Still, it can be frustrating and unhelpful to begin an investigation only to find out that a well-meaning firewall administrator pared down the amount of information that a device would store in its logs, penetration testing can identify security vulnerability and cannot ensure information compliance. For instance, audit trails should be periodically reviewed by operations management to detect any unauthorized network operations activities.
Want to check how your ISO IEC 27001 Lead Auditor Processes are performing? You don’t know what you don’t know. Find out with our ISO IEC 27001 Lead Auditor Self Assessment Toolkit: