AI Checklist Generator

From the makers of Manifestly Checklists

Email address

Home > IT security audit

IT security audit

Network Security

Firewall Configuration

Verify that firewall rules are properly configured and up to date.

Ensure that unnecessary ports are closed.

Check if default passwords for firewall access have been changed.

Intrusion Detection/Prevention System (IDS/IPS)

Confirm that IDS/IPS is functioning correctly.

Validate that the system is receiving regular updates for new threat signatures.

Review the configuration to ensure it aligns with security best practices.

Wireless Network Security

Assess if the wireless network is properly secured with strong encryption.

Test for any unauthorized access points.

Check if wireless network passwords are strong and regularly changed.

Virtual Private Network (VPN) Security

Verify that VPN connections are encrypted and properly authenticated.

Assess if VPN logs are regularly reviewed for potential security incidents.

Confirm that access to the VPN is limited to authorized users only.

System Security

Operating System Security

Review if operating systems are up to date with the latest patches.

Validate that unnecessary services and protocols are disabled.

Assess if user accounts have appropriate access levels and are regularly audited.

Password Policy

Evaluate the strength and complexity requirements of passwords.

Verify if password expiration and lockout policies are in place.

Assess if multi-factor authentication is enforced for critical systems.

Antivirus/Antimalware Protection

Confirm that antivirus software is installed on all systems.

Validate that antivirus definitions are regularly updated.

Test if regular scans are performed on all systems.

Backup and Disaster Recovery

Review backup procedures and policies.

Assess if backups are regularly performed and tested for data integrity.

Validate if offsite backups are maintained for disaster recovery purposes.

Application Security

Secure Software Development

Assess if secure coding practices are followed during application development.

Verify if code reviews and security testing are conducted before deployment.

Check if known vulnerabilities in third-party libraries or frameworks are patched.

Authentication and Authorization

Review if user authentication mechanisms are secure (e.g., strong passwords, multi-factor authentication).

Validate that access to sensitive data or functionalities is properly authorized.

Assess if session management controls are in place to prevent session hijacking.

Input Validation and Output Encoding

Verify if input data is properly validated to prevent common vulnerabilities (e.g., SQL injection, cross-site scripting).

Assess if output data is encoded correctly to prevent injection attacks.

Review if data transmitted over the network is encrypted to protect sensitive information.

Physical Security

Access Control

Evaluate physical access controls to server rooms and data centers.

Verify if access logs and surveillance systems are in place.

Assess the effectiveness of visitor management procedures.

Asset Tracking

Review if an asset management system is in place to track hardware and software inventory.

Validate if regular audits are performed to ensure the accuracy of asset records.

Assess if retired hardware undergoes secure disposal or data destruction.

Cable Management and Labeling

Verify if network cables are properly managed and labeled.

Assess if cable connections are secure and not easily accessible.

Confirm that network ports are disabled when not in use.

These steps provide a basic outline for an IT security audit checklist, but it is important to adapt and customize it based on the specific requirements and risks of your organization.

Download CSV Download JSON Download Markdown

Use in Manifestly

Hey there! Here's a little about us or visit our recurring workflow SaaS: Manifestly Checklists

Light Dark