Network auditing

---

I sometimes have to go to sites to carry out a network audit. This isn't a security audit such as a Penetration test but is more about assessing the setup of the network, servers and roles to recommend updates and changes that would help them perform better, improve redundancy consider DR and any other issues that come to mind. I also look at password policies etc and try to consider the elements of ISO 27001.

I'd be interested to know if anybody else does this type work and if so what they carry out (do they use a template), what tools they use and what they produce for the customer.

Thanks guys

@Mark-Sammon,

Hey, I was hoping that someone else would jump in and offer some expertise. Because the world is centered so much around the compliance issues of today, usually a defacto standard ends up being the key here.

In most of the major companies here in the US, we're seeing a push towards the ISACA CISA and CISM. They're a certifying organization that becoming if not already considered a defacto standard for auditing compliance.

Here's a link to their specific CISA page: http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Pages/default.aspx

Thanks Ronnie, I'll have a look at those

With no other responses, I've marked this as solved.