While having a cybersecurity plan in place is almost always of benefit to an organization, these plans often contains gaps or oversights which can lead to problems in the event of a cybersecurity incident, according to an article in TechRepublic. To help identify these potential gaps, many experts recommend the use of cybersecurity audits by independent auditing firms. These audits are intended to assist companies in evaluating and identifying the risks they face, and establish areas for improvement, whether via improved monitoring, regular testing, or ensuring proper third party review.
Steven Wertheim, president of SonMax Consultants, told TechRepublic of the importance of cybersecurity audits conducted by external parties, “Having an independent, objective view is a critical element in developing a complete picture of the incident. Work with the third-party vendor to conduct an annual security audit.”
Source:
https://www.techrepublic.com/article/why-cybersecurity-audits-are-essential-for-risk-management/
