Considerations for cyber security audits
Conclusion: An audit is an integrity check that assesses whether an organisation is doing what it said it would do, and what others should reasonably expect it to do. The previous sentence also points out that it’s not enough to have better practices documented. An organisation must also be able to demonstrate that staff are adhering to these. There are some excellent resources available for organisations preparing for a cyber security audit. The real gold will be in the quality of the conversations and resulting maturity in perspective at the most senior levels of an organisation that occur through the work that is carried out in preparation for the audit.