A company’s communication system safety status audit is based on the application of safety measures to ensure information is not lost. Such an audit also puts into consideration the facilities that the company or organization has put in place to uphold security of stored information and data, which are confidential to the company. In order to elucidate how secure information is, the company should put in place strict measures and restrictions that will govern its access and use. Other than administrative measures, there should be physical measures that ensure all computers and network systems are secured from intrusion. Technical safeguards should ensure there are limitations and policies that work specifically to reduce or do away with information loss or theft. This paper outlines the seven possible questions that should be answered to help a company establish a perfect security audit.
Defining the Scope of your audit: Creating Asset Lists
The scope of the audit will help establish all materials and systems employed in the establishment of security measures. In the company that I work for, the scope for the audit will include all items and systems that are used by the company at the administrative level. Some of the systems to be considered for audit will be the company’s computers, laptops, access cards for the employees, websites, routers and networking systems. These are just but a few points of concern, they depend on the intensity of the audit.
Create A ‘Threat List’
The need for a security audit shows that there is a great threat to the information held by the company. The highest threat to information stored is hacking of the company’s passwords. The other threat is intrusion by outsiders; since the company does not have specific employees’ cards. There is also a chance of mechanical tapping of the company’s routers and networking systems. It was also established that employees do not safeguard the company’s computer passwords; hence subjecting information to a threat of being stolen.
Predicting The Future
Due to the carelessness of workers with information, the company is at a risk of losing vital information to hackers. Another indicator of trouble in future is that the company stands a chance of exposing vital and private strategic information to competitors; this may cause it to be kicked out of existence by its rivals. In addition, the company risks physical intrusion since it lacks specific strategies to control flow of people in and out of the company’s premises; it is contributed by lack of technical employees’ cards.
Prioritize Your Assets & Vulnerabilities (Rank)
In the case of assets held by the company, the highest vulnerability is intrusion of the company’s routers and networking systems. This is a serious threat since the company stands to leak important information to its competitors, who are always on the lookout for new the new advancements being implemented. The other assets that are highly susceptible are its computers and memory gadgets, which store the company’s information. Without effective backup systems the company stands to lose all information stored.
Creating Backups
Loss of information to hackers is not as serious as losing it completely. To avoid losing information, the company should consider creating a backup for all information. Backups can be done using compact disks in network servers or by copying information to external storage devices. Information can also be stored by individual employees using advanced technology, in which it is stored in the internet. Although the company does backup its data, it should do so more often.
Email Protection & Filtering
Despite the fact that the company has installed applications used to detect spam, its employees are not educated on how to reduce spam in their emails. Most of the employees in the company do not realize the need to protect their emails and filter their network connections.
Preventing Physical Intrusions
The company has alarm systems and there are night-guards to prevent cases of theft of computers and laptops. However, during the day there are no systems to check intruders into the company. The company does not have electronic sensors and check-in systems to control individuals moving in and out of the company’s premises.