When did you last conduct an audit of your business environment's security? You need to perform some level of audit every 3 months to ensure a level of compliance that meets your business needs.
Audits are sometimes complex to undertake, and you must go through a learning curve to arrive at a reasonable process. You can learn the audit process by trial and error, by following published guidelines, or by hiring a consulting firm to help you. The latter two methods are probably best because trial and error can lead to significant security breaches that are expensive to remedy.
If you're interested in hiring a consulting firm to assist with an audit, you'll find numerous firms that can help. One company, Counterpane Internet Security, sent me an email recently that told how it helps companies audit and monitor ongoing security conditions involving their networks. You can read more about Counterpane's offerings by going to the related news story posted on our Security Administrator Web site.
If you decide to use published guidelines to help develop a process for performing audits or for gauging a consulting firm's audit process, you'll be interested to know about an audit planning guide that the US Government Accounting Office (GAO) published recently. The 60-page guide offers advice about conducting reasonable audits and includes form templates to help expedite the process. You can read more about the document in our related news story posted on our Security Administrator Web site. If you don't conduct security audits of your business on a regular basis, you leave your business vulnerable to unknown risks and lacking countermeasures.
