Plain Engish Cybersecurity Audit

This page will introduce and describe our Plain English Cybersecurity Audit Tool.
However, it will not present the entire product. Instead, it will explain our approach
and it will show you a detailed sample of our work (see PDF). Once you've studied
our audit approach, we hope you'll purchase our complete internal audit process.


Overview of NIST Framework

The Core of NIST'S Framework consists of the following five sets of
cybersecurity risk management functions that are common across sectors
and 
infrastructures and operate concurrently and continuously: Identify,
Protect, Detect, Respond, and Recover
. Each general function is broken
down into activities, which in turn, are broken down into tasks. When these
activities and tasks are being performed they are referred to as outcomes.

Purpose of Cybersecurity Audit

Our Plain English Audit Tool
will pinpoint the gaps that exist between
NISTís recommended cybersecurity risk management functions, activities,
tasks, and outcomes and your organizationís actual cybersecurity risk
management functions, activities, tasks, and outcomes
. Once youíve
identified the gaps, you can
develop and implement the cybersecurity
controls and risk management treatments
that your organization
needs in order to protect your organizationís critical infrastructure
and to
safeguard the health, safety, security, and privacy of
customers, employees, and other interested parties.

Our Audit Questionnaires

Since NISTís Cybersecurity Framework has five main sections, our audit
tool uses five questionnaires. These questionnaires will allow you to:
  • Assess how well your cybersecurity context is understood
  • Assess how well your cybersecurity assets are protected 
  • Assess how well your cybersecurity anomalies are detected 
  • Assess how well your cybersecurity responses are handled 
  • Assess how well your cybersecurity recovery is managed

Plain English Cybersecurity Audit Tool

Table of Contents (Title 61)

1

Introduction to Audit

3

2

Profile of Audit Project

6

3

Cybersecurity Audit Checklist

PDF

4

Summary of Cybersecurity Audit

13

ID

Assess How Well Context is Understood

14

PR

Assess How Well Assets are Protected

PDF

DE

Assess How Well Anomalies are Detected

59

RS

Assess How Well Response is Handled

69

RC

Assess How Well Recovery is Managed

83

 

Links to PDF Samples of our Audit Tool are in the right column of this table.

 
Our Audit Methodology

For each question, three answers are possible:
YES, NO, or N/A. YES
answers mean that you have implemented NISTís recommendations,
NO
answers mean that you have failed to do so, while
N/A answers mean that
questions arenít applicable in your case. NO answers identify gaps that exist
between NISTís cybersecurity risk management recommendations and your
organizationís cybersecurity risk management practices, while N/A answers
point to items that may be ignored or excluded.

Once youíve completed all five questionnaires, study your NO answers
and our questions and then use this information to formulate actions or
steps that need to be taken to improve your organizationís cybersecurity
risk management practices. Then use these details to prepare your own
unique
Cybersecurity Risk Management Improvement Plan.

Before you start your audit, please fill out the form entitled Profile of Audit
Project
(section 2, above). First record the name of the organization being
audited, its address, and a brief description of the actual
scope or focus
of the audit. Also record the names of your audit team members and your
start date. Once youíve completed the audit, use the same form to record
when the audit was finished, who reviewed the audit and when, and any
review comments (if any).

You can also summarize your audit results quantitatively if you wish
(see section 4, above). The idea here is to measure your organizationís
cybersecurity
performance. If you carry out regular audits, you can use
our audit tool to measure whether or not your
cybersecurity performance
is improving over time.

This is how it works. For each section of the audit, count the number of
YES responses and the number of NO responses and record the totals in
the form provided in section 4. To calculate the average performance score
for each section, simply divide the total YES answers by the total YES+NO
answers. To calculate the average score for the entire audit, do the same
for the grand totals.

Attention

Now that you understand our approach, please consider purchasing our
complete product: Title 61: Praxiom's Plain English Cybersecurity Audit tool.

If you purchase our audit tool
you'll find that it's integrated, detailed, exhaustive, and easy to understand. You'll find that we've worked hard to
create a high quality product. In fact, we guarantee the quality of our product.
Title 61 is 94 pages long and comes in pdf and Microsoft docx file formats.

See a detailed pdf sample of our Plain English Cybersecurity Audit Tool.

Place an Order 

Check our Prices

See our License


MORE CYBERSECURITY RESOURCES

Introduction to Cybersecurity Framework

Overview of NIST Cybersecurity Framework

Structure of NIST Cybersecurity Framework

Cybersecurity Framework in Plain English

How to Create Cybersecurity Program

Cybersecurity Implementation Tiers

Cybersecurity Privacy Principles

Cybersecurity Audit Checklist

Home Page

Our Library

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

PRAXIOM RESEARCH GROUP LIMITED
Phone: 780-461-4514 -
info@praxiom.com

Updated on April 3, 2020. First published on March 31, 2020.

Legal Restrictions on the Use of this Page
Thank you for visiting this web page. You are, of course, welcome to view our material as often
as you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2020 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research