In this section, we will take a look at the operational aspect of a network security audit and the various inter-dependencies. This includes different phases such as planning and research, data gathering, and analysis, as well as reporting and follow-up. Each of these phases plays an important role in ensuring that due diligence and due care is consistent throughout the audit process.
Planning and research phase
This is where the audit process is initialized. It focuses on defining the scope of the audit's engagement. It ensures that the correct attributes of the network have been appropriately considered in the scope of the audit, along with any dependencies to other assets, processes, or technologies. You may have to sign off the NDA and services agreement for the audit.
In this stage, we determine the network's technical landscape, as well as identify the crown jewels and the high-value targets in the environment, any recent changes, results...