Information Security Audit Checklist

Goal of information security management  

The objective of information security management is to define and implement security controls in line with the organization’s acceptable risk level with the goal of protecting enterprise information. Information security requirements are based on business, technical and regulatory requirements which can be combined as internal and external factors.

Scope of information security management

• Information security governance
• Identity and access management
• Protect against malware
• Managing security technology
• Manage endpoint security
• Manage network and connectivity security
• Monitor the infrastructure for security related events
• Application security
• Service design
• Security of cloud services
• Manage physical access to IT assets
• Securing AI systems

Checklist content

The content  helps you prepare for an security audit as well as  identify areas for improvement. You may also utilize the security checklist for internal control purposes. A COBIT based  structured approach is adopted, focusing on information security risks addressed through 74 questions (topics) which are supported by descriptions. You can also use the Excel-format security checklist to plan and manage actions based on your audit result.

If you have any questions related to this security checklist, we will be happy to answer these within 48 hours.