IT Security has a DIY version of how to conduct your own basic IT security audit. The 10 steps are not as extensive as a professional audit but it’s an excellent pointer for small organizations to get started protecting their company. After performing these 10 steps described in the article you’ll have a more clear idea of what assets you have, what kind of threats to expect and how to mitigate and deal with them.
Here are the 10 steps…, but you should go to the ITSecurity article for all the details on how to follow them.
1. Defining the Scope of Your Audit: Creating Asset Lists and a Security Perimeter
2. Creating a ‘Threats List’
3. Past Due Diligence & Predicting the Future
4. Prioritizing Your Assets & Vulnerabilities
5. Implementing Network Access Controls
6. Implementing Intrusion Prevention
7. Implementing Identity & Access Management
8. Creating Backups
9. Email Protection & Filtering
10. Preventing Physical Intrusions