The Cyber Security Audit Program is part of a series of free tools for auditors to use to assess the cyber security status of their organizations. They were developed by CSE’s internal audit team, with support from the Canadian Centre for Cyber Security (Cyber Centre).
These tools are designed for auditors in both government and private sector organizations. No previous IT security audit knowledge is required for using the tools.
Please note that some tools reference the Government of Canada and federal departments. The tools were initially developed for government but can be used by all Canadian organizations.
Tool 1: Placemat
The placemat is a one-page overview of cyber security audit criteria and key sub-criteria. We recommend you review this placemat before viewing the other tools.
Tool 2: Audit guide
The audit guide compiles definitions of cyber security terms, an overview of a cyber security audit, and different audit types that auditors can conduct.
Tool 3: Preliminary survey tool (PST)
The preliminary survey tool (PST) assesses your organization’s overall cyber security status, which helps determine the focus of your audit.
Tool 4: Audit Program
The audit program is a detailed document outlining the audit criteria and sub-criteria for many types of cyber security audits. Auditors should use the document by following the audit guidance relevant to their organization.
Contact information
To access these tools, please contact the audit team at audit@cyber.gc.ca.