AuditScripts 5 Crucial Questions

Certainly you cannot audit everything there is to audit about an information system topic by just asking five questions. But to us, five focused questions are better than five shotgun questions, and certainly better than no questions at all. We have heard from a number of auditors that often times when they audit an organization they are doing so at a high level, and not necessarily targetting a detailed view of one scope. These guides are meant to focus an auditor’s attention on the most crucial controls for a given topic and provide a baseline of due care.

The foundation of this guidance is generally taken from our experiences in the industry, which has been highly influenced by the Critical Security Controls (sponsored by the Center for Internet Security and the SANS Institute), the US National Institute for Standards in Technology (NIST) and their 800 Series guides, Global Technology Audit Guides (GTAGs, sponsored by the Institute of Internal Auditors), and Control Objectives for Information and Related Technologies (COBIT, sponsored by ISACA). As such, we will include references to these standards where relevant.

Of course this is a collaborative effort and we always are looking for feedback from the community whenever possible. So if you have a minute and feedback to give, we welcome it! If you have feedback or suggestions on any of these controls, please feel free to drop us a note here.

5 Crucial Questions for Auditors

access Crucial Access Control and Authorization Questions
Last Updated September 2017
accounts Crucial Account and Identity Management Questions
Last Updated September 2017
Crucial Anti-Malware Questions
Last Updated September 2017
auditing Crucial Auditing Questions
Last Updated September 2017
authentication Crucial Authentication Questions
Last Updated September 2017
business_application Crucial Business Applications Questions
Last Updated September 2017

business_continuity Crucial Business Continuity and Disaster Recovery Questions
Last Updated September 2017
certification Crucial Certification and Accreditation Questions
Last Updated September 2017
change Crucial Configuration Management and Change Management Questions
Last Updated September 2017
Security concept: Lock on digital screen Crucial Control Exception Questions
Last Updated September 2017
backup Crucial Data Backup and Archiving Questions
Last Updated September 2017
classification Crucial Data Classification Questions
Last Updated September 2017
database Crucial Database Security Questions
Last Updated September 2017
email Crucial Email Security Questions
Last Updated September 2017
encryption Crucial Encryption Questions
Last Updated September 2017
environmental Crucial Environmental Security Questions
Last Updated September 2017
governance Crucial Governance Questions
Last Updated September 2017
green Crucial Green Computing Questions
Last Updated September 2017
Print Crucial Incident Management Questions
Last Updated September 2017
internet Crucial Internet Security and Use Questions
Last Updated September 2017
logging Crucial Logging Systems Questions
Last Updated September 2017
mobile_device Crucial Mobile Device Questions
Last Updated September 2017
network Crucial Network Security and Monitoring Questions
Last Updated September 2017
hacking Crucial Penetration Testing Questions
Last Updated September 2017
personnel Crucial Personnel Security Questions
Last Updated September 2017
physical Crucial Physical Security Questions
Last Updated September 2017
remote_access Crucial Remote Access Questions
Last Updated September 2017
removable Crucial Removable Media Questions
Last Updated September 2017
question mark Crucial Risk Management Questions
Last Updated September 2017
Crucial Server Security Questions
Last Updated September 2017
social Crucial Social Media Questions
Last Updated September 2017
software Crucial Software Development Questions
Last Updated September 2017
software_update Crucial Software Update Questions
Last Updated September 2017
decommissioning Crucial System Decommissioning Questions
Last Updated September 2017
cloud Crucial Third Party and Cloud Security Questions
Last Updated September 2017
Classroom Crucial Training, Education, Awareness Questions
Last Updated September 2017
vulnerability Crucial Vulnerability Management Questions
Last Updated September 2017
wireless Crucial Wireless Security Questions
Last Updated September 2017
workstation Crucial Workstation Security Questions
Last Updated September 2017