During a security audit of it processes, an is auditor found that there were no documented security procedures. What should the is auditor do?
Answers
Explanation:
Identify and evaluate existing practices. Security auditors are highly qualified professionals who are efficient in their job. They are able to provide companies with credibility to compliance audits by adhering to the best practices recommendations and by having the needed qualifications in information security. They may hold a degree or diploma from a Certified Information Security Auditor certification (CISA). They are competent and know the practices , standards and organizational processes. Therefore, they are able to understand business requirements of any organization. It helps them to rationalize processes and procedures and structure them in a way that they are. It leads them to greater understanding of a business’s operational needs. Auditing a business generally means that most aspects of the network will to be looked at in a systematic and methodical and manner so that the audit reports stay logical and coherent. They need to back up their approach by rationalizing decisions against the set practices and standards.