HOW TO DO THE IT NETWORK AUDIT
HOW TO DO THE IT NETWORK AUDIT

Summary/Abstract: Given that computer systems and networks are constantly compromised by various cyber-attacks, a very important element in terms of network security in Organization, in addition to other security measures, is considered the audit of networks that enables the identification of risks of possible or threats to the IT network thus resulting in taking action to improve network security.Organization should create an appropriate internal audit system that enables an independent assessment of the implementation of security policies. Based on what has been audited, the necessary reports and documentation should be generated after the audit. Also, the Organization is responsible for appointing an external audit team, when the need arises and the external audit team should be allowed access where they are needed and everything should be regulated in accordance with agreements and authorizations with / and auditors of external.Computer networks are dynamic entities; they expand, shrink, change, or divide constantly as needed. Network administrators find it very difficult to keep all of these changes under control. Ordinary users often try to add devices to the network infrastructure. Ordinary users also often try to install software in different ways and that conflict with white list software. These activities can have very negative effects on network security. In order to solve such problems, regular network audit should be performed, and any changes in the basic network infrastructure should be monitored and identified.This is the stage at which the auditor or audit team conducts the audit. The checklist created in the earlier stage is used to evaluate the implementation of standards, policies or regulations according to which IT processes, networks and systems have had to function. The checklist acts as a guide to help the audience focus more. Many other tools can be used to test different network components and collect data which is analyzed in the next stage.The auditor tends to find "evidence" of how guidelines, policies, regulations, and standards apply to a network in a given unit.When collecting, storing and analyzing data, it should be considered that the data may contain sensitive and classified information, so access to this data is limited. Only members who have or will be allowed access to classified information of the Organization, in order to carry out this audit phase will have access and will work with this data in accordance with the “Guide to work with classified information ”.After the completion of the audit reports and their archiving, it cannot be said that all the work has been done. It is very important to improve all the remarks and shortcomings found during the audit process as soon as possible.Audit in specific components can be performed at annual intervals / intervals depending on the identification of needs, but the audit or control of the complete system should be done at 3-year intervals in time of major changes or when required

• Details
• Contents