AuditScripts 5 Crucial Questions

Certainly you cannot audit everything there is to audit about an information system topic by just asking five questions. But to us, five focused questions are better than five shotgun questions, and certainly better than no questions at all. We have heard from a number of auditors that often times when they audit an organization they are doing so at a high level, and not necessarily targetting a detailed view of one scope. These guides are meant to focus an auditor’s attention on the most crucial controls for a given topic and provide a baseline of due care.

The foundation of this guidance is generally taken from our experiences in the industry, which has been highly influenced by the Critical Security Controls (sponsored by the Consortium for Cybersecurity Action and the SANS Institute), the US National Institute for Standards in Technology (NIST) and their 800 Series guides, Global Technology Audit Guides (GTAGs, sponsored by the Institute of Internal Auditors), and Control Objectives for Information and Related Technologies (COBIT, sponsored by ISACA). As such, we will include references to these standards where relevant.

Of course this is a collaborative effort and we always are looking for feedback from the community whenever possible. So if you have a minute and feedback to give, we welcome it! If you have feedback or suggestions on any of these controls, please feel free to drop us a note here.

5 Crucial Question Audit Checklists

access Access Control & Authorization Audit Checklist
Last Updated April 2013
Click Here to Access
accounts Account & Identity Management Audit Checklist
Last Updated April 2013
Click Here to Access
Anti-Malware Audit Checklist
Last Updated April 2013
Click Here to Access
auditing Auditing Program Audit Checklist
Last Updated April 2013
Click Here to Access
authentication Authentication Audit Checklist
Last Updated April 2013
Click Here to Access
business_application Business Application Security Audit Checklist
Last Updated April 2013
Click Here to Access
business_continuity Business Continuity & Disaster Recovery Audit Checklist
Last Updated April 2013
Click Here to Access
certification Certification & Accreditation Audit Checklist
Last Updated April 2013
Click Here to Access
change Change Management Audit Checklist
Last Updated April 2013
Click Here to Access
Security concept: Lock on digital screen Control Exception Audit Checklist
Last Updated April 2013
Click Here to Access
backup Data Backup & Archiving Audit Checklist
Last Updated April 2013
Click Here to Access
classification Data Classification Audit Checklist
Last Updated April 2013
Click Here to Access
database Database Security Audit Checklist
Last Updated April 2013
Click Here to Access
email Email Security Audit Checklist
Last Updated April 2013
Click Here to Access
Encryption Security Audit Checklist
Last Updated April 2013
Click Here to Access
environmental Environmental Security Audit Checklist
Last Updated April 2013
Click Here to Access
governance Governance Audit Checklist
Last Updated April 2013
Click Here to Access
green Green Computing Audit Checklist
Last Updated April 2013
Click Here to Access
Print Incident Management Audit Checklist
Last Updated April 2013
Click Here to Access
internet Internet Security & Use Audit Checklist
Last Updated April 2013
Click Here to Access
logging Logging & Auditing Audit Checklist
Last Updated April 2013
Click Here to Access
mobile_device Mobile Device Security Audit Checklist
Last Updated April 2013
Click Here to Access
network Network Security & Monitoring Audit Checklist
Last Updated April 2013
Click Here to Access
hacking Penetration Testing Audit Checklist
Last Updated April 2013
Click Here to Access
personnel Personnel Security Audit Checklist
Last Updated April 2013
Click Here to Access
physical Physical Security Audit Checklist
Last Updated April 2013
Click Here to Access
remote_access Remote Access Audit Checklist
Last Updated April 2013
Click Here to Access
removable Removable Media Audit Checklist
Last Updated April 2013
Click Here to Access
question mark Risk Management Audit Checklist
Last Updated April 2013
Click Here to Access
Server Security Audit Checklist
Last Updated April 2013
Click Here to Access
social Social Media Audit Checklist
Last Updated April 2013
Click Here to Access
software Software Development Audit Checklist
Last Updated April 2013
Click Here to Access
software_update Software Update Audit Checklist
Last Updated April 2013
Click Here to Access
decommissioning System Decommissioning Audit Checklist
Last Updated April 2013
Click Here to Access
cloud Third Party & Cloud Security Audit Checklist
Last Updated April 2013
Click Here to Access
Classroom Training, Education, & Awareness Audit Checklist
Last Updated April 2013
Click Here to Access
vulnerability Vulnerability Management Audit Checklist
Last Updated April 2013
Click Here to Access
wireless Wireless Security Audit Checklist
Last Updated April 2013
Click Here to Access
workstation Workstation Security Audit Checklist
Last Updated April 2013
Click Here to Access