Everything you ever wanted to know about security policy management, and much more.
We’ve reached the final frontier in our blog series on simplifying firewall audits and ensuring continuous compliance. A quick recap of the previous steps examined:
What’s possibly left to do from here? Make sure that all of the above is part of a continuous process. While a specific audit may be a once a year or twice a year type of event, you most likely must undergo multiple audits from different regulations, industry standards or internal requirements. As a best practice, you should always have a view of your risk and compliance posture as opposed to a point-in-time view.
Step 6: Ensure Ongoing Audit-Readiness
This final blog focuses on how to ensure the proper steps are in place to ensure continuous compliance when it comes to your firewall configurations. This means building audit-readiness into a business process that must be maintained over time. It can’t be just a checklist that is reviewed once or twice a year. Here are several things you should consider in terms of attaining “continuous compliance”:
A final consideration is that while this series has focused on firewalls, there are different types of firewalls (traditional, next-generation, etc.) as well as secure web gateways, VPNs and other security devices typically found within an organization’s network. Make sure that your audit process covers all of these devices as well. For a deeper examination of firewall audit best practices, you can download our whitepaper The Firewall Audit Checklist. Good luck on your next audit!
Receive notifications of new posts by email.