Before auditing cybersecurity, your organisation will need to consolidate all of its cybersecurity policies. These should be documented to provide our expert cybersecurity auditors with enough information to understand your security posture better.
Some of the security policies your organisation should ideally provide to our team includes:
Acceptable Use Policy (AUP)
This document stipulates the constraints users must adhere to when accessing your organisation’s corporate network, internet or other company resources. Users must usually agree to the terms of use before granting network access.
Access Control Policy (ACP)
This policy contains set rules that prevent unauthorised physical or remote access to sensitive company data. It defines the specific conditions under which access to data may take place.
Change Management Policy
This policy ensures that changes to your organisation’s IT systems or networks do not affect business continuity. It is also a way to ensure that the relevant stakeholders have approved all changes.
Incident Response (IR) Policy
IR policies comprise six steps that outline your organisation’s response to a security incident. These include:
Preparation and precautions taken
-
- Identification of intrusion
- Containment of threat or breach
- Eradication or elimination of the threat
- Recovery and restoration of software
- Feedback, review and refinement
Remote Access Policy
This policy outlines the rules for remote users who access the company network. It will include details of what is expected from the user before, during, and after they access your organisation’s data. It also includes exceptions and disciplinary actions in the case of violations.
Email/Communication Policy
This is a set of procedures that details the use of emails and other electronic communication tools within your network.