Each week via Twitter we post a daily audit checklist tweet for all the IS auditors and security administrators out there in the tweet-o-sphere. But, we realize not everyone is ready for Twitter, and many of you are still resisting (you can keep trying, but eventually you will give in and start tweeting, everyone will eventually…), so we’ve decided to start posting them in our blog as well. So once each week we’ll post the audit checklists and audit tools that we posted into Twitter here in our blog as well. This way everyone will have a chance to enjoy all the audit fun!

This last week we focused on a series of operational security audit checklists and guides that didn’t follow one particular theme – they were checklists we found that we thought would generally be helpful to everyone. We also decided to give everyone a list of some of the more popular vulnerability assessment engines out there – both commercial and open source. If you’re not using one already, pick one free and one commercial tool – compare the results!

Please feel free to keep the requests coming. We’ll try to oblige as often as we can with new checklists based on your feedback.

Audit Checklists & Security Guides:

Security Update Process

Policy Inventory Checklist

Anti-Virus (Old Link Removed)

Handheld Devices

Data Center Physical Security

Tools for Vulnerability Management:

Tenable Security

eEye Digital Security




We hope everyone will enjoy and use these tools this week. If you have suggestions or ideas for future audit checklists or tools, please let us know, we’d love to hear your feedback.