BMN Blog

FEB 06
Preparing for your Annual Security Audit

Most companies assume their cyber security is pretty good… until a breach happens and then you find out where the holes were. We often find that apathy and a lack of being proactive may cost you lots of money. An annual security audit is a necessity for all medical practices and companies in todays ever changing world of technology. It is a vital part of protecting your digital assets and cyber security plan for your organization. It’s not just about discovering any vulnerabilities or shortcomings, rather it’s about opportunities to strengthen your network security.


Know what you want: Defining your objectives for your audit is the first step in your audit of your cyber security infrastructure. Your main objective should be to provide an independent assessment of your cyber security strategy and plan. This should focus on policies, procedures and management standards that you have established.

Several Key objectives that should be included for inspection:

  • Firewall configurations
  • Network configurations
  • Router configurations
  • Operating Systems configuration
  • Login procedures
  • Encryption protocols

Choosing the Right Outside Auditor: You may be tempted to use your own IT staff to do your audit. The benefits of hiring an outside independent auditor will help ensure an effective and clearer picture of your network and problems or shortcomings your IT staff may have missed or not even considered before. Let an expert unbiased auditor help detect possible weaknesses and strengthen your overall security plan for your network.

Do your homework when selecting an outside auditor. Ask the following questions. Do they have a detailed plan of what they can do and plan to do for you? Do they have customer references? It’s imperative that you check them out thoroughly before you move forward.

Parts of the Audit: The auditing process should include the following items:

  • Penetration testing of the internal and external systems
  • Review of your existing policies and procedures.
  • Review the internal training that you have implemented in regards to network security.
  • Set guidelines on the audit procedures: examples should include: when the audit can take place, utilize your existing procedures, etc.

It’s important to remember that you not only want to find your weaknesses, you want the audit to give you specific items that will strengthen your network security. Let them do their job and give you an independent, unbiased security audit.


After the audit:

Review the final report. It should include findings, testing methods, and how to solve any issues that were discovered in the audit. Go over the audit with your auditor, your IT staff and come up with a plan of protection for your network.

Any potential security weaknesses should be addressed and remedies to fix them should be outlined. This should include the following important questions:

What are the potential threats?

What’s the probability of attack?

What’s the impact of exposure?

Is there any potential legal liability?

What’s the risk of service interruption?

What are the recommended actions to fix the issues?

What employee training plans need to be implemented?


Now comes the hard part, continued protection of your network. Conducting regular audits to protect your network should now be a regular part of your plan to stay healthy and secure from attacks, hacks and other intrusions. Even with the best plans we can devise the hackers and criminals never rest. Regularly scheduled security audits are your best protection against cyber security attacks on your network infrastructure.

Bookmark and Share
Powered by Bondware
News Publishing Software

The browser you are using is outdated!

You may not be getting all you can out of your browsing experience
and may be open to security risks!

Consider upgrading to the latest version of your browser or choose on below: