Periodic security audits must be a part of any proper security plan. The audit must include the following steps, at a minimum:
- Check for appropriate security policies.
- Check to see that all systems have updated patches for the operating system and applications. Also check to see whether a patch management plan is in place and documented.
- Check physical security.
- Probe the system using port scanners and other software to detect and correct any flaws.
- Document the specific steps taken in the security audit, any flaws found, and any corrective actions that were taken or are recommended.