AuditScripts 5 Crucial Questions

Certainly you cannot audit everything there is to audit about an information system topic by just asking five questions. But to us, five focused questions are better than five shotgun questions, and certainly better than no questions at all. We have heard from a number of auditors that often times when they audit an organization they are doing so at a high level, and not necessarily targetting a detailed view of one scope. These guides are meant to focus an auditor’s attention on the most crucial controls for a given topic and provide a baseline of due care.

The foundation of this guidance is generally taken from our experiences in the industry, which has been highly influenced by the Critical Security Controls (sponsored by the Center for Internet Security and the SANS Institute), the US National Institute for Standards in Technology (NIST) and their 800 Series guides, Global Technology Audit Guides (GTAGs, sponsored by the Institute of Internal Auditors), and Control Objectives for Information and Related Technologies (COBIT, sponsored by ISACA). As such, we will include references to these standards where relevant.

Of course this is a collaborative effort and we always are looking for feedback from the community whenever possible. So if you have a minute and feedback to give, we welcome it! If you have feedback or suggestions on any of these controls, please feel free to drop us a note here.

5 Crucial Questions for Auditors

access Access Control and Authorization Questions - v2.2
Last Updated September 2017
accounts Account and Identity Management Questions - v2.2
Last Updated September 2017
Anti-Malware Questions - v2.2
Last Updated September 2017
auditing Auditing Questions - v2.2
Last Updated September 2017
authentication Authentication Questions - v2.2
Last Updated September 2017
business_application Business Applications Questions - v2.2
Last Updated September 2017

business_continuity Business Continuity and Disaster Recovery Questions - v2.2
Last Updated September 2017
certification Certification and Accreditation Questions - v2.2
Last Updated September 2017
change Configuration Management and Change Management Questions - v2.2
Last Updated September 2017
Security concept: Lock on digital screen Control Exception Questions - v2.2
Last Updated September 2017
backup Data Backup and Archiving Questions - v2.2
Last Updated September 2017
classification Data Classification Questions - v2.2
Last Updated September 2017
database Database Security Questions - v2.2
Last Updated September 2017
email Email Security Questions - v2.2
Last Updated September 2017
encryption Encryption Questions - v2.2
Last Updated September 2017
environmental Environmental Security Questions - v2.2
Last Updated September 2017
governance Governance Questions - v2.2
Last Updated September 2017
green Green Computing Questions - v2.2
Last Updated September 2017
Print Incident Management Questions - v2.2
Last Updated September 2017
internet Internet Security and Use Questions - v2.2
Last Updated September 2017
logging Logging Systems Questions - v2.2
Last Updated September 2017
mobile_device Mobile Device Questions - v2.2
Last Updated September 2017
network Network Security and Monitoring Questions - v2.2
Last Updated September 2017
hacking Penetration Testing Questions - v2.2
Last Updated September 2017
personnel Personnel Security Questions - v2.2
Last Updated September 2017
physical Physical Security Questions - v2.2
Last Updated September 2017
remote_access Remote Access Questions - v2.2
Last Updated September 2017
removable Removable Media Questions - v2.2
Last Updated September 2017
question mark Risk Management Questions - v2.2
Last Updated September 2017
Server Security Questions - v2.2
Last Updated September 2017
social Social Media Questions - v2.2
Last Updated September 2017
software Software Development Questions - v2.2
Last Updated September 2017
software_update Software Update Questions - v2.2
Last Updated September 2017
decommissioning System Decommissioning Questions - v2.2
Last Updated September 2017
cloud Third Party and Cloud Security Questions - v2.2
Last Updated September 2017
Classroom Training, Education, Awareness Questions - v2.2
Last Updated September 2017
vulnerability Vulnerability Management Questions - v2.2
Last Updated September 2017
wireless Wireless Security Questions - v2.2
Last Updated September 2017
workstation Workstation Security Questions - v2.2
Last Updated September 2017