Вы находитесь на странице: 1из 2

IT Security Audit Plan and Deliverables Templates

Area Description Deliverables

1. Vulnerability This involves scanning the infrastructure set Vulnerability Report: Presents
Scanning up to reveal any existing vulnerabilities. vulnerabilities in the company’s IS
2. Report Audit This involves auditing reports that are Audit Report: An Audit report is
regularly generated as a part of the Security prepared giving a security overview,
management process of the organisation. and the results of all the audits and
Audits are conducted on: Logs – logs that reports are prepared and presented.
are maintained within the system (syslogs)
by the network, system and database
components. IDS Reports – reports that are
generated by the Intrusion Detection System
on an on-going basis. Any other reports that
are maintained/generated by the
organisation as part of its security
maintenance program.

3. Security This involves auditing the existing security Security Architecture Audit Report
Architecture Audit architecture of the organisation.
4. Baseline Auditing This involves auditing the security setup to Baseline Auditing Report
verify that it is in accordance with the
security baseline of the organisation.
Deviations are recorded to analyse
compliance during the audit period.
5. Internal Control and This involves auditing the existing workflow Internal Control and Workflow Audit
Workflow Audit in the organisation to ascertain whether it is Report
sufficient to handle and escalate response to
security issues.
6. Policy Audit The Security policy is audited to ensure that Policy Audit Report
it is in line with the business objectives of the
organisation and complies with standards
that the company follows or wishes to follow.

7. Threat/Risk Assessment of the various risks and threats Threat/Risk Assessment Report:
Assessment facing the company’s Information systems. Presents the various threats and
Taking into account the results of the audits, risks the company faces as a result
this assessment gives an overall picture of of the existing vulnerabilities
the security risk/ threat to the organisation. including faulty policy, architecture,