What to ask for in a Cybersecurity Auditor ...
-
I've been asked to get a few quotes for a cyber security audit. Apparently the cyber insurance coverage that we've been carrying is going to require an audit prior to allowing us to renew the coverage when the current policy term expires later this year.
What are some things I should make sure to inquire about from perspective auditor vendors to make sure we cover as much bases as possible?
Any other tips or suggestions would also be appreciated.
Thanks.
-
@braswelljay Check with the insurance carrier to see if there's any credentials / certifications etc that they require your auditing company to have. It'd suck to go through the audit only to find out that it didn't meet the insurance company's requirements.
-
@notverypunny said in What to ask for in a Cybersecurity Auditor ...:
@braswelljay Check with the insurance carrier to see if there's any credentials / certifications etc that they require your auditing company to have. It'd suck to go through the audit only to find out that it didn't meet the insurance company's requirements.
I agree. Make sure the audit meets insurance requirements.
-
I'm dealing with something similar. While they don't require an audit, they are requiring a list of items be done. I plan to work with them closely to make sure the options we choose fulfill their requirements.
-
Let us know if you find a competent auditor. I've worked in IT for quite a few years and have yet to meet/find a decent auditor.
-
@travisdh1 said in What to ask for in a Cybersecurity Auditor ...:
Let us know if you find a competent auditor. I've worked in IT for quite a few years and have yet to meet/find a decent auditor.
Do you want competence? Or do you want an auditor? You need to choose.
-
@braswelljay said in What to ask for in a Cybersecurity Auditor ...:
What are some things I should make sure to inquire about from perspective auditor vendors to make sure we cover as much bases as possible?
Really "will it be covered by your insurance" and "how much does it cost" are all that matter. Insurance audits have little to no purpose outside of the insurance aspect of it. They aren't about security or good practice or anything of the sort. Don't want resources trying to find a unicorn that doesn't exist. Just make your insurance people happy.
-
@scottalanmiller said in What to ask for in a Cybersecurity Auditor ...:
@travisdh1 said in What to ask for in a Cybersecurity Auditor ...:
Let us know if you find a competent auditor. I've worked in IT for quite a few years and have yet to meet/find a decent auditor.
Do you want competence? Or do you want an auditor? You need to choose.
Exactly, lol!
