There is a juncture where a maturing cybersecurity program will experience an audit, where policies and procedures will be evaluated for accuracy and adherence. While it’s important to compose effective governance documents, Dale Peterson suggests that concurrently developing your cybersecurity audit program has equal benefits. Incorporating audit testing criteria during development should help identify the “must” policies versus the “shall” guidance often found confusingly intertwined in governance documents. Dale suggest multiple benefits to this combined approach, including the identification of unclear and potentially impractical security requirements. Furthermore, inclusion of audit tests could reduce the time and cost of an audit. Read more at Dale Peterson.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!