Pre-audit checklist to ensure a smooth on-sight audit

  • Confirm all software (including Adobe, Java, etc) is fully up to date on all devices including servers. (May want to download a 7-day trial version of Nessus Professional for a Credentialed Patch Scan)
  • Remove all software that is rarely used on each device – old browsers such as Firefox are a common issue.
  • Ensure all devices including laptops have up to date AV engines and signature files – preferably using an enterprise management dashboard app.
  • Ensure all executable attachments are prevented from being delivered to the email client.
  • Ensure the AV plugin for each browser in use has been activated and updated.

The auditor will ask you to provide the following

  • A list of all devices (Firewalls, Servers, PCs, laptops, workstations, tablets and mobile phones) that are in scope with details of their current operating system. Please note, if Windows 10 is in use a registry edit will be required for these devices to allow the scans to run. I will provide further details on this at a later date if applicable.
  • A full user listing with details of who will be present on the day of the assessment, please include email addresses.
  • A consent form will be required prior to starting the on-site test and this will be prepared once the visit dates have been agreed.

The testing process includes the following tests

  • Confirmation of the devices to be tested
  • Scanning of devices to identify vulnerabilities using Nessus Professional scanning software – requires details of the admin credentials for each device
  • Observing and gathering evidence (screenshots) of how devices process emails with test attachments – access to user device required
  • Observing and gathering evidence of how devices handle downloads of file attachments from our test websites – access to user device required
  • Checking the installation and configuration of anti-virus software
Did this answer your question?