Hardening by Auditing: A Handbook for Measurably and Immediately Iimrpving the Security Management of Any Organization

Developing an internal auditing capability within an organization is as important to the continued success of that organization as any other initiative or process. An ＂audit＂ is a systematic, independent, and documented process for obtaining evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled. ＂Internal audits＂ are audits conducted by on behalf of the organization itself for internal purposes, and can form the basis of the organizations self-declaration of conformity or compliance. A well-planned, effective, internal auditing program should consider the relative importance of the processes and areas to be audited. Don’t waste time on the unimportant. The success of an organization is the sum of the effectiveness of Management authority, responsibility, and accountability. They are, in turn, the sum of the manner in which Management deals with the findings of the internal audits. The premise of this book and my reason for creating it is simple: 1. Our organizations (large and small - public and private) and, in fact, our lives are in danger from both physical and cyber-attacks, because we remain incredibly uneducated, unstructured, and vulnerable, when it comes to threats to our security. 2. Organizational Security can be upgraded profoundly through a well-developed program of internal and outside audits. This book stresses internal audits - those that you do by yourselves and within your walls. 3. Organizations can combine resources synergistically. That is, the whole of the effort will be greater than the sum of its parts. I have kept this work as compact as possible, so as to minimize reading time and maximize productivity. I write for no-nonsense CEOs, acquisition, security, and program managers in both the public and private sectors, with big responsibilities and limited resources. I refer often to four excellent ISO International Standards. They offer guidance for structuring effective management programs rapidly, regardless of whether or not organizations desire certification by accreditation bodies. I invite you to use my approach to Risk Management. You will find it an effective and uncomplicated method for developing and monitoring your strategic plans. Checklists and ＂quick-looks＂ can bring you up to speed fast. Using the checklists provided and taking prompt, positive, action on your findings will improve your security posture almost immediately, as well as boost your confidence to take on greater challenges.