Tech Tips

April 10, 2013

The Result of an IT Security Audit - An Action Plan for Network Security Improvements

Conducting an IT Security Audit helps you determine if there are security issues in your network. But what do you get from the audit itself? How do you use its findings to improve network security? A good audit will give you an action plan...and here's what it includes.
How can you reduce your risk of trade secret theft? Do what the best organizations do and "buy it down." The cost of an IT security audit is minor compared to your company’s exposure. You should expect a consultant to cover the following during such an audit:
  • Detailed tests of client's network security, employee access levels, and internal operations for any security holes (existing or potential).
    • What’s tested: Who has access to the server room, Remote Access policy, policies on email use (e.g., do employees access personal email accounts at work?), data security measures in use, etc.
  • Review of client’s business operations for compliance with established policies & procedures, in case noncompliance puts critical data at risk for theft.
    • What’s examined: Access to building, what client terms 'acceptable use' of computers/phones/tablets, governance of Intellectual Property, etc.
    • Employee termination procedures with respect to network access
You should receive deliverables from the audit – reports & analyses on the current status of your network (and any holes within). Types of deliverables vary by consultant, but PlanetMagpie usually provides the following:
  • An Audit Report, documenting security holes or potential risks.
  • A List of Recommendations for physical or policy changes to address these risks.
  • An Action Plan with the next steps to fully protecting your network from security threats, both internal and external.