation?

Download free IT Organization Audit Guidelines free download. This audit guidelines used to assess the IT function within a company, whether the policies and procedures already established or not.

Below list of the information asset that should be acquired before performing security assessment:

DNS/NetBIOS name of the asset
This is the name of the system; typically the domain name system (DNS) name and the NetBIOS name will be the same. This is one more way to map the system to the IP address and the Media Access Control (MAC) address.

Operating system of the asset
Although obvious, this is important to the patch management process. If you don’t know what your systems are running, it is difficult if not impossible to know what vulnerabilities to monitor for, and to plan the patching stages.

Listening services on the asset
One of the oldest concepts in information security is the one of least privilege. Systems should not have services listening on them that are not being used. Documenting what is listening on each system and what is needed on each system is a critical step.