The Cyber Security Audit Program is part of a series of free tools for auditors to use to assess the cyber security status of their organizations. They were developed by CSE’s internal audit team, with support from the Canadian Centre for Cyber Security (Cyber Centre).
These tools are designed for auditors in both government and private sector organizations. No previous IT security audit knowledge is required for using the tools.
Please note that some tools reference the Government of Canada and federal departments. The tools were initially developed for government but can be used by all Canadian organizations.
The tools are to be downloaded and used in the following order. If you are unable to download or view any of these tools, please contact the audit team at firstname.lastname@example.org.
Tool 1: Placemat
The placemat is a one-page overview of cyber security audit criteria and key sub-criteria. We recommend you review this placemat before viewing the other tools.
Tool 2: Audit guide
The audit guide compiles definitions of cyber security terms, an overview of a cyber security audit, and different audit types that auditors can conduct.
Tool 3: Preliminary survey tool (PST)
The preliminary survey tool (PST) assesses your organization’s overall cyber security status, which helps determine the focus of your audit.
Tool 4: Audit Program
The audit program is a detailed document outlining the audit criteria and sub-criteria for many types of cyber security audits. Auditors should use the document by following the audit guidance relevant to their organization.
Briefings and contact information
CSE’s audit team is available to conduct briefings, either in-person or virtually, to explain the tools in greater detail. If your organization would like to have a briefing, please contact the audit team at email@example.com.
Please contact the team at this address for any other questions relating to the Cyber Security Audit Program.