Cyber Security Audit Program

 

The Cyber Security Audit Program is part of a series of free tools for auditors to use to assess the cyber security status of their organizations. They were developed by CSE’s internal audit team, with support from the Canadian Centre for Cyber Security (Cyber Centre).

These tools are designed for auditors in both government and private sector organizations. No previous IT security audit knowledge is required for using the tools.

Please note that some tools reference the Government of Canada and federal departments. The tools were initially developed for government but can be used by all Canadian organizations.

The tools are to be downloaded and used in the following order. If you are unable to download or view any of these tools, please contact the audit team at audit@cyber.gc.ca.

Tool 1: Placemat

The placemat is a one-page overview of cyber security audit criteria and key sub-criteria. We recommend you review this placemat before viewing the other tools.

Download the placemat

Tool 2: Audit guide

The audit guide compiles definitions of cyber security terms, an overview of a cyber security audit, and different audit types that auditors can conduct.

Download the audit guide

Tool 3: Preliminary survey tool (PST)

The preliminary survey tool (PST) assesses your organization’s overall cyber security status, which helps determine the focus of your audit.

Download the PST

Tool 4: Audit Program

The audit program is a detailed document outlining the audit criteria and sub-criteria for many types of cyber security audits. Auditors should use the document by following the audit guidance relevant to their organization.

Download the Audit Program

Briefings and contact information

CSE’s audit team is available to conduct briefings, either in-person or virtually, to explain the tools in greater detail. If your organization would like to have a briefing, please contact the audit team at audit@cyber.gc.ca.

Please contact the team at this address for any other questions relating to the Cyber Security Audit Program.

Date modified: