Question

Reasons why a security audit is necessary with your recommendations for conducting such an audit

Please include the following: -Potential costs (personnel, finances, etc.) -Proposed audit timeline -Two recommend methodologies (Audit)

Answer 1

SECURITY AUDIT :

Every company has some set of established, functioning and well organized rules and regulations. A security audit is conducted in regular intervals or scheduled timelines to ensure that the company or organization runs based on the designated rules and regulations. A security audit is not conducted limiting to the hardware of the company alone but also the software, employees and every resource that is said to belong to the company.

Security audits are conducted to asses vulnerabilities in the core of the organization so as to avoid data theft or loss, intentionally and accidentally, by means of performance testing, financial record verification and diagnosis of the entire information branch.

TYPES OF TASKS PERFORMED DURING SECURITY AUDIT :

Ethical hacking techniques are used to mitigate or check the strength of the network when there is an internal or external attack from a malicious hacker.

The personnel involved in a security audit may call the employees of an organization with false promises of goodies to check if any critical or vital information will be given out by the employee.

They transmit various files of dummy data over the internet and try to intercept it, mimicking the moments of a hacker to check the strength of end to end encryption techniques.

They check the strength and agility of the backup storage in order to assess the speed of gaining back data after an attack.

They try to access various vital and restricted access entry or exit points to check the level of ease with which an outsider can enter.

POTENTIAL COSTS INVOLVED IN A SECURITY AUDIT :

The costs involved in a security audit differ basing on multiple factors like the complexity of the network, the ability of existing environment to withstand hostile attacks, the robustness of the network, the economic strength of the organization as a whole, the type of security check - whether it is a thorough check or just an analysis of recorded observations, etc. Real time examples show us that the security audit for a small scale company to a large scale organization can range between many thousands to a few million rupees. The security audit might require a lot of man power because it has to involve thorough examination of the network and company infrastructure, by the personnel belonging to the security audit team and also each and every individual of the organization.  

PROPOSED SECURITY AUDIT TIMELINE :

An audit is said to be effective if it is conducted on a monthly basis, with checks for a robust network, restricted access to entry and exit guarding vital information, loyalty of the employees of the organization so that they do not give out crucial data to external malicious sources. A regular and deep analysis of existing financial records by a team of expert security auditors is highly suggested.