The key to passing any IT security audit is demonstrating firm control over enterprise technology and the people that use it. It’s not much different for an infrastructure audit except in this case the focus is on showing that enterprise hardware is secure.
Yet, there are numerous potential points of weakness in hardware that can make it difficult to know where to begin. Fortunately, there are guidelines that can lead you in the right direction and help form the foundation of an infrastructure audit framework that you can build on over time. Here’s a look at some of these.
1. Establish a Baseline
Infrastructure audits shouldn’t take place in a vacuum. The absence of benchmarks can make it difficult to determine what outcome means your infrastructure has passed the audit and what are the characteristics of failure. You must develop a baseline against which the audit is rated.
This isn’t a one-time thing though. Technology often changes much faster than the business policies that oversee it can keep up. An annual risk assessment (preferably by a third party assessor) can ensure that the security baseline stays current, relevant and effective.
A baseline also helps you know whether the …