What Are You Auditing Within the IT Infrastructure?
Across the infrastructure, an audit should focus primarily on the following three objectives:
Examine the existence of relevant and appropriate security policies and procedures.
Verify the existence of controls supporting the policies.
Verify the effective implementation and ongoing monitoring of the controls.
Examining risk and IT controls throughout the IT infrastructure can be complex given the breadth of components across organizations. There are, however, a lot of similarities between different IT departments. It is helpful to define and, if necessary, break up the scope of the audit into manageable areas or domains of security responsibility. Figure 3-1 illustrates these seven domains, ...
Get Auditing IT Infrastructures for Compliance, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
