Security Audit Work Program

screenshot of the first page of Security Audit Work Program

A security audit is a systematic and comprehensive evaluation of an organization's information security program. The purpose of a security audit is to identify vulnerabilities, assess risk, and make recommendations for improvement.

This security audit template includes three different samples that outline the steps involved in conducting a security audit of an organization's information security program. Sample 1 evaluates the effectiveness of the organization's policies, procedures, and controls in protecting its information assets; Sample 2 identifies and prioritizes security risks within the IT environment; and Sample 3 focuses on the effectiveness of access control policies and procedures as they relate to authentication and access controls.

The objectives and procedures in these work programs are divided into Tier I and Tier II. Tier I assesses an institution’s process for identifying and managing risks, while tier II provides additional verification where risk warrants it. Tier I and Tier II are intended to be a tool set examiners can use when selecting examination procedures for their particular examination.


Topics
Internal Audit
Risk Assessment
Data Security
Identity and Access Management
IT Security
Audit Testing
IT Risk
IT Audit
Privacy

Related Resources

Policies & Procedures

Password Security Policy

Benchmarking Tools

Enterprise Security Key Performance Indicators (KPIs)

Audit Reports

Security Policy and Procedure Evaluation Report: Administrative Personnel

Free Trial

Sign up for a free, no-obligation trial to start exploring our timesaving, valuable resources.

Let's Do It