-
Step 1
Define the audit scope and create a master asset list. An asset list is necessary in order to determine what assets need protection. The asset list should be comprised of tangible assets.
-
Step 2
Determine a security perimeter which is a physical and conceptual boundary. Your security audit will concentrate within this perimeter. The audit will ignore anything outside of the perimeter. The physical boundary is a tangible boundary such as a room or office. The conceptual boundary is the boundary that you decide in which your assets reside.
-
Step 3
Create a list common security threats. This list describes the security threats that each of your assets face. Knowing and understanding these threats is critical to protecting your assets. Some examples are unrestricted long distance calling and computer passwords.
-
Step 4
Prioritize your assets and their exposure to threats. After compiling a list of all assets and their security threats, you will be able to determine which assets are exposed to the biggest security threats. You will then be able to effectively assign the proper resources to protect those assets.
-
Step 5
Develop an effective security intrusion response plan. Using the priority list that was developed in the previous step, you will be able to document several responses to each security threat. Responses are the solutions that you will provide in order to deal with a security intrusion. Some examples are contracting with a service such as security surveillance to install a break-in detection system, installing file encryption software on a laptop to protect sensitive files.
