Chapter 13: Testing and Auditing

In this chapter, we will provide the details around testing and auditing your environment that will help validate and ensure that due diligence has been executed within your security program. The challenge we face when deploying recommendations, hardening, and baselines is proving that they are in place and doing what they are designed to do. The IT department as a program may have obligations to leadership, board stakeholders, shareholders, and regulators to prove that you have implemented the recommended controls depending on your business or industry. Helping with providing evidence is where testing and auditing comes into play. To prove that controls are in place is why we audit, and it is even better to ...