Auditing for information security loopholes

Auditing is a form of assurance sevice. it is based on reasonable assurance and not an absolute assurance.

Anybody who has been in the position to protech company’s information will tel you that information security can never be 100% secure.

As true as the above may be, information Auditing has lots in stock to offer as far as blocking of security loopholes is concerned. In this article are some tips on how to use auditing to gather information about information security loopholes that can be blocked through the help of information auditing.

The aim of every information security policy is to protect the company’s most valued assets (components). These assets are; software, hardware, data, procedures, networks and people.

In achieveing the above objectives, certaing standards needs to be met. And how do you ensure that those standards are met? You get that by auditing the information security processes and polices.

The steps that needs to be taken in order to be reasonably assured that the objective of information security is met are listed and briefly explained in this article.

  • Ascertain the information security needs of the company. The first thing that every company need to do in order to block some information security loopholes is to ascertain their information security needs. This can be done in various ways but, few examples are; smapling users opinion and engaging the service of an expert.
  • Gather the available information security policies on ground. Taking an information security SWOT analysis is a useful way of ensuring that information are not unduely exposed to danger.
  • Compare the available policies with the industry standards. After the analysis has been made, the results should be benchmarked with the industry standard for any possible corrective action.
  • Get fedback from end users. This comprise of both customers and operators. Valuable insight can be obtained from this group by simply asking for their feedback.
  • Seek proof of implementation. Auditors are known for always asking for evidence of whatever they are told. Seek proof of implementation of policies. You can spend one or two days observing the actual implementation of things.
  • set up team of white-hat hackers to test the various security systems on ground. Team of White-hat hackers are increasingly becoming a way of testing for vulnerabilities in our systems. Companies employ young specialists without prior knowledge of the company’s security architechture to channel various attack on their information security systems infrastructure. Any loophole discovered by this team are promptly blocked.
  • Document findings. Future decisions are based on documented findings from previous works.
  • Write a report/ Recommendation. Through this medium, management are communicated conerning the existing loopholes in the prevailing systems and recomendations made to get improved security.

By the time you finish the above steps, you will discover that auditing information security system does not only help us identify and block information security loopholes but, also helps us meet with other critical characteristics of information which are; availabilty, accuracy, authenticity, confidentiality, integrity, utility and possession.