1 hour 21 minutes
brings everyone welcome to sever Security Audit Overview Episode two
What is a Suburb Security audit?
In this episode, we're going to start building that foundation of knowledge that we need in order to proceed with understanding everything about cybersecurity auditing.
But before we get started, let me ask you one quick question.
What did the internal auditing do to make sure
that the company picnic was going to be successful?
They stayed at home.
In this video, you will learn what is an audit?
What is it separates a curiosity
and what we perform on its
now. This audit definition is my definition. There's a lot of different definitions. They're out there. But I believe this is the best one because it's fairly concise, inaccurate.
And what is a formal review of a program or organizational entity that compare standards and controls against verifiable performance.
Now, since it's a formal review, it should be conducted by an internal audit team or third party
and never buy those being audited.
No, why is that?
Well, simply put, there's a conflict of interest. I mean, can you really trust those people that are in charge of a program
to give you a factual assessment
of that program.
Okay, standards and controls.
Well, those were set by higher authority management, basically,
and those outline their expectations of our dearly performance
and verifiable informants. Includes interviews, logs, records, et cetera.
This is documentation.
If the organization our audit t, provides the audit tours
that basically says, Yeah,
we are complying against the sinners and controls
All right? A quiz
informal audit should be performed by
informal internal lot of team,
the respective program manager
or anyone designated by management.
And all the correct answer is a formal, internal lot of team
respective program manager. Well, once again, that's a conflict of interest.
You know he's the one that's being audited, so you shouldn't perform the order himself
and anyone designated by management.
Well, that could mean anyone from
Sally working in the cafeteria, you know, to me working on the loading dock,
so it's just too nebulous. It's not concrete enough,
you know, the cybersecurity definition is provided from my sack. Oh, wonderful organization. Please take a look at him in your leisure.
Severance curiosity is to provide management with an assessment of an organization, cyber security policies and procedures in their operating effectiveness,
so that's fairly straightforward.
So the audit is an assessment of effectiveness for management,
basically answers. How is our cybersecurity program?
Does it working? Is it failing? What's going on?
And the standards and controls
Well, for our purposes, those equal policies and procedures were gonna break him out.
Talk about the little differences in the future
deal. But for now, they mean the same thing.
Okay, another quiz.
Which of the following statements are true?
Each cybersecurity Odjick provides an assessment to management?
Or does it review several security policies and procedures
or doesn't measure program effectiveness?
Well, the correct answer is all of the above. I'm sure you knew that. Can't slip anything by you guys.
No, what? We perform audits
well stated earlier.
The other assessment of effectiveness for management provide situational awareness.
Well, sir perform audits to comply with higher authority laws, industry regulations or insurance requirements. And, yes, believer, not insurance companies are going to request audits to be performed or reviewed.
It's part of their insurance policy
validation of corrective action.
Well, if we have identified problems in a previous audit, we want to make sure that they have been corrected
so we're basically validating
that. The oddity
has corrected the problems.
There's also special circumstances data breaches in the leadership, legal issues, etcetera
requires to perform an audit, a special on it.
And oftentimes those special audits are directed by management.
You're right. Another quiz
tour falls. A newly hired chief information officer may ask for a special cyber security audit to be performed
as part of his or her appointment to the position through or falls.
Well, the answer is true, and it falls under the area of special circumstances in the leadership.
All right, time for another knowledge bomb.
No. One. Things that I used to do whenever I took over,
you know, new department had, um
your division had whatever
was I would always ask for a copy of the last audit
for my review.
No. Why is this important?
Well, it gives you an idea of what you're getting into.
You have an opportunity to take a look at what the audit team found in the last audit.
And oftentimes they would put in the common section, you know, second time, third time that they came across this problem.
So it gives you an idea of what to focus on.
So if you're gonna be taking over as the new leader, you know, Manager, assistant manager, whatever.
Don't be afraid to ask for a copy of the audit, you know, take a look at it, review it. You know,
it's a good way Thio get a baseline of understanding information about the organization or the entity that you're taking over.
today's video We discussed the definition of an audit definition of a cyber security audit
and why audits were performed. Hopefully, you learn something,
and let's move on
to Episode three.