Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 6 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Why source IT security auditing to external auditors?

by The Gurus
April 23, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

IT security auditing consists of creating quantifiable assessments of IT assets such as servers, client computers, hardware assets, applications running on them and the data stored within.
Such assessments are important to ensure security of these assets in the light of threats prevalent in the modern technology. In the good old days when data was stored on tapes and floppy disks, ensuring security of such assets was pretty much simpler.
But in recent years on the backdrop of some major corporate frauds that rocked the world, assessment carried out by federal agencies revealed that organisations were late in adapting to new security challenges. The result was a slew of regulatory standards such as SOX, HIPAA, GLBA, and PCI to safeguard interests of all business stakeholders.
So who can perform an audit? IT auditing can be done by Federal or State regulators, external auditors, internal auditors and consultants who can help an organisation in staying audit “complaint”. Traditionally, most of the firms were relying on internal audits to meet compliance requirements. However, with changing requirements and norm of focusing on the core competency, many of the organisations are looking forward to source internal auditing.
A recent survey revealed that around 40 per cent of the companies who undertook internal auditing resulted in audit failure, and this number rose close to 60 per cent in case of companies who took help of external auditors. There are two inferences to be drawn from this study: Firstly most of the organisations, especially small and medium ones are still not doing enough to ensure security of IT network. Secondly organisations that opted for external auditing reported greater audit failures, probably because external auditors conducted a more in-depth audit.
Auditing, for the most part, involves a number of tasks such as assessing physical safety of the assets, creating a list of all IT resources, interviewing IT helpdesk staff and administrators etc. Internal auditing at the most basic level should start with creating a network map which will list all devices in the network, all applications running on them, version number of applications, who, when and where installed these applications etc.
Such information can be compared from time to time to measure the effectiveness of the auditing strategy. There are a number of free auditing applications which can help you in doing the above mentioned tasks such as Microsoft Baseline Security Analyzer, Open-AuditIT and Nmap to name a few.
So why use external auditors? Considering the current security challenges in front of the organisations and the regulatory standards, organisations need to invest a fortune in being able to create an almost risk-free and compliant organisation. Once you are on top of the auditing, sustaining it for a long period of time requires significant investment in resources for years.
Considering fierce competition and tight profit margin that many of the companies operate in, it is logical to source auditing requirements to external auditors. But, this is just one of the reasons.
External auditors, with auditing being their core competency, have the kind of knowledge capital and agility that is required to meet fast changing business environment and the resulting realignment that overall auditing strategy requires.
As a decision maker, you can either partially or completely source the Internal auditing. Though at present, full outsourcing is rare, many of the companies are moving towards a mixed approach where certain aspects of the auditing is outsourced to external auditors.
There are a number of factors to be considered before you make a decision on “what” and “how much” to outsource. The few important decision factors that should guide this judgment are organisational competency in doing a successful audit, the regulatory compliances that need to be adhered to and whether the organisation has the required manpower, skills and flexibility.
If implemented successfully, the outsourced auditing can bring immense benefits to organisation such as streamlined functions, latest processes, top-notch skills and above all a secure and risk-free IT environment.
 

Satyendra Tiwari is associated with Lepide Software as a manager of product testing and marketing.

FacebookTweetLinkedIn
Tags: AuditComplianceCyber Securityinformation securityITit securityLepide SoftwareOutsourcePCI
ShareTweetShare
Previous Post

RSAC – Centrify releases cloud-based privilege user management service

Next Post

New advanced APT 'CozyDuke' taking aim at US targets the White House and State Department

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information