Can you provide information on the steps for it security audit to the area of operations?
Answer:
Yes, sure, this article can be interesting for you How to make an Internal Audit checklist for ISO 27001 / ISO 22301 : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
When you perform an internal audit, you need to review all areas that are in the scope of the ISMS, including if necessary operations (from my point of view, is very important to visit the data center). But keep in mind that the Internal Auditor does not need to perform a pentest or an analysis of vulnerabilities, this job is for an ethical hacker.
Comment as guest or Sign in
Jan 12, 2016