Reduce Risk with Regular System Audits
Print Issue: September 2018
Organizations should audit their security systems once a year to determine if their technologies and processes are optimal for their business. Companies can discover their strengths, weak- nesses, and gaps, as well as provide direction for the security department on necessary improvements.
The discoveries made during the audit process help companies improve their overall business, but it's imperative the chief security officer works closely with company executives and department heads to learn the goals of the entire business. The information gleaned from the process helps organizations create strong and effective security programs.
Here's how to discover gaps and gather security data to streamline business, improve security, and ultimately save money:
- Identify and invite key stakeholders to the audit and conduct a thorough review of all security systems and technologies. Determine what procedural or technology changes could augment business operations and save money.
- Review the interoperability of the technologies and systems in the security operations center. Examine all workflows during different scenarios. For example, opening multiple Excel spreadsheets to document and entering data into SharePoint slows workflow and is inefficient. What is the security officer missing while documenting in two places?
- Once workflows are mapped, identify gaps and create a corrective action plan. This includes identifying new technologies to close gaps and analyzing existing data to see how to streamline processes to save time and money.
Security Audit Use Cases
A data center, which was experiencing more alarms than its opera- tors could respond to, had to reference multiple systems (binders, spreadsheets, etc.) for instructions on what to do, who to contact, and so on. The audit showed the value of how an access control system with automated workflow would provide step-by-step guidelines for different alarms, streamlining the process.
A financial company using a homegrown system produced a 31 percent completion rate of quarterly access audits. An audit revealed how implementing an identity management system would automate the process, resulting in 100 percent completion of quarterly audits and saving hundreds of thousands of dollars.
During a satellite service provider audit, the head of HR learned that the security department had video footage of incidents providing a documented trail. HR staff had no idea security could assist them with their slip-and-fall and other injury-related incidents. As a result, the company established new processes that saved time and money.
Enlisting the help of your integrator and manufacturer can make the audit process less overwhelming because they know what questions to ask to help identify gaps. They can review processes objectively to help discover strengths and weaknesses, recommend solutions that fit the organization's overall security plan, and suggest priorities to help determine what to tackle and in what order.
Analyzing current systems and technologies, understanding the data collected and what to do with that data, and identifying gaps in your organization will help create a solid security plan moving forward. Work with a manufacturer and integrator to determine how to best optimize current systems and determine next steps. This best practice will mitigate risk, help meet compliance, and save money.
Kim Rahfaldt is director media relations at AMAG Technology.