Updating of security procedures and scheduling of security audits azdg dating in egypt

12-Dec-2019 15:54

Whether you're dealing with internal reviews or external specialists, the key to surviving a security audit is starting on the right foot.Begin by scheduling a meeting with management to select a security audit response team -- a person or group that has the authority to facilitate the auditors' needs and respond to their inquiries.The CISSP exam is nothing compared to this pressure.But, auditors -- whether they're internal or third parties -- are a security professional's friends.Supporting documents should back up everything noted in your presentation and be included in the documentation binder. The key to surviving their interrogation is to provide answers that reference the presentation or documentation.For example, if they ask about controls that separate account requests from approval and setup, your answer should be something like, "As mentioned in the presentation and supported by the account control document on page 27 of the binder, our process requires that an approval be granted by product operations prior to the MIS group setting up an account." This type of response shows that you know your own policies and processes. Don't answer questions with vague or misleading statements that can't be substantiated.But, they will likely need updating, since no two audits are exactly alike -- especially if you're switching auditors.

If your organization has been audited in the past, you probably already have most of the information and materials you need.The easier you make it for them to find information, the smoother the audit will go.Set the tone Prepare a formal presentation to introduce the auditors to the process or system they will be reviewing.Don't try to hide the ugliness in your infrastructure. Highlight the areas that need improvement, as well as your strengths.

Candor will reduce the likelihood that your presentation will be viewed as a smokescreen.

They are a second set of eyes, looking at your policies, infrastructure and practices and verifying the areas in which you're doing well, and those that need work.