3. Security This involves auditing the existing security Security Architecture Audit Report
Architecture Audit architecture of the organisation.
4. Baseline Auditing This involves auditing the security setup to Baseline Auditing Report
verify that it is in accordance with the
security baseline of the organisation.
Deviations are recorded to analyse
compliance during the audit period.
5. Internal Control and This involves auditing the existing workflow Internal Control and Workflow Audit
Workflow Audit in the organisation to ascertain whether it is Report
sufficient to handle and escalate response to
security issues.
6. Policy Audit The Security policy is audited to ensure that Policy Audit Report
it is in line with the business objectives of the
organisation and complies with standards
that the company follows or wishes to follow.
7. Threat/Risk Assessment of the various risks and threats Threat/Risk Assessment Report:
Assessment facing the company’s Information systems. Presents the various threats and
Taking into account the results of the audits, risks the company faces as a result
this assessment gives an overall picture of of the existing vulnerabilities
the security risk/ threat to the organisation. including faulty policy, architecture,
etc.
Notes