Eskenzi PR Eskenzi PR
  • About Us
Thursday, 22 April, 2021
IT Security Guru
Eskenzi PR
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Why source IT security auditing to external auditors?

by The Gurus
April 23, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

IT security auditing consists of creating quantifiable assessments of IT assets such as servers, client computers, hardware assets, applications running on them and the data stored within.
Such assessments are important to ensure security of these assets in the light of threats prevalent in the modern technology. In the good old days when data was stored on tapes and floppy disks, ensuring security of such assets was pretty much simpler.
But in recent years on the backdrop of some major corporate frauds that rocked the world, assessment carried out by federal agencies revealed that organisations were late in adapting to new security challenges. The result was a slew of regulatory standards such as SOX, HIPAA, GLBA, and PCI to safeguard interests of all business stakeholders.
So who can perform an audit? IT auditing can be done by Federal or State regulators, external auditors, internal auditors and consultants who can help an organisation in staying audit “complaint”. Traditionally, most of the firms were relying on internal audits to meet compliance requirements. However, with changing requirements and norm of focusing on the core competency, many of the organisations are looking forward to source internal auditing.
A recent survey revealed that around 40 per cent of the companies who undertook internal auditing resulted in audit failure, and this number rose close to 60 per cent in case of companies who took help of external auditors. There are two inferences to be drawn from this study: Firstly most of the organisations, especially small and medium ones are still not doing enough to ensure security of IT network. Secondly organisations that opted for external auditing reported greater audit failures, probably because external auditors conducted a more in-depth audit.
Auditing, for the most part, involves a number of tasks such as assessing physical safety of the assets, creating a list of all IT resources, interviewing IT helpdesk staff and administrators etc. Internal auditing at the most basic level should start with creating a network map which will list all devices in the network, all applications running on them, version number of applications, who, when and where installed these applications etc.
Such information can be compared from time to time to measure the effectiveness of the auditing strategy. There are a number of free auditing applications which can help you in doing the above mentioned tasks such as Microsoft Baseline Security Analyzer, Open-AuditIT and Nmap to name a few.
So why use external auditors? Considering the current security challenges in front of the organisations and the regulatory standards, organisations need to invest a fortune in being able to create an almost risk-free and compliant organisation. Once you are on top of the auditing, sustaining it for a long period of time requires significant investment in resources for years.
Considering fierce competition and tight profit margin that many of the companies operate in, it is logical to source auditing requirements to external auditors. But, this is just one of the reasons.
External auditors, with auditing being their core competency, have the kind of knowledge capital and agility that is required to meet fast changing business environment and the resulting realignment that overall auditing strategy requires.
As a decision maker, you can either partially or completely source the Internal auditing. Though at present, full outsourcing is rare, many of the companies are moving towards a mixed approach where certain aspects of the auditing is outsourced to external auditors.
There are a number of factors to be considered before you make a decision on “what” and “how much” to outsource. The few important decision factors that should guide this judgment are organisational competency in doing a successful audit, the regulatory compliances that need to be adhered to and whether the organisation has the required manpower, skills and flexibility.
If implemented successfully, the outsourced auditing can bring immense benefits to organisation such as streamlined functions, latest processes, top-notch skills and above all a secure and risk-free IT environment.
 

Satyendra Tiwari is associated with Lepide Software as a manager of product testing and marketing.

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: AuditComplianceCyber Securityinformation securityITit securityLepide SoftwareOutsourcePCI
ShareTweetShare
Previous Post

RSAC – Centrify releases cloud-based privilege user management service

Next Post

New advanced APT 'CozyDuke' taking aim at US targets the White House and State Department

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments
trackback
Why source IT security auditing to external auditors? | IT Security News
April 23, 2015 3:06 am

[…] post Why source IT security auditing to external auditors? appeared first on IT SECURITY […]

0
trackback
Why source IT security auditing to external auditors?
April 23, 2015 5:01 am

[…] Read the reason for sourcing IT security auditing to external audit agency on IT Security Guru. […]

0
trackback
Why source IT security auditing to external auditors? | The Cyber Security Place
April 23, 2015 7:36 am

[…] Read the source article at Home […]

0
Arvind Kejriwal
Arvind Kejriwal
June 25, 2015 1:34 pm

Bhai kya lag rele ho….jackass

0

Recent News

edgescan logo

PRODUCT REVIEW – Edgescan makes fullstack vulnerability management easy

April 21, 2021
The clubhouse app

Armis and UK’s Eseye partner to secure connected devices on any cellular network

April 20, 2021
Performanta acquires Identity Experts to bolster Microsoft IAM and security capabilities

Performanta acquires Identity Experts to bolster Microsoft IAM and security capabilities

April 20, 2021
AT&T Cybersecurity Launches New Managed Endpoint Security Solution with SentinelOne

AT&T Cybersecurity Launches New Managed Endpoint Security Solution with SentinelOne

April 19, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept