The network auditing checklist acts as the outline plan for the audit's entire engagement. This helps in documenting the objectives of the audit and ensures accurate coverage of artifacts and processes in the audit scope, assessment methods, and expected results.
In this section, we will discuss the composition of a comprehensive checklist and list the activities that should be in scope and taken into consideration. This will be followed by a case study where we will create our own checklist of a dummy organization.
Comprehensive checklist
A comprehensive checklist should be customized as per the individual requirements. This should be tied up with control areas such as the company's policy, industry standards, and compliance such as ISO/IEC 27000:2018, NIST, assessment methods, risk category, the evidence required, and recommendations for a complete audit report. Every step under subdivision (design and architecture review, network infrastructure security...