IT Security published list “10 Steps to Creating Your Own IT Security Audit”. They suggest: “If a security auditor isn’t in the budget, these 10 IT security audit tips will go a long way in empowering you to protect your business.”
It is really good guideline. Read full article here.
Note: I have to say that I’m not quite sure why this (in step 10) is so important from security point of view:
Internal Click Fraud: Education and Blocks. Many web-based businesses run advertising such as Google AdSense or Chitika to add an extra revenue stream. However, inappropriate clicking of the ads by employees or family can cause your account to be suspended. Make employees aware of such things, and prevent the company’s live website from being viewed internally.
Also, it seems that step 6 misses IDS (Intrusion Detection System) and classification of IPS (Intrusion Prevention System) can be more precise.