Information Security Audit Work Program

Subscriber Content
Screenshot of the first page of Information Security Work Program

This 11-page work program is intended to provide an internal audit team with guidance and direction when evaluating information security programs.

Key control areas and objectives include: Strategies and Policies: information security policies, policy creation, policy review, roles and responsibilities, organizational structure, defined risk appetite, and strategy communication; Monitor Events: security monitoring, security team - incident response, forensic investigations, and security team – reporting; Architecture and Solutions: security risk assessments; and Manage Deployment: security team - involvement in key processes, security team - involvement in vendor management, employee awareness training, and social engineering exercises.

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.