The Audit Process

When you engage Humble Monkey for a Security Audit – what’s the process ?

With the assumption that your firm is an SEC or FINRA Regulated entity – the process and product are very similar from firm to firm. The variation is aligning both the recommendations and the audit details to  reflect your size and specific business. In essence, it’s important to define the data and security matrix for that data but the product also needs to define a balance given who you are as a firm.

So – what gets produced at the end of the engagement ?

  • Security Recommendations
    • These represent the specific bullet points that will specifically enhance or remediate issues.
  • Vendor Matrix with risk evaluation
    • What firms and individuals do you interact with and where do they fall in terms of their risk impacting your business
  • Analysis of the data
    • What is it and what does it represent
    • How is it secured
  • Acceptable Use Policy for staff
    • You have an HR policy that may of course cover this subject but this may supplement any policy or be incorporated into the HR manual as it deals with specific Cyber Security topics.
  • Cyber Security Incident Response Plan
    • What’s the process and procedure for addressing and resolving a Cyber Security issue. It’s not just about a quick resolution but also preserving forensics to identify and  mitigate the problem in the future.
  • IT Governance Policy
    • This serves as the evolving technology model for the firm and is designed to be revised annually or when prospective changes occur in the environment.
  • IT Internal Audit \External Audit (Please reference our Services page for additional information)
    • Reporting that defines the specific internal risks presented in your environment. What exploits are there but more importantly- how you resolve them. The beauty of this system is that it also presents a longer term perspective especially if you are engaging Humble Monkey for the long term.
  • Reporting & Documentation
    • This can vary from firm to firm depending on your setup and capabilities. As a baseline what we like to see are as follows;
      • Hardware audit – What’s on the network
      • Software audit – What’s in use in your environment
      • Mail Flow – Inbound and outbound with statistics
      • Monthly or weekly Firewall reports (if available)

In the end the combination presents a valuable picture to any audit process. In combination these present a very compelling argument that your firm is in control as befits a similar company in your specific field and size.

Name *

Email *

Service *